path: root/data/CVE/list

CVE-2007-2797
	RESERVED
CVE-2007-2796
	RESERVED
CVE-2007-2795
	RESERVED
CVE-2007-2794
	RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
	TODO: check
CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
	TODO: check
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
	TODO: check
CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...)
	TODO: check
CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...)
	TODO: check
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...)
	TODO: check
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...)
	TODO: check
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...)
	TODO: check
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...)
	TODO: check
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...)
	TODO: check
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...)
	TODO: check
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...)
	TODO: check
CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
	TODO: check
CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...)
	TODO: check
CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...)
	TODO: check
CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...)
	TODO: check
CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...)
	TODO: check
CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...)
	TODO: check
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
	TODO: check
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
	TODO: check
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
	TODO: check
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
	TODO: check
CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...)
	TODO: check
CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
	TODO: check
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
	TODO: check
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
	TODO: check
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
	TODO: check
CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
	TODO: check
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
	TODO: check
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
	TODO: check
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
	TODO: check
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
	TODO: check
CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier ...)
	TODO: check
CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 ...)
	TODO: check
CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the ...)
	TODO: check
CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted ...)
	TODO: check
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
	TODO: check
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
	TODO: check
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
	TODO: check
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
	- freetype <unfixed> (bug filed)
CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
	TODO: check
CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...)
	TODO: check
CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 ...)
	TODO: check
CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and ...)
	TODO: check
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...)
	TODO: check
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
	TODO: check
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
	TODO: check
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
	TODO: check
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...)
	TODO: check
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...)
	TODO: check
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...)
	TODO: check
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...)
	TODO: check
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows ...)
	TODO: check
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
	TODO: check
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...)
	TODO: check
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...)
	TODO: check
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...)
	TODO: check
CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...)
	TODO: check
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...)
	TODO: check
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...)
	TODO: check
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...)
	TODO: check
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	TODO: check
CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might ...)
	TODO: check
CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test ...)
	TODO: check
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
	TODO: check
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
	TODO: check
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
	TODO: check
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
	TODO: check
CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...)
	TODO: check
CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
	TODO: check
CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...)
	TODO: check
CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...)
	TODO: check
CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...)
	TODO: check
CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
	TODO: check
CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
	TODO: check
CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in ...)
	TODO: check
CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
	TODO: check
CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c ...)
	TODO: check
CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on &quot;operating systems that only ...)
	TODO: check
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
	NOT-FOR-US: Akismet
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...)
	NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows ...)
	NOT-FOR-US: TinyIdentD
CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt ...)
	NOT-FOR-US: News-Script
CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php ...)
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...)
	NOT-FOR-US: Geeklog
CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA ...)
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT ...)
	- mysql-dfsg-5.0 <not-affected> (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (bug #424830)
	[sarge] - mysql-dfsg <not-affected>
CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x ...)
	- mysql-dfsg-5.0 <unfixed> (bug #424778)
	[sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
	[sarge] - mysql-dfsg <not-affected>
	NOTE: the CVE says it's fixed in 5.0.40, but 5.0.41 is vulnerable
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...)
	- mysql-dfsg-5.0 <unfixed> (bug #424778)
	[sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
	[sarge] - mysql-dfsg <not-affected>
CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...)
	NOT-FOR-US: ISS
CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain ...)
	NOT-FOR-US: Check Point
CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...)
	NOT-FOR-US: Cisco
CVE-2007-2687
	RESERVED
CVE-2007-2686
	RESERVED
CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...)
	TODO: check
CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
	TODO: check
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute ...)
	- mutt <unfixed> (low)
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...)
	TODO: check
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...)
	TODO: check
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...)
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...)
	NOT-FOR-US: Netsprint
CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess ...)
	NOT-FOR-US: phpChess
CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open ...)
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...)
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in censura.php in Censura 1.15.04 allows ...)
	NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
	TODO: check
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...)
	NOT-FOR-US: PHPChain
CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to ...)
	NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
	NOT-FOR-US: VImpX
CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
	NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...)
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...)
	NOT-FOR-US: Yaap
CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...)
	NOT-FOR-US: Beacon
CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote ...)
	NOT-FOR-US: EfesTECH
CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows ...)
	NOT-FOR-US: BlogMe
CVE-2007-2660 (** DISPUTED ** ...)
	NOT-FOR-US: PhpConcept
CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...)
	NOT-FOR-US: ID Automation
CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ...)
	NOT-FOR-US: HP
CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...)
	NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure ...)
	TODO: check
CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...)
	TODO: check
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
	NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...)
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...)
	TODO: check
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...)
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...)
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...)
	NOT-FOR-US: MonAlbum
CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted ...)
	NOT-FOR-US: yEnc32
CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in ...)
	- libexif <unfixed> (bug #424775)
CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional ...)
	NOT-FOR-US: Morovia
CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...)
	NOT-FOR-US: maGAZIn
CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 ...)
	NOT-FOR-US: R2K Gallery
CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard ...)
	NOT-FOR-US: W1L3D4
CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid &quot;trivial ...)
	NOT-FOR-US: LibTMCG
CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote ...)
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: eFileCabinet
CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...)
	- moin 1.5.7-2 (low)
CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote ...)
	NOT-FOR-US: phpTodo
CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote ...)
	- interchange 5.4.2-1 (low)
CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in ...)
	NOT-FOR-US: aForum
CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows ...)
	NOT-FOR-US: H-Sphere
CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...)
	NOT-FOR-US: phpMUR
CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail ...)
	TODO: check
CVE-2007-2630 (Incomplete blacklist vulnerability in ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) ...)
	NOT-FOR-US: Bradford
CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in ...)
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...)
	- wordpress <unfixed> (low)
CVE-2007-2626 (** DISPUTED ** ...)
	NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit ...)
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier ...)
	NOT-FOR-US: TaskDriver
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 ...)
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
	NOT-FOR-US: Jakub Steiner (aka jimmac) original 
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu ...)
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in ...)
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 ...)
	NOT-FOR-US: CGX
CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and ...)
	NOT-FOR-US: OpenLD
CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 ...)
	NOT-FOR-US: gnuedu
CVE-2007-2608 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Miplex2
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
	NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
	TODO: check
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)
	NOT-FOR-US: FlexLabel
CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...)
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith ...)
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS ...)
	NOT-FOR-US: telltarget CMS
CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum ...)
	NOT-FOR-US: aForum
CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...)
	NOT-FOR-US: RSAuction
CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in ...)
	NOT-FOR-US: phpMyPortal
CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia ...)
	NOT-FOR-US: Nokia
CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	- squirrelmail 2:1.4.10a-1 (low)
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...)
	- wu-ftpd 2.6.2-26 (bug #425162) 
CVE-2006-XXXX [PHP SOAP Extension HTTP Authentication Weak Nonce]
	NOTE: see http://secunia.com/advisories/25306/
	- php5 <unfixed> (low)
	- php4 <not-affected> (no soap functions in php4)
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 ...)
	- linux-2.6 <unfixed> (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...)
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-2586 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz ...)
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...)
	- mysql-dfsg-5.0 <unfixed> (low)
	NOTE: http://bugs.mysql.com/bug.php?id=27513
CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
	NOT-FOR-US: Safari
CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
	NOT-FOR-US: ACP3
CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in ...)
	NOT-FOR-US: ACP3
CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
	NOT-FOR-US: ACP3
CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ...)
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm ...)
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog ...)
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in ...)
	NOT-FOR-US: PHPtree
CVE-2007-2572 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...)
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in ...)
	NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
	NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
	TODO: check
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...)
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...)
	NOT-FOR-US: fipsCMS
CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 ...)
	NOT-FOR-US: ACGVannu
CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart ...)
	NOT-FOR-US: american cart
CVE-2007-2558 (** DISPUTED ** ...)
	NOT-FOR-US: pfa CMS
CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, ...)
	NOT-FOR-US: Mambo
CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote ...)
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...)
	NOT-FOR-US: Podium CMS
CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
	NOT-FOR-US: Newspower
CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 ...)
	NOT-FOR-US: CubeCart
CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 ...)
	NOT-FOR-US: SMF
CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS ...)
	NOT-FOR-US: Persism
CVE-2007-2544 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TopTree BBS
CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
	NOT-FOR-US: XOOPS
CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench ...)
	NOT-FOR-US: workbench survival guide
CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php ...)
	NOT-FOR-US: Versado
CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and ...)
	NOT-FOR-US: PMECMS
CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote ...)
	NOT-FOR-US: RunCms
CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms ...)
	NOT-FOR-US: RunCms
CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 ...)
	NOT-FOR-US: NPDS
CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: Picozip
CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: WinAce
CVE-2007-2534 (** DISPUTED ** ...)
	NOT-FOR-US: phpHoo3
CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen ...)
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in ...)
	NOT-FOR-US: Berylium2
CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm ...)
	NOT-FOR-US: Tropicalm
CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 ...)
	NOT-FOR-US: Solaris 10
CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD ...)
	NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPPoE socket implementation in the Linux kernel ...)
	- linux-2.6 <unfixed>
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
	- otrs2 <unfixed> (bug #423524)
CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 ...)
	NOT-FOR-US: E-GADS!
CVE-2007-2520
	RESERVED
CVE-2007-2519
	RESERVED
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514
	RESERVED
CVE-2007-2513
	RESERVED
CVE-2007-2512
	RESERVED
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
	{DSA-1295-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...)
	{DSA-1295-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
	NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...)
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...)
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...)
	NOT-FOR-US: MailCOPA
CVE-2007-2504 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...)
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...)
	NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...)
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...)
	NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...)
	NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...)
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...)
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...)
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...)
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ &amp; RULES ...)
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...)
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...)
	NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...)
	NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...)
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
	NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...)
	NOT-FOR-US: Mambo
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <unfixed> (low; bug #422354)
	[etch] - schroot <not-affected> (Only exploitable in unstable)
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...)
	- asterisk <unfixed> (low)
	NOTE: ASA-2007-013
CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...)
	- linux-2.6 <unfixed> (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477 (** DISPUTED ** ...)
	NOT-FOR-US: phpMyChat
CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before ...)
	NOT-FOR-US: Novell
CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...)
	NOT-FOR-US: Novell
CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard ...)
	NOT-FOR-US: Sendcard
CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FileRun
CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier ...)
	NOT-FOR-US: FileRun
CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...)
	NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FireFly
CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 ...)
	- libimager-perl <unfixed> (medium; bug #421582)
	NOTE: http://rt.cpan.org/Ticket/Display.html?id=26811
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 ...)
	NOT-FOR-US: FireFly
CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual ...)
	NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
	NOT-FOR-US: Parallels
CVE-2007-2453
	RESERVED
CVE-2007-2452
	RESERVED
CVE-2007-2451
	RESERVED
CVE-2007-2450
	RESERVED
CVE-2007-2449
	RESERVED
CVE-2007-2448
	RESERVED
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...)
	{DSA-1291-2}
	- samba 3.0.25-1 (high)
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in ...)
	{DSA-1291-2}
	- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
	- libpng 1.2.15~beta5-2 (unimportant)
	- libpng3 <unfixed> (unimportant)
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
	{DSA-1291-2}
	- samba 3.0.25-1
CVE-2007-2443
	RESERVED
CVE-2007-2442
	RESERVED
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	TODO: check
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
	TODO: check
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	TODO: check
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
	- vim <unfixed> (medium)
	NOTE: Exploitable through modelines.
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue 
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
	NOTE: duplicate of CVE-2007-1861
CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...)
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows ...)
	NOT-FOR-US: Aventail Connect
CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
	NOT-FOR-US: Ariadne
CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in ...)
	NOT-FOR-US: Nukedit
CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: TCExam
CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote ...)
	NOT-FOR-US: TCExam
CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to ...)
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in ...)
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
	NOT-FOR-US: pnFlashGames
CVE-2007-2426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: myGallery
CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 ...)
	NOT-FOR-US: Imageview
CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The ...)
	NOT-FOR-US: The Merchant
CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin ...)
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422 (** DISPUTED ** ...)
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
	- tomcat5 <unfixed> (low)
	- tomcat5.5 <unfixed> (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2007-2419
	RESERVED
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417
	RESERVED
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
	NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: MyServer
CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...)
	- libimager-perl <unfixed> (bug #421582)
CVE-2007-2412 (** DISPUTED ** ...)
	NOT-FOR-US: Seir Anphin
CVE-2007-2411 (** DISPUTED ** ...)
	NOT-FOR-US: Sphider
CVE-2007-2410
	RESERVED
CVE-2007-2409
	RESERVED
CVE-2007-2408
	RESERVED
CVE-2007-2407
	RESERVED
CVE-2007-2406
	RESERVED
CVE-2007-2405
	RESERVED
CVE-2007-2404
	RESERVED
CVE-2007-2403
	RESERVED
CVE-2007-2402
	RESERVED
CVE-2007-2401
	RESERVED
CVE-2007-2400
	RESERVED
CVE-2007-2399
	RESERVED
CVE-2007-2398
	RESERVED
CVE-2007-2397
	RESERVED
CVE-2007-2396
	RESERVED
CVE-2007-2395
	RESERVED
CVE-2007-2394
	RESERVED
CVE-2007-2393
	RESERVED
CVE-2007-2392
	RESERVED
CVE-2007-2391
	RESERVED
CVE-2007-2390
	RESERVED
CVE-2007-2389
	RESERVED
CVE-2007-2388
	RESERVED
CVE-2007-2387
	RESERVED
CVE-2007-2386
	RESERVED
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
	TODO: check yui
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
	TODO: check glpi knowledgeroot mt-daapd op-panel python-webhelpers qwik rails wordpress
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress 
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
	TODO: check python-paste
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: jQuery framework
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
	NOT-FOR-US: Google Web Toolkit (GWT)
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
	NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
	NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
	NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements ...)
	NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
	NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
	NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
	{DTSA-36-1}
	- mydns 1:1.1.0-8
CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
	NOT-FOR-US: Symantec
CVE-2007-2358 (** DISPUTED ** ...)
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
	NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
	- gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...)
	NOT-FOR-US: freePBX
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...)
	- lftp <unfixed> (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...)
	NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
	NOT-FOR-US: PHP-Generics
CVE-2007-2345 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBrowse
CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight ...)
	NOT-FOR-US: Enterasys
CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys ...)
	NOT-FOR-US: Enterasys
CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...)
	NOT-FOR-US: phpBandManager
CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phporacleview
CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...)
	NOT-FOR-US: Phorum
CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Phorum
CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader ...)
	NOT-FOR-US: Lunascape
CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
	NOT-FOR-US: PureTLS
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
	NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...)
	NOT-FOR-US: DynaTracker
CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in ...)
	NOT-FOR-US: Searchactivity
CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...)
	NOT-FOR-US: phpMYTGP
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...)
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
	TODO: check smarty, moodle, gallery2
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...)
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...)
	NOT-FOR-US: JulmaCMS
CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...)
	NOT-FOR-US: InterVideo
CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows ...)
	NOT-FOR-US: Nero
CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...)
	NOT-FOR-US: SilverStripe
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...)
	NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...)
	- filezilla <unfixed> (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...)
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311 (** DISPUTED ** ...)
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...)
	NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...)
	NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...)
	NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...)
	NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...)
	NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...)
	NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...)
	NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...)
	NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...)
	- asterisk 1:1.4.3~dfsg-1 (high; bug #420864)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
	- asterisk 1:1.4.3~dfsg-1 (low)
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
	- asterisk 1:1.4.3~dfsg-1 (high)
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
	- iceweasel (low)
	- firefox <removed> (low)
	- mozilla <removed> (low)
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...)
	NOT-FOR-US: doruk100net
CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 ...)
	NOT-FOR-US: comus
CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...)
	NOT-FOR-US: Built2Go
CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...)
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote ...)
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote ...)
	NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
	NOT-FOR-US: Cisco
CVE-2007-2281
	RESERVED
CVE-2007-2280
	RESERVED
CVE-2007-2279
	RESERVED
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...)
	NOT-FOR-US: Plogger
CVE-2007-2276 (** DISPUTED ** ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced ...)
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in ...)
	NOT-FOR-US: wavewoo
CVE-2007-2272 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS ...)
	NOT-FOR-US: TotaRam
CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 ...)
	NOT-FOR-US: Sun Cluster
CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...)
	NOT-FOR-US: YA Book
CVE-2007-2264
	RESERVED
CVE-2007-2263
	RESERVED
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...)
	- tomcat5.5 5.5.17-1 (low)
CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
	- tomcat5.5 5.5.15-1 (low)
CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: jmuffin
CVE-2007-2261 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: C-Arbre
CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
	NOT-FOR-US: bibtex mase
CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...)
	NOT-FOR-US: EsForum
CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in ...)
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...)
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 ...)
	NOT-FOR-US: TJSChat
CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and ...)
	NOT-FOR-US: Xaraya
CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain ...)
	NOT-FOR-US: Phorum
CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...)
	NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...)
	NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3 allow ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...)
	- openssh <unfixed> (low)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
	- linux-2.6 <unfixed> (low; bug #421595)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 ...)
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240
	RESERVED
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
	RESERVED
CVE-2007-2237
	RESERVED
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to ...)
	NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 ...)
	NOT-FOR-US: PunBB
CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly ...)
	NOT-FOR-US: PunBB
CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote ...)
	NOT-FOR-US: CoSign
CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...)
	NOT-FOR-US: CoSign
CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in ...)
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote ...)
	NOT-FOR-US: CA Clever Path
CVE-2007-2229
	RESERVED
CVE-2007-2228
	RESERVED
CVE-2007-2227
	RESERVED
CVE-2007-2226
	RESERVED
CVE-2007-2225
	RESERVED
CVE-2007-2224
	RESERVED
CVE-2007-2223
	RESERVED
CVE-2007-2222
	RESERVED
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	RESERVED
CVE-2007-2219
	RESERVED
CVE-2007-2218
	RESERVED
CVE-2007-2217
	RESERVED
CVE-2007-2216
	RESERVED
CVE-2007-2215
	RESERVED
CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...)
	NOT-FOR-US: DmCMS
CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...)
	NOT-FOR-US: WS_FTP
CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...)
	NOT-FOR-US: Netsprint
CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...)
	NOT-FOR-US: AccuSoft
CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...)
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board ...)
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...)
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...)
	NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...)
	NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...)
	NOT-FOR-US: Joomla
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
	NOT-FOR-US: NeatUpload
CVE-2007-2196 (** DISPUTED ** ...)
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
	NOT-FOR-US: Alvaro's Messenger
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...)
	NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
	NOT-FOR-US: ACDSee
CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...)
	NOT-FOR-US: Photofiltre
CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...)
	NOT-FOR-US: freePBX
CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...)
	NOT-FOR-US: Eba News
CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...)
	NOT-FOR-US: eXtremail
CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows ...)
	NOT-FOR-US: eXtremail
CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxit Reader
CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b ...)
	NOT-FOR-US: Supasite
CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
	NOT-FOR-US: jchit
CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
	NOT-FOR-US: WEBInsta
CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...)
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...)
	NOT-FOR-US: Sharity
CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...)
	- iceweasel <unfixed> (low)
CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...)
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be used ...)
	- linux-2.6 <unfixed> (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...)
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
	NOT-FOR-US: AimStats
CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...)
	NOT-FOR-US: AimStats
CVE-2007-2166 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...)
	- proftpd 1.3.0-22 (low)
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...)
	NOT-FOR-US: jGallery
CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...)
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cabron Connector
CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...)
	NOT-FOR-US: @Mail
CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...)
	NOT-FOR-US: McAfee
CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b ...)
	NOT-FOR-US: BlueArc
CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores ...)
	NOT-FOR-US: Chatness
CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in ...)
	NOT-FOR-US: Chatness
CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...)
	NOT-FOR-US: Chatness
CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...)
	NOT-FOR-US: JoomlaPack
CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...)
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php ...)
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
	NOT-FOR-US: ShoutPro
CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...)
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
	NOT-FOR-US: Tivoli
CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...)
	NOT-FOR-US: Oracle
CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards ...)
	NOT-FOR-US: Oracle
CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital ...)
	NOT-FOR-US: Oracle
CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has ...)
	NOT-FOR-US: Oracle
CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...)
	NOT-FOR-US: Oracle
CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle
CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component ...)
	NOT-FOR-US: Oracle
CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component ...)
	NOT-FOR-US: Oracle
CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in ...)
	NOT-FOR-US: Oracle
CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
	NOT-FOR-US: Oracle
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
	- tomcat5.5 5.5.20-1 (low)
	- tomcat5 <unfixed> (low)
	- tomcat4 <removed> (low)
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
	- tomcat5.5 5.5.20-1 (low)
	- tomcat5 <unfixed> (low)
	- tomcat4 <removed> (low)
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [unspecified vulnerability in Clamav's PDF parser]
	- clamav 0.90.2-1 (unimportant; bug #418849)
	NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	- git-core 1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...)
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...)
	NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...)
	NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...)
	NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097 (** DISPUTED ** ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...)
	NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...)
	NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...)
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...)
	- sitebar <unfixed>
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...)
	NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...)
	NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 ...)
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...)
	NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...)
	NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
	NOT-FOR-US: XAMPP
CVE-2007-2078 (** DISPUTED ** ...)
	NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...)
	NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...)
	NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072 (** DISPUTED ** ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...)
	NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
	NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is ...)
	NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
	NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...)
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...)
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...)
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 <unfixed> (bug #416934; low)
	- python2.3 <unfixed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
	NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
	NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...)
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...)
	NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...)
	NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...)
	NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...)
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
	NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
	NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...)
	NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...)
	NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
	NOT-FOR-US: 3proxy
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
	- lha <unfixed> (low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
	- freeradius <unfixed> (low)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
	- file 4.20-6 (low)
	[etch] - file <no-dsa> (Hardly any security impact)
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	- phpwiki <unfixed> (unknown)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	- phpwiki <unfixed> (unknown)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and ...)
	- flashplayer-mozilla <unfixed> (unknown)
	[sarge] - flashplayer-mozilla <no-dsa> (Non-free not supported)
	[etch] - flashplayer-mozilla <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020 (** DISPUTED ** ...)
	NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...)
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...)
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...)
	NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...)
	NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...)
	NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
	NOT-FOR-US: DeskPro
CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
	NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...)
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
	NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...)
	NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
	NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...)
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
	NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
	NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987 (** DISPUTED ** ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...)
	NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
	NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...)
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...)
	NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...)
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...)
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...)
	NOT-FOR-US: holaCMS
CVE-2007-1976 (** DISPUTED ** ...)
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...)
	NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
	NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972 (** DISPUTED ** ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2006-7194 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agora
CVE-2006-7193 (** DISPUTED ** ...)
	NOT-FOR-US: disputed (SMARTY_DIR is a constant)
CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
	NOT-FOR-US: Half-Life
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
	- iceweasel <unfixed> (low)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
	NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1967 (** DISPUTED ** ...)
	NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...)
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
	- tinymux <unfixed>
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...)
	- tinymux <unfixed>
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...)
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...)
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...)
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...)
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...)
	NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...)
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...)
	NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...)
	NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...)
	NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...)
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...)
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...)
	NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
	NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, ...)
	NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
	NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
	NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...)
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924 (** DISPUTED ** ...)
	NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...)
	NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
	NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...)
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...)
	NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...)
	NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...)
	NOT-FOR-US: SonicBB
CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote ...)
	NOT-FOR-US: SonicBB
CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SonicBB
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899
	RESERVED
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send ...)
	TODO: check
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...)
	NOT-FOR-US: Akamai
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...)
	NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
	- sqlite <unfixed> (medium)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
	{DSA-1283-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: VMware
CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest ...)
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows ...)
	NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
	NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...)
	NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...)
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...)
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
	NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865
	RESERVED
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
	- php4 <unfixed>
	- php5 5.2.2-1
CVE-2007-1863
	RESERVED
CVE-2007-1862
	RESERVED
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860
	RESERVED
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
	- xscreensaver <unfixed> (low)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...)
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <unfixed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852 (** DISPUTED ** ...)
	NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...)
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...)
	NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...)
	NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
	NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
	- ipsec-tools <unfixed> (medium)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
	NOT-FOR-US: Microsoft ASP .NET Framework
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...)
	- net-snmp 5.2.2-1 (medium)
CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does not ...)
	[sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
	NOT-FOR-US: CodeBB
CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...)
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...)
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836 (The command line administration interface in Data Domain OS before ...)
	NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
	NOT-FOR-US: WebAPP
CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
	NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...)
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
	NOT-FOR-US: Nortel Networks
CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control ...)
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...)
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...)
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...)
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...)
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BT-Sondage
CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...)
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...)
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...)
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
	- pulseaudio <unfixed> (medium)
CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
	NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
	NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	- ktorrent <unfixed> (medium)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
	- imagemagick <unfixed> (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
	NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792
	RESERVED
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...)
	NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or &quot;set to a low ...)
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Time-Assistant
CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...)
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	RESERVED
CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...)
	{DSA-1287-1}
	- ldap-account-manager 1.0.0-1 (medium)
CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
	NOT-FOR-US: WebAPP
CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...)
	NOT-FOR-US: WebAPP
CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...)
	NOT-FOR-US: WebAPP
CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...)
	NOT-FOR-US: WebAPP
CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...)
	NOT-FOR-US: WebAPP
CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...)
	NOT-FOR-US: CMSmelborp
CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...)
	NOT-FOR-US: Exhibit Engine
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
	NOT-FOR-US: CruiseWorks
CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
	NOT-FOR-US: Minna De Office
CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...)
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-1 (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
	NOT-FOR-US: D4J eZine
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
	NOT-FOR-US: JBrowser
CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...)
	NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...)
	NOT-FOR-US: ArcSDE
CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 ...)
	NOT-FOR-US: Mephisto
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Mephisto
CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...)
	NOT-FOR-US: AOL
CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
	- iceweasel <unfixed> (low)
CVE-2007-1761
	RESERVED
CVE-2007-1760
	RESERVED
CVE-2007-1759
	RESERVED
CVE-2007-1758
	RESERVED
CVE-2007-1757
	RESERVED
CVE-2007-1756
	RESERVED
CVE-2007-1755
	RESERVED
CVE-2007-1754
	RESERVED
CVE-2007-1753
	RESERVED
CVE-2007-1752
	RESERVED
CVE-2007-1751
	RESERVED
CVE-2007-1750
	RESERVED
CVE-2007-1749
	RESERVED
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for ...)
	NOT-FOR-US: VMware
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
	NOT-FOR-US: TrueCrypt
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
	NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
	- iceweasel <unfixed> (low)
CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732 (** DISPUTED ** ...)
	- wordpress 2.1.3-1
CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
	NOT-FOR-US: hpaftpd
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
	- linux-2.6 <unfixed> (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
	NOT-FOR-US: Flexbb
CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...)
	NOT-FOR-US: IceBB
CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...)
	NOT-FOR-US: ReactOS
CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: IronMail
CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...)
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...)
	NOT-FOR-US: C-Arbre
CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
	NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 <unfixed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
	NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
	NOT-FOR-US: CcCounter
CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
	NOT-FOR-US: BASP21
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 <unfixed> (unimportant)
	- php5 5.2.0-9 (unimportant)
	NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
	NOT-FOR-US: ttCMS
CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...)
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...)
	NOT-FOR-US: eWebQuiz
CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...)
	NOT-FOR-US: Active Trade
CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...)
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
	NOT-FOR-US: Flatmenu
CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
	{DSA-1283-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version
CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Philex
CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...)
	NOT-FOR-US: Philex
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
	NOT-FOR-US: Active Newsletter
CVE-2007-1695 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...)
	- yate 1.2.0-1.dfsg-1 (medium; bug #421994)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
	NOT-FOR-US: Microsoft
CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...)
	TODO: check
CVE-2007-1688
	RESERVED
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685
	RESERVED
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...)
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...)
	NOT-FOR-US: IncrediMail
CVE-2007-1682
	RESERVED
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679 (** DISPUTED ** ...)
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
	- zoo 2.10-19 (bug #424686)
	- unzoo <unfixed> (bug #424690)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
	NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
	NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...)
	NOT-FOR-US: Panda
CVE-2007-1669 (Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, ...)
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
	NOT-FOR-US: IDA Pro
CVE-2007-1665
	RESERVED
	- ekg 1:1.7~rc2-2
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664
	RESERVED
	- ekg 1:1.7~rc2-2
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663
	RESERVED
	- ekg 1:1.7~rc2-2
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662
	RESERVED
CVE-2007-1661
	RESERVED
CVE-2007-1660
	RESERVED
CVE-2007-1659
	RESERVED
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...)
	- tinymux <unfixed>
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...)
	NOT-FOR-US: ne7ssh
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
	NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
	- php5 <unfixed>
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
	- moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
	NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
	NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...)
	NOT-FOR-US: PortailPHP
CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...)
	NOT-FOR-US: ClassWeb
CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...)
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...)
	NOT-FOR-US: Splatt Forum
CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...)
	NOT-FOR-US: webCMS
CVE-2007-1631 (** DISPUTED ** ...)
	NOT-FOR-US: CLBOX
CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Link Engine
CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
	NOT-FOR-US: Study planner
CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and ...)
	NOT-FOR-US: php-revista
CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...)
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
	- zziplib <unfixed> (low)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
	NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...)
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...)
	NOT-FOR-US: NewsGlue
CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601 (** DISPUTED ** ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
	- wordpress <unfixed> (low)
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...)
	NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
	- asterisk <unfixed> (low)
CVE-2007-1593
	RESERVED
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
	NOT-FOR-US: Trend Micro
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
	NOT-FOR-US: MNews
CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS ...)
	NOT-FOR-US: Morcego CMS
CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
	- sendmail <not-affected> (Not a program flaw, a DNS error)
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
	- sendmail <not-affected> (Debian compiles with FFR_TLS correctly)
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
	NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
	NOT-FOR-US: Truecrypt
CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling ...)
	NOT-FOR-US: MyServer
CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows ...)
	NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...)
	NOT-FOR-US: Zyxel
CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware ...)
	NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (medium)
	- php4 <unfixed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...)
	NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...)
	NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...)
	NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
	NOT-FOR-US: Haber Sistemi
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...)
	NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...)
	NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...)
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...)
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...)
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...)
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio ...)
	NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
	NOT-FOR-US: No practical security implications
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
	NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
	NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...)
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...)
	NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...)
	NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...)
	NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...)
	NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
	NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538 (** DISPUTED ** ...)
	NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2007-1536 (Integer underflow in the file_printf function in the &quot;file&quot; program ...)
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...)
	NOT-FOR-US: Microsoft
CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains ...)
	NOT-FOR-US: Microsoft
CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same ...)
	NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included ...)
	NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...)
	NOT-FOR-US: Microsoft
CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
	NOT-FOR-US: Microsoft
CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...)
	NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...)
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...)
	NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...)
	NOT-FOR-US: NetBSD
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
	{DSA-1283-1}
	- php5 <unfixed> (medium)
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...)
	{DSA-1283-1 DSA-1282-1}
	- php5 5.2.0-11 (medium)
	- php4 <unfixed> (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
	NOT-FOR-US: WSN Guest
CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Dimension module of phpBB
CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...)
	NOT-FOR-US: PHP-Stats
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...)
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
	NOTE: http://bugs.digium.com/view.php?id=9313
CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...)
	NOT-FOR-US: CcMail
CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)
	- imp4 <unfixed> (medium)
CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb ...)
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and ...)
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder ...)
	NOT-FOR-US: krypt
CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x ...)
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Oracle Portal
CVE-2007-1505 (Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption ...)
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
	- rhapsody <unfixed> (medium)
	NOTE: Removal from Etch requested
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
	- rhapsody <unfixed> (medium)
	NOTE: Removal from Etch requested
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
	NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...)
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...)
	{DSA-1289-1}
	- linux-2.6 <unfixed> (medium)
CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal ...)
	NOT-FOR-US: WebAPP
CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder ...)
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485 (** DISPUTED ** ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
	NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
	NOT-FOR-US: WBBlog
CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...)
	NOT-FOR-US: McGallery
CVE-2007-1477 (** DISPUTED ** ...)
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
	- php4 <unfixed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
	- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
	- horde3 <unfixed> (low)
CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
	NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Orion-Blog
CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
	NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
	- inkscape <unfixed> (medium)
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
	- inkscape <unfixed> (low)
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
	NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
	- php5 <unfixed> (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP ...)
	- php5 <unfixed> (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...)
	NOT-FOR-US: WebCreator
CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
	NOT-FOR-US: CARE2X
CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer ...)
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...)
	NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...)
	NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
	NOT-FOR-US: Open Education System
CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...)
	NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...)
	- netperf <unfixed> (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...)
	NOT-FOR-US: Oracle Database
CVE-2007-1441 (The 4thPass browser on the RIM BlackBerry 8100 (Pearl) before 4.2.1 ...)
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows ...)
	NOT-FOR-US: JGBBS
CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in ...)
	NOT-FOR-US: MySQL Commander
CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 ...)
	NOT-FOR-US: X-Ice News System
CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...)
	NOT-FOR-US: phpBB module Add Name
CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote ...)
	NOT-FOR-US: ProRat Server
CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
	NOT-FOR-US: Avant Browser
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...)
	- pennmush <unfixed> (low)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ClipShare
CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...)
	- moodle <unfixed>
CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...)
	NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
	NOT-FOR-US: AssetMan
CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...)
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...)
	NOT-FOR-US: DataLife Engine
CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...)
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...)
	NOT-FOR-US: SubDog
CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...)
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DekiWiki
CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...)
	NOT-FOR-US: URLshrink
CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...)
	NOT-FOR-US: PMB Services
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
	TODO: check
	NOTE: Haven't been able to reproduce the issue in either php4 or php5
	NOTE: code inspection should be the next step.
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...)
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...)
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...)
	NOT-FOR-US: Vallheru
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
	- trac <unfixed> (low; bug #414134; bug #420219)
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the &quot;download wiki page as ...)
	- trac <unfixed> (low; bug #414134; bug #420219)
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...)
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
	NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
	- php5 <unfixed> (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...)
	- php5 <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
	- phpmyadmin 4:2.10.0.2-1 (medium)
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
	NOT-FOR-US: Flat Chat
CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...)
	NOT-FOR-US: Magic CMS
CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...)
	NOT-FOR-US: netForo!
CVE-2007-1391 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBO
CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...)
	NOT-FOR-US: dynalias
CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: dynalias
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
	- php4 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
	{DSA-1283-1 DSA-1282-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
	{DSA-1283-1}
	- php4 <unfixed> (unimportant)
	- php5 5.2.0-11 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
	{DSA-1283-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...)
	NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
	- conquest <unfixed> (medium)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...)
	NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...)
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
	NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...)
	NOT-FOR-US: DropAFew
CVE-2007-1362
	RESERVED
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...)
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
	- libapache-mod-security <removed>
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
	- tomcat4 <removed> (low)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	RESERVED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	TODO: check
CVE-2007-1354
	RESERVED
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
	- linux-2.6 <unfixed> (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in ...)
	- apache <unfixed> (low)
	- libapache2-mod-perl2 <unfixed> (low)
CVE-2007-1348
	RESERVED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...)
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...)
	NOT-FOR-US: Ezstream
CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...)
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...)
	NOT-FOR-US: vBulletin
CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...)
	NOT-FOR-US: News-Letterman
CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...)
	NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...)
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 ...)
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...)
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
	NOT-FOR-US: silc daemon
CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...)
	- serendipity <unfixed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...)
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <no-dsa> (workaround for PHP issue)
	[etch] - phpmyadmin <no-dsa> (workaround for PHP issue)
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
	NOT-FOR-US: SnapGear
CVE-2007-1323
	RESERVED
	{DSA-1284-1}
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1321
	RESERVED
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...)
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
	NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...)
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...)
	NOT-FOR-US: RRDBrowse
CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...)
	NOT-FOR-US: ISPUtil
CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...)
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...)
	NOT-FOR-US: AJ Auction
CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
	NOT-FOR-US: AJ Dating
CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...)
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...)
	NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...)
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...)
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...)
	NOT-FOR-US: TygerBT
CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...)
	NOT-FOR-US: WB News
CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...)
	NOT-FOR-US: DreameeSoft Password Master
CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...)
	- putty 0.59-1 (bug #400804; unimportant)
	NOTE: Unsafe default, but not a vulnerability
CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...)
	NOT-FOR-US: Hazir Site
CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...)
	NOT-FOR-US: BTI-Tracker
CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle Application Express
CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...)
	NOT-FOR-US: Google Earth
CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...)
	NOT-FOR-US: miniBB module Keyword Replacer
CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...)
	NOT-FOR-US: Iono
CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...)
	NOT-FOR-US: ASP-Nuke Community
CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...)
	- libtool <not-affected> (Specific to Fedora build)
CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...)
	NOT-FOR-US: Mambo
CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...)
	NOT-FOR-US: Mambo
CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...)
	NOT-FOR-US: phpBB module maluinfo
CVE-2006-7147 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB module Import Tools
CVE-2006-7146 (** DISPUTED ** ...)
	NOT-FOR-US: communityPortals
CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...)
	NOT-FOR-US: Utimaco Safeguard
CVE-2006-7141 (** DISPUTED ** ...)
	NOT-FOR-US: Oracle Database
CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with &quot;Prefer HTML to Plain Text&quot; enabled, ...)
	- kdepim <unfixed> (unimportant)
	NOTE: Annoying bug, but neglectable "security implications"
CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...)
	NOT-FOR-US: Oracle APEX
CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)
	NOT-FOR-US: TinyPortal
CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
	- php4 <unfixed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-1 (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...)
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...)
	NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk ...)
	NOT-FOR-US: PHPMyDesk
CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora ...)
	NOT-FOR-US: Jinzora
CVE-2006-7130 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jinzora
CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote ...)
	NOT-FOR-US: Linksys SPA-921
CVE-2006-7120 (** DISPUTED ** ...)
	NOT-FOR-US: OSL maintain
CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php ...)
	NOT-FOR-US: PHPGiggle
CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine ...)
	NOT-FOR-US: DMXReady Site Engine Manager
CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...)
	NOT-FOR-US: Kubix
CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...)
	NOT-FOR-US: Kubix
CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote ...)
	NOT-FOR-US: PHPKit
CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with ...)
	NOT-FOR-US: P-News
CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote ...)
	NOT-FOR-US: P-News
CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ...)
	NOT-FOR-US: MD-Pro
CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ...)
	NOT-FOR-US: KMail CGI
CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...)
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...)
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...)
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd ...)
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...)
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...)
	- enigmail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...)
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...)
	NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
	NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
	NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
	- iceweasel <unfixed> (medium)
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...)
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ...)
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...)
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...)
	NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...)
	NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...)
	NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...)
	- wordpress 2.1.2-1 (medium)
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...)
	NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...)
	NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...)
	NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...)
	NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.1.2-1 (medium)
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...)
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...)
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...)
	NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...)
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
	- linux-2.6 <unfixed> (bug #411294; low)
	NOTE: Not exploitable over ISDN network, only through a CAPI server
CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	RESERVED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...)
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	RESERVED
CVE-2007-1207
	RESERVED
CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1201
	RESERVED
CVE-2007-1200
	RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...)
	NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...)
	NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...)
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...)
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...)
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...)
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...)
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...)
	NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
	NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not &quot;censor&quot; the Latest Member real name, ...)
	NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
	NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...)
	NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...)
	NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...)
	NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...)
	NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
	NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...)
	NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...)
	TODO: check
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
	NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...)
	NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...)
	NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...)
	NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...)
	NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...)
	NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...)
	NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...)
	- util-linux <unfixed> (unimportant)
	NOTE: Expected behaviour; pam_acct_mgmt() requires prior pam_authenticate()
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...)
	NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...)
	NOT-FOR-US: Power Phlogger
CVE-2006-7105 (** DISPUTED ** ...)
	- smarty <not-affected> (described vulnerability never existed)
CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...)
	NOT-FOR-US: EZOnlineGallery
CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...)
	NOT-FOR-US: phpBurningPortal quiz-modul
CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...)
	NOT-FOR-US: PHPWind
CVE-2006-7100 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB Insert User
CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...)
	NOT-FOR-US: SolarPay
CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
	- apache 1.3.34-4.1 (low; bug #357561)
CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...)
	NOT-FOR-US: TaskFreak!
CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...)
	- linux-ftpd 0.17-23 (bug #384454; low)
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...)
	NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
	- viewcvs <unfixed> (low)
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
	- viewcvs <unfixed> (low)
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
	- libapache2-mod-python 3.2.8-1 (low)
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-XXXX [puttygen can create world-readable private keys]
	- putty <unfixed> (bug #400804; unimportant)
	NOTE: Sensitive operations like key generation should only be done in private home
CVE-2007-XXXX [asterisk remote SIP security hole]
	- asterisk 1:1.2.16~dfsg-1
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...)
	NOT-FOR-US: Pagesetter
CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: JBoss
CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access ...)
	NOT-FOR-US: JBrowser
CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote ...)
	NOT-FOR-US: webSPELL
CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows ...)
	NOT-FOR-US: hbm
CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost ...)
	NOT-FOR-US: arabhost
CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote ...)
	NOT-FOR-US: pheap
CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...)
	NOT-FOR-US: Putmail
CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown ...)
	NOT-FOR-US: Watchtower
CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...)
	NOT-FOR-US: FCRing
CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;Contact ...)
	NOT-FOR-US: MTCMS
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...)
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis ...)
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow ...)
	NOT-FOR-US: MTCMS
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows ...)
	NOT-FOR-US: xtcommerce
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...)
	NOT-FOR-US: ZPanel
CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...)
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 ...)
	NOT-FOR-US: eFiction
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...)
	- iceweasel <unfixed> (medium)
	- iceape <unfixed> (medium)
	- xulrunner <unfixed> (bug #415919; bug #415944; bug #415945; medium)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
	TODO: this should be checked
CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset ...)
	NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery ...)
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian ...)
	NOT-FOR-US: CS-Gallery
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ...)
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module ...)
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, ...)
	- tor <unfixed> (medium)
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Photostand
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...)
	NOT-FOR-US: Photostand
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan ...)
	NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
	- dropbear 0.49-1 (unimportant; bug #412899)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
	[etch] - dropbear 0.48.1-2
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...)
	NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...)
	NOT-FOR-US: Wiclear
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...)
	- iceweasel <unfixed> (medium)
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
	NOT-FOR-US: Network Node Manager
CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...)
	NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
	- iceweasel <unfixed> (medium)
	- iceape <unfixed> (medium)
	NOTE: xulrunner by itself is not affecte, but other browsers based on xulrunner may be affected
	TODO: check epiphany, galeon and kazehakase
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...)
	NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...)
	- typo3-src 4.0.5+debian-1 
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager ...)
	NOT-FOR-US: FTP Voyager
CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 ...)
	NOT-FOR-US: UserPages2
CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...)
	NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...)
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...)
	NOT-FOR-US: VMware
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...)
	NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...)
	NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...)
	NOT-FOR-US: SendStudio
CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate ...)
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web ...)
	NOT-FOR-US: Online Web Building
CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application ...)
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user ...)
	NOT-FOR-US: VMware
CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053 (** DISPUTED ** ...)
	NOT-FOR-US: phpXmms
CVE-2007-1052 (** DISPUTED ** ...)
	NOT-FOR-US: PBLang
CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MyCalendar
CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...)
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...)
	- dcc <unfixed> (medium)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a ...)
	NOT-FOR-US: Dem_trac
CVE-2007-1045 (mAlbum 0.3 has default accunts (1) &quot;login&quot;/&quot;pass&quot; for its ...)
	NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list ...)
	NOT-FOR-US: PowerSchool
CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass ...)
	NOT-FOR-US: Ezboo
CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1041 (Multiple stack-based buffer overflows in S&amp;H Computer Systems News ...)
	NOT-FOR-US: News Rover
CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 ...)
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: Grabit
CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier ...)
	NOT-FOR-US: News File Grabber
CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht ...)
	NOT-FOR-US: Topsites FREE
CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...)
	NOT-FOR-US: phpBB Security
CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...)
	NOT-FOR-US: Ban
CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...)
	NOT-FOR-US: Simple PHP Forum
CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...)
	NOT-FOR-US: Dotdeb PHP
CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow ...)
	NOT-FOR-US: Hot Links
CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7084
	REJECTED
	NOT-FOR-US: Rigter Portal System
CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 ...)
	NOT-FOR-US: PhpNews
CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional ...)
	NOT-FOR-US: Professional Home Page Tools Login Script
CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for ...)
	- aqualung 0.9~beta6-1 (medium)
CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod ...)
	NOT-FOR-US: Opentools Attachment Mod
CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...)
	NOT-FOR-US: GeoClassifieds Enterprise
CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7070 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in ...)
	NOT-FOR-US: Socketwiz Bookmarks
CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...)
	NOT-FOR-US: CliServ Web Community
CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 ...)
	NOT-FOR-US: TinyPHPforum
CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows ...)
	NOT-FOR-US: Kamgaing Email System
CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...)
	NOT-FOR-US: Sphider
CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c ...)
	NOT-FOR-US: Sphider
CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost ...)
	NOT-FOR-US: HostAdmin
CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For ...)
	NOT-FOR-US: DotWidget
CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...)
	- linux-2.6 <unfixed> (medium)
CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
	NOT-FOR-US: Claroline
CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...)
	NOT-FOR-US: Shoutpro
CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security ...)
	NOT-FOR-US: MathCAD
CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...)
	NOT-FOR-US: Andy's Chat
CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...)
	NOT-FOR-US: FlashBB
CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs ...)
	NOT-FOR-US: Microsoft ISA
CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in ...)
	NOT-FOR-US: Topsites PHP
CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...)
	NOT-FOR-US: Bookmark4U
CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...)
	NOT-FOR-US: VirtueMart
CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...)
	NOT-FOR-US: CheckPoint Firewall
CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP ...)
	NOT-FOR-US: QwikMail SMTP
CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: SonicWALL
CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SafeNet VPN
CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...)
	NOT-FOR-US: PGPFreeware
CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...)
	NOT-FOR-US: NetScreen-Remote
CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...)
	NOT-FOR-US: FreeBSD
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg <unfixed> (bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	NOTE: This is not reproducible after a recompile on amd64.
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd <unfixed> (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new <unfixed> (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
	- pure-ftpd <unfixed> (bug #350889)
CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer's UTF-7 charset autodetection]
	- mediawiki1.7 1.7.1-9 (low)
CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...)
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
	NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...)
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...)
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...)
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...)
	- libevent <unfixed> (bug #411996; unimportant)
	NOTE: Only versions 1.2 and 1.2a are vulnerable -- 1.1a-1 is safe.
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...)
	NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier ...)
	NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in ...)
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...)
	NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 ...)
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...)
	NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when ...)
	NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote ...)
	NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...)
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 ...)
	NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in ...)
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...)
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the ...)
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...)
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...)
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and ...)
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	- xulrunner <unfixed> (low)
	NOTE: maintainer notes that this may affect browsers based on xulrunner
CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...)
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
	- evolution <unfixed>
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...)
	- php5 <unfixed> (medium)
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...)
	- xen-3.0 <unfixed> (medium)
CVE-2007-0997
	RESERVED
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...)
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-tunderbird <unfixed> (low)
	[sarge] - mozilla-firefox <unfixed> (low)
	[sarge] - mozilla <unfixed> (low)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	RESERVED
CVE-2007-0992
	RESERVED
CVE-2007-0991
	RESERVED
CVE-2007-0990
	RESERVED
CVE-2007-0989
	RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...)
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and ...)
	NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
	NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT ...)
	NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	- mozilla-firefox <removed> (high)
	- mozilla <removed> (high)
	- firefox <removed> (high)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
	NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...)
	NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...)
	NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
	NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
	NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
	NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
	NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
	NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1 (unimportant)
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
	NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...)
	NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...)
	NOT-FOR-US: iTinySoft
CVE-2007-0948
	RESERVED
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943
	RESERVED
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	RESERVED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...)
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	RESERVED
CVE-2007-0936
	RESERVED
CVE-2007-0935
	RESERVED
CVE-2007-0934
	RESERVED
CVE-2007-0933
	RESERVED
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...)
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...)
	NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...)
	NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...)
	NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...)
	NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...)
	NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...)
	NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...)
	NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
	NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
	NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
	NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...)
	NOT-FOR-US: fx-APP
CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...)
	NOT-FOR-US: fx-APP
CVE-2006-7021 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Plume CMS
CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
	NOT-FOR-US: phpwcms
CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
	NOT-FOR-US: phpwcms
CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
	NOT-FOR-US: phpwcms
CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...)
	NOT-FOR-US: Indexu
CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Jobline
CVE-2006-7015 (** DISPUTED ** ...)
	NOT-FOR-US: Jobline
CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...)
	NOT-FOR-US: BloggIT
CVE-2006-7013 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: SCart
CVE-2006-7011 (** DISPUTED ** ...)
	NOT-FOR-US: FlashChat
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
	NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
	- php5 <not-affected> (A regression only affecting 5.2.1)
	TODO: - php5 <unfixed> (bug #410561; bug #410995; medium)
	NOTE: this is a regression in the 5.2.1 release which is not yet uploaded.
	NOTE: so we should just make sure we patch 5.2.1.  Leaving open in the
	NOTE: meantime, so we don't forget about it.
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
	- php5 5.2.0-9 (unimportant)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9 (unimportant)
	NOTE: this extension is not enabled in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
	- php5 <unfixed> (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)
	- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the &quot;Show debugging information&quot; feature ...)
	- moin <not-affected> (Despite what the CVE says, this is not a problem in the 1.5.x code)
	[sarge] - moin <unfixed> (bug #411084; medium)
CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...)
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
	RESERVED
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav	0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav	0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav	0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a ...)
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...)
	- mediawiki <unfixed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...)
	NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption (&quot;reversible ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...)
	NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...)
	NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...)
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in ...)
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...)
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...)
	NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...)
	NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...)
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875 (** DISPUTED ** ...)
	NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...)
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
	NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...)
	- joomla <itp> (bug #326398)
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...)
	- joomla <itp> (bug #326398)
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...)
	- joomla <itp> (bug #326398)
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Tiny FTPd
CVE-2006-7006 (** DISPUTED ** ...)
	NOT-FOR-US: Somery
CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...)
	NOT-FOR-US: Fusion Polls
CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...)
	NOT-FOR-US: Wheatblog
CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...)
	NOT-FOR-US: V3 Chat
CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...)
	NOT-FOR-US: OzzyWork Gallery
CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...)
	NOT-FOR-US: Neuron Blog
CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...)
	- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
	NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...)
	NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...)
	NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863 (** DISPUTED ** ...)
	NOT-FOR-US: Trevorchan
CVE-2007-0862 (** DISPUTED ** ...)
	NOT-FOR-US: gnopaste
CVE-2007-0861 (** DISPUTED ** ...)
	NOT-FOR-US: phpCOIN
CVE-2007-0860 (** DISPUTED ** ...)
	NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...)
	NOT-FOR-US: Palm OS Treo
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
	NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
	NOT-FOR-US: Fast Browser Pro
CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...)
	NOT-FOR-US: Enigma Browser
CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...)
	NOT-FOR-US: NetCaptor
CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...)
	NOT-FOR-US: Slim Browser
CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
	NOT-FOR-US: FineBrowser Freeware
CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...)
	NOT-FOR-US: PhaseOut
CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...)
	NOT-FOR-US: Maxthon
CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...)
	NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
	NOT-FOR-US: MYweb4net Browser
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...)
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge]	- rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[sarge]	- unrar-nonfree <no-dsa> (Non-free)
	[etch] - unrar-nonfree <no-dsa> (Non-free)
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
	NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
	NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...)
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
	NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
	NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...)
	NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...)
	NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
	NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
	NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...)
	NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
	NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
	NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the &quot;Enable copy and paste to and ...)
	NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...)
	NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Atsphp
CVE-2007-0830 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...)
	NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
	NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
	NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
	- mount <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
	NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
	NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...)
	NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
	NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
	NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...)
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...)
	NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
	NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
	- iceweasel <unfixed> (low)
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox <removed> (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <unfixed> (medium)
	[sarge] - mozilla <unfixed> (medium)
	- firefox <removed> (medium)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...)
	NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...)
	NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794 (** DISPUTED ** ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
	- bugzilla <unfixed> (bug #409824; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...)
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...)
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...)
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...)
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...)
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...)
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <unfixed> (low)
	[sarge] - mozilla <unfixed> (low)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla-thunderbird <unfixed> (low)
	[sarge] - mozilla <unfixed> (high)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <unfixed> (low)
	[sarge] - mozilla-thunderbird <unfixed> (low)
	[sarge] - mozilla <unfixed> (low)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...)
	- tomcat5.5 <unfixed> (medium)
CVE-2007-0773
	RESERVED
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel ...)
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
	{DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
	NOT-FOR-US: 3proxy
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
	NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
	- amarok 1.4.4-4 (bug #410850; unimportant)
	NOTE: This could only be exploited through the Magnatune shop
CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...)
	- amarok 1.4.4-1 (bug #410850; low)
	[sarge] - amarok <not-affected> (Vulnerable code not present)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
	NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
	NOT-FOR-US: FreeTextBox
CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6975 (** DISPUTED ** ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...)
	NOT-FOR-US: BtitTracker
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...)
	- iceweasel <not-affected> (Windows only)
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...)
	NOT-FOR-US: Opera
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...)
	NOT-FOR-US: Jetty
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
	- libpam-ssh <unfixed> (bug #410236; medium)
CVE-2007-0769 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows ...)
	NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...)
	NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier ...)
	NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment ...)
	NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...)
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by ...)
	NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow ...)
	NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...)
	NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes ...)
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753
	RESERVED
CVE-2007-0752
	RESERVED
CVE-2007-0751
	RESERVED
CVE-2007-0750
	RESERVED
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740
	RESERVED
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...)
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	RESERVED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...)
	- cupsys <unfixed> (low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows ...)
	NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet ...)
	NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and ...)
	NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...)
	NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...)
	NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan ...)
	NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in ...)
	NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in ...)
	NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694
	RESERVED
CVE-2007-0693
	RESERVED
CVE-2007-0692
	RESERVED
CVE-2007-0691
	REJECTED
CVE-2007-0690
	RESERVED
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation ...)
	NOT-FOR-US: Phorum
CVE-2006-6967 (Check Point FireWall-1 allows remote attackers to obtain certificate ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...)
	NOT-FOR-US: phpGraphy
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [ejabberd unspecified vulnerability in mod_roster_odbc]
	- ejabberd 1.1.2-5
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...)
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...)
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...)
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Omegaboard
CVE-2007-0682 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...)
	NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...)
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (** DISPUTED ** ...)
	NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp; Desktops ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local ...)
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
	- sql-ledger <unfixed> (bug #409703)
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver 
	NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...)
	NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...)
	NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...)
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...)
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan ...)
	NOT-FOR-US: MicroWorld
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
	NOT-FOR-US: OpenEMR
CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
	NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...)
	NOT-FOR-US: AppleKit
CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote ...)
	NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
	NOT-FOR-US: iPhoto
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...)
	NOT-FOR-US: Bloodshed Dev-C++ 
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...)
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...)
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...)
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...)
	NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
	NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...)
	NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...)
	NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
	NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
	NOT-FOR-US: Plain Black WebGUI 
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
	NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...)
	- drupal 4.7.6-1
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...)
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
	NOT-FOR-US: Microsoft Word
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...)
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...)
	NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...)
	NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
	NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
	NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
	NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...)
	NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review ...)
	NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...)
	NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...)
	NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...)
	NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...)
	NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...)
	NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...)
	NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...)
	NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
	NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
	NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
	NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
	NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...)
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...)
	NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
	NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...)
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...)
	NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...)
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...)
	NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...)
	NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...)
	NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...)
	NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...)
	NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...)
	NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...)
	NOT-FOR-US: vHostAdmin
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
	NOT-FOR-US: rPath
CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and ...)
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, ...)
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
	NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)
	NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
	NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...)
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
	- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Telligent
CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not ...)
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
	NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...)
	NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...)
	NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...)
	NOT-FOR-US: FreeWebShop
CVE-2007-0530 (** DISPUTED ** ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...)
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
	NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in ...)
	NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...)
	NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
	NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Nokia
CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...)
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...)
	NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...)
	NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
	NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
	NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...)
	NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...)
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...)
	NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...)
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...)
	NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...)
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...)
	NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...)
	NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
	NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...)
	NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...)
	NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...)
	NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...)
	NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
	NOT-FOR-US: Huawei
CVE-2007-0487 (** DISPUTED ** ...)
	NOT-FOR-US: FreeForum
CVE-2007-0486 (** DISPUTED ** ...)
	NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
	NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...)
	NOT-FOR-US: Sun
CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Cisco
CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before ...)
	NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...)
	- smb4k <unfixed> (low)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...)
	- smb4k <unfixed> (low)
	NOTE: not fixed in 0.8.0, see
	NOTE: http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...)
	- smb4k 0.8.0-1 (low)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...)
	- smb4k 0.8.0-1 (low)
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...)
	- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
	NOT-FOR-US: MailEnable
CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...)
	NOT-FOR-US: Docebo
CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...)
	NOT-FOR-US: RS Gallery2
CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...)
	NOT-FOR-US: phpBlueDragon CMS
CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...)
	NOT-FOR-US: Docebo
CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
	NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...)
	NOT-FOR-US: GlobeTrotter Mobility Manager
CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
	NOT-FOR-US: Cisco
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...)
	NOT-FOR-US: WebRoot Spy Sweeper 
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
	NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
	- libgems-ruby <unfixed> (low; bug #408299)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
	NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
	NOT-FOR-US: Apple
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
	NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...)
	- dazuko-source <unfixed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...)
	- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
	- libgd2 <unfixed> (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...)
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...)
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
	- tomcat5.5 <unfixed> (medium)
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-0448
	RESERVED
CVE-2007-0447
	RESERVED
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
	NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
	NOT-FOR-US: Citrix
CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437
	RESERVED
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
	NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
	NOT-FOR-US: siteframe
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...)
	NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...)
	NOT-FOR-US: AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...)
	NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...)
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...)
	NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
	NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
	NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
	NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...)
	NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...)
	NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...)
	NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...)
	NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...)
	NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...)
	NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...)
	NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
	NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...)
	NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...)
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in ...)
	NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
	NOT-FOR-US: Odysseus Blog
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
	NOT-FOR-US: JVN
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...)
	NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...)
	NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...)
	NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
	NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...)
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...)
	- joomla <itp> (bug #326398)
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...)
	NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...)
	NOT-FOR-US: PostNuke
CVE-2007-0383 (** DISPUTED ** ...)
	NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...)
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...)
	NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...)
	NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...)
	NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...)
	NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...)
	NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...)
	- joomla <itp> (bug #326398)
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...)
	- mambo 4.6.1-5 (bug #407995; low)
	- joomla <itp> (bug #326398)
	NOTE: Mantainer working in new upstream version of Joomla and waiting patch
	NOTE: for Mambo.
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...)
	- joomla <itp> (bug #326398)
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 ...)
	NOT-FOR-US: phpBP
CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows ...)
	NOT-FOR-US: phpBP
CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...)
	NOT-FOR-US: mbse
CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...)
	NOT-FOR-US: Openads
CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...)
	NOT-FOR-US: FreshReader
CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...)
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...)
	NOT-FOR-US: Oreon
CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...)
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...)
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...)
	NOT-FOR-US: AVM
CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...)
	NOT-FOR-US: Apple
CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...)
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: myBloggie
CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
	NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
	TODO: check
	NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
	NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
	NOT-FOR-US: Apple
CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...)
	- colloquy <removed>
CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple WebKit
CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...)
	NOT-FOR-US: FileMailer
CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
	NOT-FOR-US: KGB
CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...)
	NOT-FOR-US: Rixstep
CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...)
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...)
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328
	RESERVED
CVE-2007-0327
	RESERVED
CVE-2007-0326
	RESERVED
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...)
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322
	RESERVED
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319
	RESERVED
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...)
	NOT-FOR-US: Article System
CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...)
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...)
	NOT-FOR-US: wcSimple
CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...)
	NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
	NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...)
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...)
	NOT-FOR-US: Zina
CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
	NOT-FOR-US: InstantASP
CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...)
	NOT-FOR-US: FdWeB
CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...)
	NOT-FOR-US: TLM CMS
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
	NOT-FOR-US: LunarPoll
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
	- phpmyadmin 4:2.9.1.1-2 (unimportant)
	NOTE: Only path disclosure
CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
	NOT-FOR-US: OWA
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Twilight Webserver
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web ...)
	NOT-FOR-US: Oracle
CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, ...)
	NOT-FOR-US: Oracle
CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and ...)
	NOT-FOR-US: Oracle
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ...)
	NOT-FOR-US: Winzip
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...)
	NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
	{DTSA-33-1}
	- wordpress <unfixed> (unimportant; bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
	NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
	NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
	NOT-FOR-US: Fastilo
CVE-2007-0257 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
	- vlc <unfixed> (unimportant; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
	- xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
CVE-2007-0253 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
	NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...)
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...)
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246
	RESERVED
CVE-2007-0245
	RESERVED
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before ...)
	{DSA-1288-1}
	TODO: check
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
	- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does ...)
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier ...)
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
	NOTE: Duplicate of CVE-2007-0243
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
	NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
	NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
	NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
	- slocate <unfixed> (bug #411937; low)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set.  This is
	NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
	NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2007-0218
	RESERVED
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0216
	RESERVED
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...)
	NOT-FOR-US: Microsoft
CVE-2007-0212
	RESERVED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0207
	RESERVED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...)
	- ed 0.2-19
CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...)
	NOT-FOR-US: NitroTech CMS
CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...)
	NOT-FOR-US: Portix
CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...)
	NOT-FOR-US: Portix
CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Easy Chat Server
CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...)
	NOT-FOR-US: Image Gallery
CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during ...)
	- snort <unfixed> (low; bug #407421)
	[sarge] - snort <no-dsa> (Minor issue)
	[etch] - snort <no-dsa> (Minor issue)
CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 ...)
	NOT-FOR-US: Rialto
CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...)
	NOT-FOR-US: Rialto
CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...)
	NOT-FOR-US: eXtremail
CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...)
	NOT-FOR-US: bitweaver
CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: bitweaver
CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...)
	NOT-FOR-US: bitweaver
CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...)
	NOT-FOR-US: Deadlock
CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to cause a ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...)
	NOT-FOR-US: HP
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 ...)
	NOT-FOR-US: @alex
CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
	NOT-FOR-US: Nucleus
CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ...)
	- firefox-sage 1.3.6-3
	NOTE: 1.3.6-3 disabled HTML mode entirely
CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion ...)
	NOT-FOR-US: GeoBB
CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
	NOT-FOR-US: @lex
CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
	NOT-FOR-US: TIS
CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey ...)
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...)
	NOT-FOR-US: Cisco
CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...)
	NOT-FOR-US: Cisco
CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...)
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...)
	NOT-FOR-US: F5
CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: MKPortal
CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...)
	NOT-FOR-US: FON La Fonera
CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main ...)
	NOT-FOR-US: MKPortal
CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...)
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189 (** DISPUTED ** ...)
	NOT-FOR-US: GeoBB
CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...)
	NOT-FOR-US: F5
CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...)
	NOT-FOR-US: F5
CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5
CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web ...)
	NOT-FOR-US: iPlanet Web
CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo ...)
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...)
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...)
	NOT-FOR-US: EF Commander
CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...)
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in ...)
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...)
	- gforge 4.5.14-20 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...)
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...)
	NOT-FOR-US: Sina UC2006
CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuest
CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks ...)
	NOT-FOR-US: AllMyLinks
CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...)
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
	NOT-FOR-US: PPC Search
CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...)
	- kfreebsd-5 <not-affected>
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...)
	NOT-FOR-US: Camouflage
CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...)
	NOT-FOR-US: Steganography
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158
	RESERVED
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...)
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...)
	NOT-FOR-US: M-Core
CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: HarikaOnline
CVE-2007-0154 (Webulas stores sensitive information under the web root with ...)
	NOT-FOR-US: Webulas
CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...)
	NOT-FOR-US: AJLogin
CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...)
	NOT-FOR-US: OhhASP
CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...)
	NOT-FOR-US: MitiSoft
CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Dayfox
CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: EMembersPro
CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...)
	NOT-FOR-US: OminiGroup
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
	NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
	NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
	NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
	NOT-FOR-US: NUNE News
CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...)
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...)
	NOT-FOR-US: YALD
CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...)
	NOT-FOR-US: Kolayindir
CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...)
	NOT-FOR-US: IBM
CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: IBM
CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...)
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...)
	NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233, DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...)
	NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)
	NOT-FOR-US: IG Shop
CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in ...)
	NOT-FOR-US: IG Shop
CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
	NOT-FOR-US: IG Shop
CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...)
	NOT-FOR-US: JAMWiki
CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 ...)
	NOT-FOR-US: iG Calendar
CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...)
	NOT-FOR-US: LocazoList
CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and ...)
	NOT-FOR-US: Digirez
CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly ...)
	NOT-FOR-US: Opera
CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
	- drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...)
	NOT-FOR-US: RI Blog
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...)
	NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...)
	NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
	NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
	NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
	NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
	NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...)
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf <unfixed> (bug #406852; unimportant)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
	NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
	NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
	NOT-FOR-US: Carbon Communities
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
	- phpmyadmin <unfixed> (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...)
	NOT-FOR-US: E-SMARTCART 
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...)
	NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...)
	NOT-FOR-US: WineGlass
CVE-2007-0089 (jgbbs stores sensitive information under the web root with ...)
	NOT-FOR-US: jgbbs
CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
	NOT-FOR-US: openmedia
CVE-2007-0087 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086 (** DISPUTED ** ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084 (** DISPUTED ** ...)
	NOT-FOR-US: Windows NT
CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
	NOT-FOR-US: Nuked Klan
CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ...)
	NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080 (** DISPUTED ** ...)
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
	NOT-FOR-US: rblog
CVE-2007-0078 (BattleBlog stores sensitive information under the web root with ...)
	NOT-FOR-US: BattleBlog
CVE-2007-0077 (lblog stores sensitive information under the web root with ...)
	NOT-FOR-US: lblog
CVE-2007-0076 (Openforum stores sensitive information under the web root with ...)
	NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
	NOT-FOR-US: AspBB
CVE-2007-0074
	RESERVED
CVE-2007-0073
	RESERVED
CVE-2007-0072
	RESERVED
CVE-2007-0071
	RESERVED
CVE-2007-0070
	RESERVED
CVE-2007-0069
	RESERVED
CVE-2007-0068
	RESERVED
CVE-2007-0067
	RESERVED
CVE-2007-0066
	RESERVED
CVE-2007-0065
	RESERVED
CVE-2007-0064
	RESERVED
CVE-2007-0063
	RESERVED
CVE-2007-0062
	RESERVED
CVE-2007-0061
	RESERVED
CVE-2007-0060
	RESERVED
CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...)
	NOT-FOR-US: Cisco
CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...)
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...)
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ...)
	NOT-FOR-US: Apple iPhoto
CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Fersch Formbankserver
CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...)
	NOT-FOR-US: Karl Dahlke Edbrowse
CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm ...)
	NOT-FOR-US: Bluetooth Stack COM Server (Windows)
CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...)
	NOT-FOR-US: Bluesoil Bluetooth
CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...)
	NOT-FOR-US: Bluetooth stack on Mac OS
CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows ...)
	NOT-FOR-US: Broadcom
CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...)
	NOT-FOR-US: Toshiba Bluetooth stack
CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
	NOT-FOR-US: Windows Mobile
CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to ...)
	- bluez-utils 3.7-1 (bug #408889; medium)
CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly ...)
	NOT-FOR-US: Plantronic Headset
CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...)
	NOT-FOR-US: Sony Ericsson T60
CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...)
	NOT-FOR-US: SPINE
CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...)
	- tor <unfixed> (unimportant)
	NOTE: It could be argued that this is a laws-of-physics vulnerability
	NOTE: that is a fundamental design limitation of certain hardware
	NOTE: implementations.
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
	NOT-FOR-US: Jonathon J. Freeman OvBB
CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...)
	NOT-FOR-US: P-News
CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: phpwcms
CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
	NOT-FOR-US: Sky Software
CVE-2006-6883 (** DISPUTED ** ...)
	NOT-FOR-US: PHPIrc_bot
CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...)
	NOT-FOR-US: Golden Book
CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...)
	NOT-FOR-US: ATMEL WLAN drivers
CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...)
	NOT-FOR-US: Matteo Lucarelli 3editor
CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6869 (Directory traversal vulnerability in ...)
	NOT-FOR-US: MAXdev
CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...)
	NOT-FOR-US: Zen Cart
CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Ahead4
CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...)
	NOT-FOR-US: Softartisans
CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...)
	NOT-FOR-US: Enigma2
CVE-2006-6863 (** DISPUTED ** ...)
	NOT-FOR-US: Enigma2
CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
	NOT-FOR-US: MythControl
CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...)
	NOT-FOR-US: Website Designs for Less
CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...)
	NOT-FOR-US: eNdonesia
CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-XXXX [ssmtp password leak]
	- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
	- avahi 0.6.16-1 (low)
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050 (** DISPUTED ** ...)
	NOT-FOR-US: OpenPinboard
CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: TaskTracker
CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043
	RESERVED
CVE-2007-0042
	RESERVED
CVE-2007-0041
	RESERVED
CVE-2007-0040
	RESERVED
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
	NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0037
	RESERVED
CVE-2007-0036
	RESERVED
CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	RESERVED
CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic ...)
	NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX ...)
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
	NOT-FOR-US: MoviePlay
CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...)
	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...)
	NOT-FOR-US: WebText CMS
CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...)
	NOT-FOR-US: AIDeX Mini-WebServer
CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...)
	NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related)
CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...)
	NOT-FOR-US: Durian Web Application Server
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...)
	- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...)
	NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...)
	NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...)
	NOT-FOR-US: Cahier de texte (CDT)
CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...)
	NOT-FOR-US: ASPTicker
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...)
	NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...)
	NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...)
	NOT-FOR-US: EasyPartner component for Joomla!
CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
	NOT-FOR-US: Acronym Mod for phpBB2
CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...)
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...)
	NOT-FOR-US: Total Commander
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012
	RESERVED
CVE-2007-0011
	RESERVED
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
	NOT-FOR-US: IBM
CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...)
	NOT-FOR-US: Land Down Under
CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...)
	NOT-FOR-US: Joomla
CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...)
	NOT-FOR-US: Joomla
CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...)
	NOT-FOR-US: Joomla
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...)
	NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...)
	NOT-FOR-US: b2 Blog
CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal ...)
	NOT-FOR-US: Personal .NET Portal
CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...)
	NOT-FOR-US: iCalendar
CVE-2006-6823 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Yrch!
CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate ...)
	NOT-FOR-US: Enthrallweb eClassifieds
CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the ...)
	NOT-FOR-US: Enthrallweb eNews
CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the ...)
	NOT-FOR-US: Enthrallweb eCoupons
CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload ...)
	NOT-FOR-US: Mxmania File Upload Manager
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...)
	NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...)
	- kdenetwork 4:3.5.5-4 (low; bug #405828)
	[sarge] - kdenetwork <no-dsa>  (Minor issue)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
	NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...)
	- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...)
	NOT-FOR-US: Ananda Real Estate
CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...)
	NOT-FOR-US: Enthrallweb eMates
CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs ...)
	NOT-FOR-US: Enthrallweb eJobs
CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business ...)
	NOT-FOR-US: Dragon Business Directory - Pro
CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 ...)
	NOT-FOR-US: Enthrallweb eCars
CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages ...)
	NOT-FOR-US: Enthrallweb ePages
CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, ...)
	NOT-FOR-US: SH-News
CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...)
	{DSA-1250-1}
	- cacti 0.8.6i-3 (bug #404818; high)
CVE-2006-6798
	RESERVED
CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...)
	NOT-FOR-US: MTCMS
CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...)
	NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows ...)
	NOT-FOR-US: chatwm
CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-6789 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Phpbbxtra
CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...)
	NOT-FOR-US: LuckyBot
CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in ...)
	NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...)
	NOT-FOR-US: Netbula Anyboard
CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ...)
	NOT-FOR-US: pnamazu
CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: HLstats
CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through ...)
	NOT-FOR-US: HLstats
CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows ...)
	NOT-FOR-US: vBulletin
CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...)
	NOT-FOR-US: TimberWolf
CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future ...)
	NOT-FOR-US: Future Internet
CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...)
	NOT-FOR-US: Future Internet
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...)
	NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the dump or ...)
	- w3m 0.5.1-5.1 (bug #404564; low)
	[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
	TODO: Check w3mee, is this forked version still needed?
CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...)
	NOT-FOR-US: SMC
CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow ...)
	NOT-FOR-US: Copernicus Europa
CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) ...)
	- tmsnc 0.2.5-1
CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 ...)
	NOT-FOR-US: Land Down Under
CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...)
	- interchange 4.9.8-1
CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before ...)
	NOT-FOR-US: Lotus Domino
CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...)
	NOT-FOR-US: Land Down Under (LDU)
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of ...)
	- oftpd <removed>
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
	NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...)
	NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...)
	NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a ...)
	NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote ...)
	NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain ...)
	NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...)
	NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows ...)
	NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 ...)
	NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP ...)
	NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi ...)
	NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...)
	NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in ...)
	NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...)
	NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
	NOTE: Access to DMA-capable hardware such as graphics cards can,
	NOTE: by design, bypass security restrictions.  Not a real issue.
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...)
	NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...)
	NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in ...)
	NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ...)
	NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and ...)
	NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...)
	NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in ...)
	NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...)
	NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
	- wget <unfixed> (unimportant)
	NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...)
	NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...)
	NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...)
	NOT-FOR-US: SugarCRM Open Source
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...)
	NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...)
	NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ...)
	NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control
CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail ...)
	NOT-FOR-US: @Mail
CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...)
	NOT-FOR-US: @Mail
CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail ...)
	NOT-FOR-US: @Mail
CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows ...)
	NOT-FOR-US: @Mail
CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...)
	- gconf2 <unfixed> (unimportant; bug #404743)
	NOTE: Minor nuisance, not much of a security problem
CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
	{DSA-1245-1}
	- proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium)
CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...)
	NOT-FOR-US: EternalMart Guestbook (EMGB)
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart ...)
	NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...)
	- openser 1.1.0-8 (medium; bug #404591)
CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
	- libflash 0.4.13-9 (low; bug #399508)
	[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...)
	NOT-FOR-US: E-Uploader
CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...)
	- typo3 4.0.2+debian-2 (high; bug #403906)
	NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...)
	NOT-FOR-US: Paristemi
CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...)
	- chetcpasswd <removed> (low)
CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...)
	{DSA-1251-1}
	- netrik 1.15.3-1.1 (medium; bug #404233)
CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...)
	NOT-FOR-US: Novell
CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...)
	NOT-FOR-US: Ozeki HTTP-SMS Gateway
CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinFtp Server
CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...)
	NOT-FOR-US: Download Portal
CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...)
	NOT-FOR-US: Download Portal
CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...)
	NOT-FOR-US: Nortel CallPilot
CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...)
	{DSA-1279-1}
	- webcalendar 1.0.5-2 (low; bug #404234)
CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...)
	NOT-FOR-US: DeepBurner
CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...)
	NOT-FOR-US: Aleph One
CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...)
	NOT-FOR-US: Aleph One
CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...)
	NOT-FOR-US: Linux User Management (novell-lum)
CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...)
	- kdelibs <not-affected> (at least it is fixed in 4:3.5.5a.dfsg.1-5)
	NOTE: is DoS only, anyway
CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...)
	- chetcpasswd <removed> (low)
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...)
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
	TODO: check gdk-pixbuf
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network ...)
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla <unfixed> (high)
	- firefox <removed> (high)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...)
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla <unfixed> (high)
	- firefox <removed> (high)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004
	RESERVED
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...)
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...)
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Inktomi
CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...)
	NOT-FOR-US: NetBSD
CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in ...)
	NOT-FOR-US: NetBSD
CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...)
	NOT-FOR-US: Intel
CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...)
	NOT-FOR-US: mxBB
CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...)
	NOT-FOR-US: HyperVM
CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...)
	NOT-FOR-US: RateMe
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...)
	NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...)
	NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
	NOT-FOR-US: Meeting module for mxBB
CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...)
	NOT-FOR-US: Fightersoft Multimedia Star FTP server
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...)
	NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...)
	NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...)
	NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...)
	NOT-FOR-US: IBM
CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: JumbaCMS
CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...)
	NOT-FOR-US: ExtCalThai for Mambo
CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...)
	NOT-FOR-US: YapBB
CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...)
	NOT-FOR-US: Genepi
CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...)
	NOT-FOR-US: osprey
CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...)
	NOT-FOR-US: osprey
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...)
	NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...)
	- openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105)
	NOTE: No code injection possible, just a crash
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...)
	NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
	- moodle 1.6-1
	NOTE: Does not affect moodle 1.6 according to SecurityFocus.
CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...)
	- moodle 1.6.3-2 (low)
	NOTE: "SC#341 fixed initilaization of navtail variable"
	NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log
CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...)
	NOT-FOR-US: Sambar
CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...)
	NOT-FOR-US: Sygate
CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the ...)
	NOT-FOR-US: Soft4Ever Look 'n' Stop
CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...)
	NOT-FOR-US: Filseclab Personal Firewall
CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...)
	NOT-FOR-US: AVG Anti-Virus plus Firewall
CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...)
	NOT-FOR-US: AntiHook 3.0.0.23 - Desktop
CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...)
	NOT-FOR-US: w00t Gallery
CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...)
	NOT-FOR-US: Activity Games module for mxBB
CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...)
	- fai 3.1.3 (low; bug #402644)
	[sarge] - fai <no-dsa> (Minor issue, only in rare configs and use cases)
CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...)
	NOT-FOR-US: phpAlbum
CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...)
	NOT-FOR-US: PhpMyCms
CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...)
	NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...)
	- nexuiz 2.2.1-1 (low)
	NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...)
	- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...)
	NOT-FOR-US: HP
CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...)
	NOT-FOR-US: IBM
CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...)
	NOT-FOR-US: jclarens
CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...)
	NOT-FOR-US: YMMAPI.YMailAttach
CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux ...)
	- torrentflux 2.1-6
CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in ...)
	NOT-FOR-US: AMAZONIA MOD for phpBB
CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...)
	NOT-FOR-US: Bloq
CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in ...)
	NOT-FOR-US: EXlor
CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR ...)
	NOT-FOR-US: AR Memberscript
CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...)
	NOT-FOR-US: Vortex Blog
CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...)
	- iceweasel 2.0.0.1+dfsg-1
	- firefox <removed>
	TODO: check iceape, sarge's firefox
CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...)
	NOT-FOR-US: italkplus (Italk+)
CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in ...)
	NOT-FOR-US: PHP_Debug
CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is ...)
	NOT-FOR-US: ProNews
CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and ...)
	NOT-FOR-US: Microsoft
CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the ...)
	NOT-FOR-US: Microsoft
CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 ...)
	NOT-FOR-US: Golden FTP Server
CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert ...)
	NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap)
CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for ...)
	- mantis 1.0.6+dfsg-3 (bug #402802)
CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...)
	- mantis 0.19.2-1
CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response]
	- gaim 1:2.0.0+beta5-9 (low)
	[sarge] - gaim <no-dsa> (minor issue)
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
	- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
	NOTE: While older terminals were vulnerable to some attacks involving terminal
	NOTE: sequences, the lack of shell escaping is not a vulnerability in dsniff
CVE-2006-XXXX [archivemail insecure temporary file issues]
	- archivemail 0.6.2-2
	[sarge] - archivemail <no-dsa> (minor issue)
CVE-2006-XXXX [pythonpaste web root esacpe]
	- paste 1.0.1-1
	NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php)]
	- moodle 1.6.3-2
CVE-2006-XXXX [znc file access security hole]
	- znc 0.045-3 (bug #403141; medium)
CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...)
	NOT-FOR-US: Citrix
CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...)
	NOT-FOR-US: Citrix
CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...)
	- proftpd-dfsg 1.3.0-17 (medium)
	[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6562
	RESERVED
CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word ...)
	NOT-FOR-US: Microsoft
CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
	NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB
CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request ...)
	NOT-FOR-US: Lotfian Request For Travel
CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Crob FTP Server
CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have ...)
	NOT-FOR-US: Skulls!
CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...)
	NOT-FOR-US: EyeOS
CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...)
	NOT-FOR-US: EasyFill
CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-6553 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NewsSuite 1.03 module for mxBB
CVE-2006-6552 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6551 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Tucows Client Code Suite (CCS)
CVE-2006-6550 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2006-6549 (** DISPUTED ** ...)
	NOT-FOR-US: Rad Upload
CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod ...)
	NOT-FOR-US: Winamp
CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in ...)
	NOT-FOR-US: cutenews
CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
	NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB
CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote ...)
	NOT-FOR-US: CM68 News
CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect ...)
	NOT-FOR-US: AppIntellect SpotLight CRM
CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ...)
	NOT-FOR-US: Fantastic News
CVE-2006-6541 (** DISPUTED ** ...)
	NOT-FOR-US: Animated Smiley Generator
CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before ...)
	NOT-FOR-US: Bluetrait
CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ...)
	NOT-FOR-US: Winamp Web Interface
CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...)
	NOT-FOR-US: D-LINK
CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, ...)
	NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...)
	NOT-FOR-US: Cilem Haber Free Edition
CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...)
	- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...)
	NOT-FOR-US: osCommerce
CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...)
	NOT-FOR-US: osCommerce
CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar ...)
	NOT-FOR-US: Gizzar
CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar ...)
	NOT-FOR-US: Gizzar
CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...)
	NOT-FOR-US: BoxTrapper in cPanel
CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...)
	NOT-FOR-US: WikiTimeScale TwoZero
CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...)
	NOT-FOR-US: ProNews
CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...)
	NOT-FOR-US: ProNews
CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
	- mantis <unfixed> (unimportant)
	NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163
	NOTE: Not a security bug, only a very annoying feature.
CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...)
	NOT-FOR-US: dadaIMC
CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
	NOTE: This is covered/duped by CVE-2006-6841
	- phpbb2 2.0.21-6
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...)
	NOTE: MFSA-2006-76
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner <not-affected> (maintainer reported)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6506 (The &quot;Feed Preview&quot; feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...)
	NOTE: MFSA-2006-75
	- iceweasel 2.0.0.1+dfsg-1 (low)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...)
	{DSA-1265-1}
	NOTE: MFSA-2006-74
	- mozilla-thunderbird <removed> (high)
	- icedove 1.5.0.9.dfsg1-1 (high)
	- iceape 1.0.7-1 (high)
	- mozilla <removed>
CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...)
	NOTE: MFSA-2006-73
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	NOTE: Flaw was introduced in Firefox 1.5.0.4
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-72
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (high)
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-71
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (unimportant)
	- icedove 1.5.0.9.dfsg1-1 (unimportant)
	NOTE: Not exploitable in standard Icedove configuration
CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-70
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...)
	NOTE: MFSA-2006-69
	- iceweasel <not-affected> (windows only)
	- xulrunner <not-affected> (Windows only)
	- iceape <not-affected> (windows only)
	- firefox <not-affected> (windows only)
	- mozilla <not-affected> (windows only)
	- mozilla-firefox <not-affected> (windows only)
	- mozilla-thunderbird <not-affected> (windows only)
	- icedove <not-affected> (windows only)
CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
	NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv
	NOTE: user? I don't think so
CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (medium)
	- xulrunner 1.8.0.9-1 (medium)
	- iceape 1.0.7-1 (medium)
	- firefox <removed> (medium)
	- mozilla <removed> (medium)
	- mozilla-firefox <removed> (medium)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
	NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Solaris
CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...)
	- openldap2.3 <not-affected> (kerberos support not enabled)
	- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
	REJECTED
CVE-2006-6491
	REJECTED
CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue ...)
	NOT-FOR-US: SupportSoft ActiveX
CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...)
	NOT-FOR-US: SISCO OSI stack
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...)
	NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...)
	NOT-FOR-US: DT Guestbook
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...)
	NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...)
	NOT-FOR-US: ShopSite
CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...)
	NOT-FOR-US: MailEnable
CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (low; bug #401874)
CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...)
	NOT-FOR-US: McAfee
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6465 (** DISPUTED ** ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) ...)
	NOT-FOR-US: Midicart
CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart ...)
	NOT-FOR-US: Midicart
CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in ...)
	NOT-FOR-US: CM68 News
CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote ...)
	NOT-FOR-US: Yourfreeworld Stylish Text Ads Script
CVE-2006-6460 (Yourfreeworld.com Short Url &amp; Url Tracker Script allows remote ...)
	NOT-FOR-US: Yourfreeworld.com Short Url Script
CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB ...)
	NOT-FOR-US: Toplist for phpBB
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...)
	NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...)
	- tikiwiki <unfixed> (bug #404472)
	NOTE: Might be a mis-report, check with upstream
CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...)
	NOT-FOR-US: DUware
CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...)
	NOT-FOR-US: RunCMS
CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...)
	NOT-FOR-US: Plesk
CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...)
	NOT-FOR-US: Novell ZENworks Patch Management
CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...)
	NOT-FOR-US: Vt-Forum
CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...)
	NOT-FOR-US: iWare Professional
CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
	NOT-FOR-US: Envolution
CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...)
	NOT-FOR-US: Nostra DivX Player
CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...)
	NOT-FOR-US: Novell Distributed Print Services
CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...)
	NOT-FOR-US: America Online
CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...)
	NOT-FOR-US: ThinkEdit
CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
	NOT-FOR-US: AgileBill AgileVoice
CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
	- phpbb2 2.0.21-6 (medium)
	[sarge] - phpbb2 <not-affected>
CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
	- b2evolution <not-affected> (vulnerable code added later)
CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...)
	NOT-FOR-US: PhpLeague
CVE-2006-6415 (** DISPUTED ** ...)
	NOT-FOR-US: phpAdsNew
CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...)
	NOT-FOR-US: dol storye
CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...)
	NOT-FOR-US: Amateras sns
CVE-2006-6412
	RESERVED
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...)
	NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...)
	NOT-FOR-US: VMWare
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
	NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...)
	NOT-FOR-US: Kaspersky
CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...)
	NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (medium; bug #401873)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
	NOT-FOR-US: BitDefender
CVE-2006-6404
	RESERVED
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...)
	NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)
	NOT-FOR-US: MyStats
CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...)
	NOT-FOR-US: MyStats
CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
	NOT-FOR-US: JustSystems
CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6397 (** DISPUTED ** ...)
	NOTE: not a vuln
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...)
	NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...)
	NOT-FOR-US: Ulrik Petersen Emdros Database Engine
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...)
	NOT-FOR-US: plxWebDev
CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
	NOT-FOR-US: ac4p Mobile
CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
	NOT-FOR-US: CVS management/tracker (drupal plugin)
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
	NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
	NOT-FOR-US: BrightStor Backup Discovery Service
CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...)
	NOT-FOR-US: BTSaveMySql
CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...)
	NOT-FOR-US: Uploadscript
CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...)
	NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
	- phpmyadmin <not-affected> (low; bug #404744)
	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
	- phpmyadmin <unfixed> (unimportant)
	NOTE: path is known in Debian anyway
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...)
	NOT-FOR-US: Invision Community Blog Mod
CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
	NOT-FOR-US: APC PowerChute
CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...)
	NOT-FOR-US: Affects only Windows despite other claims
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
	NOT-FOR-US: awrate
CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...)
	NOT-FOR-US: Duware
CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...)
	NOT-FOR-US: Duware
CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...)
	NOT-FOR-US: Inside Systems Mail (ISMail)
CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...)
	NOT-FOR-US: BlueSocket Secure Controller
CVE-2006-6362
	REJECTED
CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...)
	NOT-FOR-US: Bitflux Upload Progress Mete
CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...)
	NOT-FOR-US: PHPNews
CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHPNews
CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...)
	NOT-FOR-US: DuWare
CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...)
	NOT-FOR-US: DuWare
CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...)
	NOT-FOR-US: KhaledMuratList
CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...)
	NOT-FOR-US: listpics 5
CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...)
	NOT-FOR-US: mowdBB
CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...)
	NOT-FOR-US: TFT-Gallery
CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...)
	NOT-FOR-US: SAP
CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...)
	NOT-FOR-US: KLF-DESIGN
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
	NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
	NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and ...)
	NOT-FOR-US: Aspee Ziyaretci Defteri
CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...)
	NOT-FOR-US: Eudora WorldMail
CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
	NOT-FOR-US: Citrix Presentation Server Client
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
	- linux-2.6 <unfixed>
	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg[&quot;enable_file_priority&quot;] is ...)
	- torrentflux 2.1-7 (bug #400582; medium)
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
	- torrentflux 2.1-6 (bug #399169; medium)
CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...)
	- torrentflux 2.1-6 (bug #399169)
CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...)
	- torrentflux 2.1-5 (bug #395930; medium)
	NOTE: duplicate of CVE-2006-5609
CVE-2006-6327
	RESERVED
CVE-2006-6326
	RESERVED
CVE-2006-6325
	RESERVED
CVE-2006-6324
	RESERVED
CVE-2006-6323
	RESERVED
CVE-2006-6322
	RESERVED
CVE-2006-6321
	RESERVED
CVE-2006-6320
	RESERVED
CVE-2006-6319
	RESERVED
CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1
CVE-2006-6317
	RESERVED
CVE-2006-6316
	RESERVED
CVE-2006-6315
	RESERVED
CVE-2006-6314
	RESERVED
CVE-2006-6313
	RESERVED
CVE-2006-6312
	RESERVED
CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
	NOT-FOR-US: Tivoli
CVE-2006-6308 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
	- net-snmp <not-affected> (Only affects version 5.3.0)
CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...)
	- linux-2.6 <not-affected> (Only affects plain 2.6.19)
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
	- ruby1.8 1.8.5-4 (low)
CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
	NOT-FOR-US: Metyus Okul Yonetim Sistemi
CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...)
	- kdegraphics <unfixed> (unimportant)
	NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
	NOT-FOR-US: Microsoft
CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
	NOT-FOR-US: MxBB Portal
CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, ...)
	NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
	NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier ...)
	NOT-FOR-US: Niek Albers CoolPlayer
CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
	NOT-FOR-US: AtomixMP3
CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...)
	NOT-FOR-US: Palm Desktop
CVE-2006-6285 (** DISPUTED ** ...)
	NOT-FOR-US: Kai Blankenhorn Bitfolge
CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...)
	NOT-FOR-US: dicshunary
CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...)
	NOT-FOR-US: Oxygen (O2PHP Bulletin Board)
CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...)
	NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...)
	NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
	NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, ...)
	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...)
	- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 ...)
	NOT-FOR-US: PHPOLL
CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
	NOT-FOR-US: ASPMForum
CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...)
	NOT-FOR-US: Infinitytechs Restaurants CM
CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...)
	NOT-FOR-US: PostNuke
CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...)
	NOTE: It seems that no significant packet amplification takes place.
	NOTE: Probably harmless.
CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...)
	NOT-FOR-US: PHPJunkYard MBoard
CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...)
	NOT-FOR-US: Quintessential Player
CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema ...)
	NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP)
CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...)
	NOT-FOR-US: AlternC
CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the ...)
	NOT-FOR-US: AlternC
CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are ...)
	NOT-FOR-US: AlternC
CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in ...)
	NOT-FOR-US: AlternC
CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI ...)
	NOT-FOR-US: NukeAI
CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual ...)
	NOT-FOR-US: Microsoft Windows Live Messenger
CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...)
	NOT-FOR-US: VUPlayer
CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier ...)
	NOT-FOR-US: Songbird Media Player
CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...)
	NOT-FOR-US: Chama Cargo
CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: GPhotos
CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...)
	NOT-FOR-US: UPhotoGallery
CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) ...)
	NOT-FOR-US: Coalescent Systems freePBX
CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...)
	NOT-FOR-US: FipsSHOP
CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...)
	- serendipity 1.0.4-1 (unimportant; bug #401614)
	NOTE: Only exploitable with register_globals
CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise ...)
	NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...)
	NOT-FOR-US: Apple Safari
CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
	NOT-FOR-US: Acrobat Reader
CVE-2006-6235 (A &quot;stack overwrite&quot; vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
	{DSA-1231-1}
	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
	- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown ...)
	NOT-FOR-US: PostNuke
CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in ...)
	NOT-FOR-US: DreamAccount
CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: VuBB
CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote ...)
	NOT-FOR-US: VuBB
CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 ...)
	NOT-FOR-US: GeekLog
CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...)
	NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
	NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
	NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
	NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...)
	NOT-FOR-US: Mermaid module for PHP-NUKE
CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec ...)
	NOT-FOR-US: Nivisec Hacks List
CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...)
	NOT-FOR-US: PEGames
CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...)
	NOT-FOR-US: Site News
CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...)
	NOT-FOR-US: BirdBlog
CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart ...)
	NOT-FOR-US: MidiCart ASP Shopping Cart
CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...)
	NOT-FOR-US: Enthreallweb eClassifieds
CVE-2006-6207 (** DISPUTED ** ...)
	NOT-FOR-US: Evolve Merchant
CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...)
	NOT-FOR-US: WarHound General Shopping Cart
CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...)
	NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker
CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...)
	NOT-FOR-US: Borland idsql32.dll
CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...)
	NOT-FOR-US: BlazeVideo BlazeDVD
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
	NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
	- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
	NOT-FOR-US: Ultimate Survey Pro
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...)
	NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...)
	NOT-FOR-US: Anna^ IRC Bot
CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...)
	NOT-FOR-US: ClickTech Click Blog
CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...)
	NOT-FOR-US: enomphp
CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...)
	NOT-FOR-US: Allied Telesyn TFTP Server
CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...)
	NOT-FOR-US: 3Com 3CTftpSvc
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...)
	NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...)
	NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
	NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
	NOT-FOR-US: Muhammad A. Muquit wwwcoun
CVE-2006-XXXX [libxslt segfault / DoS]
	- libxslt 1.1.19-1 (low)
	[sarge] - libxslt <not-affected> (vulnerability added later)
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
	NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
	- kronolith2 2.1.4-1 (bug #400899; bug #401061)
	- kronolith <not-affected> (Vulnerable code not present)
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
	- tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP ...)
	{DSA-1244-1}
	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
	- mplayer 1.0~rc1-11 (medium)
CVE-2006-6171 (** DISPUTED ** ...)
	{DSA-1218}
	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...)
	NOT-FOR-US: Norton
CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...)
	NOT-FOR-US: ZoneAlarm
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167 (** DISPUTED ** ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...)
	NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165 (** DISPUTED ** ...)
	NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...)
	NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and ...)
	NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie ...)
	NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow ...)
	NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...)
	NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...)
	NOT-FOR-US: CRYPTOCard
CVE-2006-6144 (The &quot;mechglue&quot; abstraction interface of the GSS-API library for ...)
	- krb5 <not-affected> (Only 1.5 onwards are vulnerable)
CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...)
	- krb5 1.4.4-6 (high)
	[sarge] - krb5 <not-affected>
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-1241-1}
	- squirrelmail 2:1.4.9a-1
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...)
	NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...)
	NOT-FOR-US: Windows Media
CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports XI ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow ...)
	NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) ...)
	NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...)
	{DSA-1231-1}
	- gnupg 1.4.5-3 (medium; bug #401765)
	- gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [smb4k security issue]
	- smb4k 0.7.5-1
	[sarge] - smb4k <not-affected> (Vulnerable code not present)
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...)
	- linux-2.6 <unfixed> (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) ...)
	NOT-FOR-US: NetGear
CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server ...)
	NOT-FOR-US: SeleniumServer Web Server
CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact ...)
	- tin 1:1.8.2-1
CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...)
	NOT-FOR-US: Acer
CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft ...)
	- koffice 1:1.6.1-1 (bug #401230; medium)
CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: mmgallery
CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery ...)
	NOT-FOR-US: mmgallery
CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and ...)
	NOT-FOR-US: fipsGallery
CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and ...)
	NOT-FOR-US: fipsForum
CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier ...)
	NOT-FOR-US: fipsCMS
CVE-2006-6114
	REJECTED
	NOT-FOR-US: Novell
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Monkey Boards
CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...)
	NOT-FOR-US: LifeType
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...)
	NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...)
	NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...)
	NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
	NOT-FOR-US: EC-CUBE
CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...)
	- dbus 1.0.2-1 (low)
	[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...)
	- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
	- gdm 2.16.4-1 (medium; bug #403219)
	[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...)
	- mono 1.2.2.1-1 (low)
CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6100
	REJECTED
CVE-2006-6099
	REJECTED
CVE-2006-6098
	REJECTED
CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows ...)
	{DSA-1223-1}
	- tar 1.16-2 (high; bug #399845)
CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...)
	NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...)
	NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote ...)
	NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
	NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 ...)
	NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...)
	- kile 1:1.9.3-1 (low)
	[sarge] - kile <no-dsa> (Minor issue)
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php ...)
	TODO: check smarty, moodle, gallery2
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews ...)
	NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 ...)
	NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...)
	NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...)
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla <unfixed> (high)
	- xulrunner 1.8.0.10-1 (medium)
	NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...)
	NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
	NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ...)
	- twiki 1:4.0.5-2 (bug #401303; low)
CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
	NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: mAlbum
CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in ...)
	NOT-FOR-US: mAlbum
CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real ...)
	NOT-FOR-US: DataShed
CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events ...)
	NOT-FOR-US: Dragon Calendar
CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
	NOT-FOR-US: CalSnails Module for MxBB Portal
CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...)
	NOT-FOR-US: Fuzzball MUCK
CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier ...)
	NOT-FOR-US: XMPlay
CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...)
	NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
	- linux-2.6 <unfixed> (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...)
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...)
	NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...)
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...)
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...)
	NOT-FOR-US: NetEpi Case Manager
CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...)
	NOT-FOR-US: MosReporter (com_reporter) component for Joomla!
CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em ...)
	NOT-FOR-US: Rank'em
CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 ...)
	NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo
CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite ...)
	NOT-FOR-US: Etomite CMSEtomite CMS
CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 ...)
	NOT-FOR-US: eggblog
CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...)
	NOT-FOR-US: omdev One Admin
CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in ...)
	NOT-FOR-US: PHPQuickGallery
CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver ...)
	NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in ...)
	NOT-FOR-US: phpWebThings
CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: vBulletin
CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP ...)
	NOT-FOR-US: MatchMaker
CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum ...)
	NOT-FOR-US: Powie's PHP Forum
CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote ...)
	NOT-FOR-US: OpenHuman
CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...)
	NOT-FOR-US: SitesOutlet E-commerce Kit-1
CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet ...)
	NOT-FOR-US: ASPCart
CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow ...)
	NOT-FOR-US: E-Calendar ProE-Calendar Pro
CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 ...)
	NOT-FOR-US: Property Pro
CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...)
	NOT-FOR-US: DoSePa
CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...)
	NOT-FOR-US: Eudora Worldmail
CVE-2006-6023 (** DISPUTED ** ...)
	NOT-FOR-US: Bloo
CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog ...)
	NOT-FOR-US: Blog Torrent Preview
CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Bloo
CVE-2006-6018 (** DISPUTED ** ...)
	NOT-FOR-US: My-BIC
CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a ...)
	- wordpress 2.0.5-0.1
CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...)
	- wordpress 2.0.5-0.1
CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple ...)
	- kdebase <unfixed> (unimportant; bug #400121)
	NOTE: Browser crashes are not treated as security problems
CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...)
	NOT-FOR-US: NetBSD
CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...)
	- kfreebsd-5 5.4-21
	[etch] - kfreebsd-5 <no-dsa> (no security support)
CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
	NOT-FOR-US: Car Site Manager
CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: SAP
CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...)
	{DSA-1217}
	- linux-ftpd 0.17-23
CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2006-6006
	RESERVED
CVE-2006-6005
	RESERVED
CVE-2006-6004
	RESERVED
CVE-2006-6003
	RESERVED
CVE-2006-6002
	RESERVED
CVE-2006-6001
	RESERVED
CVE-2006-6000
	RESERVED
CVE-2006-5999
	RESERVED
CVE-2006-5998
	RESERVED
CVE-2006-5997
	RESERVED
CVE-2006-5996
	RESERVED
CVE-2006-5995
	RESERVED
CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-5993
	RESERVED
CVE-2006-5992
	RESERVED
CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...)
	NOT-FOR-US: CactuShop
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
	NOT-FOR-US: VMWare
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...)
	{DSA-1247-1}
	- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...)
	NOT-FOR-US: Windows
CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly ...)
	NOT-FOR-US: ASPintranet
CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown ...)
	NOT-FOR-US: E-Xoopport
CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe ...)
	NOT-FOR-US: BlogMe
CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
	NOT-FOR-US: BlogMe
CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...)
	- fetchmail 6.3.6-1 (low)
	[sarge] - fetchmail <not-affected> (Vulnerable code not present)
CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
	- dovecot 1.0.rc15-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...)
	NOT-FOR-US: SAP
CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
	- firefox-sage <not-affected> (medium; bug #399170)
	NOTE: Debian's version has HTML disabled
CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
	NOT-FOR-US: NetGear
CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...)
	- fvwm 1:2.5.18-2 (low; bug #400303)
	[sarge] - fvwm <no-dsa> (Minor issue)
CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...)
	NOT-FOR-US: MDaemon
CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
	NOT-FOR-US: PassGo SSO Plus
CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...)
	NOT-FOR-US: PentaZip
CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...)
	NOT-FOR-US: PentaZip
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...)
	NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
	NOT-FOR-US: Mercury Mail Transport
CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...)
	NOT-FOR-US: INFINICART
CVE-2006-5957 (** DISPUTED ** ...)
	NOT-FOR-US: INFINICART
CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...)
	NOT-FOR-US: PHPRunner
CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka ...)
	NOT-FOR-US: DataShed
CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier ...)
	NOT-FOR-US: NetVIOS
CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart ...)
	NOT-FOR-US: Evolve shopping cart
CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 ...)
	NOT-FOR-US: ASP Smiley
CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...)
	NOT-FOR-US: Exophpdesk
CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...)
	NOT-FOR-US: phpPeanuts
CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...)
	NOT-FOR-US: Conxint FTP Server
CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...)
	NOT-FOR-US: FunkyASP Glossary
CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5941
	REJECTED
	NOT-FOR-US: Solaris, see #400557
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce ...)
	NOT-FOR-US: SiteXpress E-Commerce
CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and ...)
	NOT-FOR-US: ShopSystems
CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent ...)
	NOT-FOR-US: Estate Agent Manager
CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows ...)
	NOT-FOR-US: UltraSite
CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single ...)
	NOT-FOR-US: Kahua
CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
	NOT-FOR-US: Aigaion
CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
	NOT-FOR-US: Aigaion
CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
	NOT-FOR-US: ASP Scripter Easy Portal
CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...)
	NOT-FOR-US: Vallheru
CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...)
	{DSA-1240-1 DSA-1228-1 DSA-1226-1}
	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
	- elinks 0.11.1-1.2 (medium; bug #399187)
	- links2 2.1pre25-2 (medium; bug #400718)
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...)
	NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...)
	NOT-FOR-US: gtcatalog
CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5920 (** DISPUTED ** ...)
	NOT-FOR-US: Exporia
CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: KnowledgeBuilder
CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...)
	NOT-FOR-US: RapidKill
CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...)
	NOT-FOR-US: Intego VirusBarrier
CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...)
	NOT-FOR-US: LandShop
CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...)
	NOT-FOR-US: LandShop
CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...)
	NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...)
	NOT-FOR-US: Yet Another News System
CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5906 (** DISPUTED ** ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...)
	NOT-FOR-US: Web Directory Pro
CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...)
	NOT-FOR-US: MWChat Pro
CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...)
	NOT-FOR-US: GSpace
CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...)
	NOT-FOR-US: viksoe GMail Drive
CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...)
	NOT-FOR-US: Hawking Technology wireless router WR254-CA
CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Zend Framework Preview
CVE-2006-5899 (** DISPUTED ** ...)
	NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...)
	NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: Web Mech Designer
CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...)
	NOT-FOR-US: EncapsCMS
CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...)
	NOT-FOR-US: Rama CMS
CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...)
	NOT-FOR-US: iWonder Designs Storystream
CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...)
	NOT-FOR-US: The Net Guys ASPired2Poll
CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...)
	NOT-FOR-US: BrewBlogger
CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic ...)
	NOT-FOR-US: Dynamic Dataworx NuSchool
CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic ...)
	NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems)
CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows ...)
	NOT-FOR-US: NuStore
CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...)
	- fvwm 2.5.10-1
CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX ...)
	NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer
CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel 10
CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...)
	NOT-FOR-US: Broadcom BCMWL5.SYS
CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx ...)
	NOT-FOR-US: Dynamic Dataworx NuCommunity
CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...)
	NOT-FOR-US: Munch Pro
CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta ...)
	NOT-FOR-US: ASPPortal
CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...)
	{DSA-1209}
	- trac 0.10.1-1 (bug #397683)
CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, ...)
	- enigmail 2:0.94.2-1 (bug #406604)
CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP ...)
	{DSA-1248-1}
	- libsoup 2.2.98-2 (bug #405197; medium)
CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...)
	{DSA-1236-1}
	- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...)
	{DSA-1232-1}
	- clamav 0.86-1
CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...)
	{DSA-1230-1}
	- l2tpns 2.1.21-1 (medium; bug #401742)
	NOTE: http://secunia.com/advisories/23230/
CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...)
	{DSA-1239-1}
	- sql-ledger 2.6.21-1
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...)
	{DSA-1246-1}
	- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...)
	{DSA-1220}
	- pstotext 1.9-4 (bug #356988; medium)
CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.11
CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...)
	{DSA-1259-1}
	- fetchmail 6.3.6-1 (low)
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
	NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...)
	NOT-FOR-US: Script Dowload
CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for ...)
	NOT-FOR-US: LetterIt
CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...)
	NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
	NOT-FOR-US: Citrix
CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...)
	NOT-FOR-US: Adobe JRun
CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
	NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
	NOT-FOR-US: Adobe
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...)
	NOT-FOR-US: Tivoli
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...)
	NOT-FOR-US: Novell Netware
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...)
	NOT-FOR-US: Immediacy CMS
CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows ...)
	NOT-FOR-US: Essentia Web Server
CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...)
	NOT-FOR-US: IrayoBlog
CVE-2006-5848
	REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running ...)
	NOT-FOR-US: Unicore
CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...)
	NOT-FOR-US: DodosMail
CVE-2006-5840 (** DISPUTED ** ...)
	NOT-FOR-US: Abarcar Realty Portal
CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...)
	NOT-FOR-US: PHPAdventure
CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in ...)
	NOT-FOR-US: NewP News Publication System
CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the ...)
	NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS
CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the ...)
	NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X
CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes ...)
	NOT-FOR-US: IBM Lotus Notes Domino
CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require ...)
	NOT-FOR-US: GreenBeast CMS
CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpComasy CMS
CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...)
	- kfreebsd-5 <unfixed>
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
	NOT-FOR-US: Citrix
CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...)
	NOT-FOR-US: SuperBuddy ActiveX control
CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
	{DSA-1243-1 DSA-1214}
	- gv 1:3.6.2-3 (medium; bug #398292)
	- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...)
	NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
	NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...)
	NOT-FOR-US: Kerio
CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...)
	NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...)
	NOT-FOR-US: Cicso
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...)
	NOT-FOR-US: Cicso
CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when ...)
	NOT-FOR-US: Cisco
CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-5803 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers ...)
	NOT-FOR-US: The Web Drivers Simple Forum
CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not ...)
	NOT-FOR-US: owfs
CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro ...)
	NOT-FOR-US: Soholaunch Pro
CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...)
	- openssh 1:4.3p2-6 (unimportant)
	NOTE: Not a direct vulnerability
CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...)
	- libpng 1.2.13-0 (low; bug #398706)
	[sarge] - libpng <no-dsa> (Minor issue)
CVE-2006-XXXX [obexpushd arbitrary command execution]
	- obexpushd 0.4+svn10-1 (bug #397297; medium)
CVE-2006-XXXX [motion insecure tempfile creation]
	- motion 3.2.3-2 (bug #393846; low)
	[sarge] - motion <no-dsa> (Minor issue)
CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote ...)
	NOT-FOR-US: XLink Omni-NFS Enterprise
CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated ...)
	NOT-FOR-US: WarFTPd
CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and ...)
	NOT-FOR-US: e107
CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5783 (** DISPUTED ** ...)
	NOTE: irreproducible firefox issue
CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...)
	NOT-FOR-US: HP OpenView
CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...)
	NOT-FOR-US: iodine
CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...)
	NOT-FOR-US: XLink Omni-NFS
CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of ...)
	- openldap2.2 <unfixed> (bug #397673)
	- openldap2.3 2.3.29-1
CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...)
	NOT-FOR-US: Creasito E-Commerce Content Manager
CVE-2006-5776 (** DISPUTED ** ...)
	NOT-FOR-US: Ariadne
CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard ...)
	NOT-FOR-US: FunkBoard
CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...)
	NOT-FOR-US: Hyper NIKKI System
CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...)
	NOT-FOR-US: Arkoon SSL360
CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
	NOT-FOR-US: Mobile
CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...)
	NOT-FOR-US: admin.tool CMS
CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 ...)
	NOT-FOR-US: Cyberfolio
CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article ...)
	NOT-FOR-US: Article System
CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ...)
	NOT-FOR-US: Article Script
CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite ...)
	NOT-FOR-US: phpDynaSite
CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
	REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...)
	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
	- linux-2.6 <unfixed>
CVE-2006-5752
	RESERVED
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
	{DSA-1233}
	- linux-2.6 2.6.18-8 (medium)
CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...)
	NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...)
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
	NOTE: MFSA-2006-65
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (medium)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	- xulrunner 1.5.0.8-1 (high)
	- mozilla-firefox <removed>
	- mozilla-thunderbird <removed>
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-thunderbird <not-affected> (Vulnerable code not present)
CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not ...)
	NOT-FOR-US: AirMagnet
CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...)
	NOT-FOR-US: Microsoft
CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in ...)
	NOT-FOR-US: communityPortals
CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow ...)
	NOT-FOR-US: PunBB
CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from ...)
	NOT-FOR-US: PunBB
CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...)
	NOT-FOR-US: PunBB
CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 ...)
	NOT-FOR-US: ATutor
CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and ...)
	NOT-FOR-US: PostNuke
CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and ...)
	NOT-FOR-US: T.G.S. CMS
CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...)
	NOT-FOR-US: Lithium CMS
CVE-2006-5730 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Modx CMS
CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum ...)
	NOT-FOR-US: Yazd Discussion Forum
CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...)
	NOT-FOR-US: sazcart
CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5724 (Heap-based buffer overflow the &quot;Answering Service&quot; function in ICQ ...)
	NOT-FOR-US: ICQ
CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...)
	NOT-FOR-US: DataparkSearch Engine
CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...)
	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...)
	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...)
	NOT-FOR-US: FreeNews
CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS ...)
	NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book
CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows ...)
	NOT-FOR-US: Mirapoint WebMail
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...)
	NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...)
	NOT-FOR-US: PHPEasyData
CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
	- php5 5.2.0-1 (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...)
	- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)
	NOT-FOR-US: HP
CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...)
	- tikiwiki 1.9.6+dfsg-1 (low)
CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...)
	- tikiwiki 1.9.6+dfsg-1 (medium)
CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel ...)
	- linux-2.6 <unfixed> (unimportant)
	- squashfs 1:3.1r2-6.1
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-5700
	RESERVED
CVE-2006-5699
	RESERVED
CVE-2006-5698
	RESERVED
CVE-2006-5697
	RESERVED
CVE-2006-5696
	RESERVED
CVE-2006-5695
	RESERVED
CVE-2006-5694
	RESERVED
CVE-2006-5693
	RESERVED
CVE-2006-5692
	RESERVED
CVE-2006-5691
	RESERVED
CVE-2006-5690
	RESERVED
CVE-2006-5689
	RESERVED
CVE-2006-5688
	RESERVED
CVE-2006-5687
	RESERVED
CVE-2006-5686
	RESERVED
CVE-2006-5685
	RESERVED
CVE-2006-5684
	RESERVED
CVE-2006-5683
	RESERVED
CVE-2006-5682
	RESERVED
CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...)
	NOT-FOR-US: QuickTime on Mac OS X
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
	- libarchive 1.3.1-1 (unimportant)
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
	- kfreebsd-5 <unfixed> (medium)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5678 (** DISPUTED ** ...)
	NOT-FOR-US: Les Visiteurs
CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...)
	NOT-FOR-US: TORQUE Resource Manager
CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert ...)
	NOT-FOR-US: PhpLeague
CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...)
	NOT-FOR-US: Pentaho Business Intelligence (BI) Suite
CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...)
	NOT-FOR-US: miniBB
CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB ...)
	NOT-FOR-US: miniBB
CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in ...)
	NOT-FOR-US: MySource CMS
CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in ...)
	NOT-FOR-US: Gepi
CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when ...)
	NOT-FOR-US: Ampache
CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...)
	NOT-FOR-US: P-Book
CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 ...)
	NOT-FOR-US: E-Annu
CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in ...)
	NOT-FOR-US: phpBB module Spider Friendly
CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows ...)
	NOT-FOR-US: easy notesManager (eNM)
CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech ...)
	NOT-FOR-US: Netquery
CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 ...)
	NOT-FOR-US: Cisco
CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, ...)
	NOT-FOR-US: PAM_extern
CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ...)
	NOT-FOR-US: BlooMooWeb ActiveX control
CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows ...)
	NOT-FOR-US: OpenDocMan
CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...)
	NOT-FOR-US: Sun Java System Messenger Express
CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging ...)
	NOT-FOR-US: Sun
CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
	NOT-FOR-US: ICQPhone.SipxPhoneManager
CVE-2006-5649 (Unspecified vulnerability in the &quot;alignment check exception handling&quot; ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
	NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...)
	NOT-FOR-US: Sophos
CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
	NOT-FOR-US: Sophos
CVE-2006-5644
	RESERVED
CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...)
	NOT-FOR-US: foresite CMS
CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown ...)
	NOT-FOR-US: NmnLogger
CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ...)
	NOT-FOR-US: OpenWBEM
CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq ...)
	NOT-FOR-US: Faq Administrator
CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple ...)
	NOT-FOR-US: Simple Website Software
CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
	NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- icedove <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- mozilla-thunderbird <removed> (unimportant)
CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management ...)
	NOT-FOR-US: UNISOR Content Management System (CMS)
CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...)
	NOT-FOR-US: QnECMS
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...)
	NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page ...)
	NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic ...)
	NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...)
	NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
	NOT-FOR-US: MiniBILL
CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in ...)
	{DSA-1233}
	- linux-2.6 2.6.18-4 (low)
CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...)
	NOT-FOR-US: Netref
CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...)
	NOT-FOR-US: Thepeak File Upload Manager
CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...)
	NOT-FOR-US: OpenPBS
CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...)
	NOT-FOR-US: Textpattern
CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming ...)
	NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...)
	NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ...)
	NOT-FOR-US: Toshiba
CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php ...)
	NOT-FOR-US: Teake Nutma Foing
CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...)
	- torrentflux 2.1-5 (bug #395930; medium)
CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before ...)
	NOT-FOR-US: Extended Tracker (xtracker) for Drupal
CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 ...)
	NOT-FOR-US: INCA IM-204
CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCards
CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards ...)
	NOT-FOR-US: phpCards
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores ...)
	NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...)
	NOT-FOR-US: GOOP Gallery
CVE-2006-5597 (join.asp in MiniHTTP Web Forum &amp; File Server PowerPack 4.0 allows ...)
	NOT-FOR-US: MiniHTTP Web Forum
CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258)
CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British ...)
	NOT-FOR-US: iPeer
CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow ...)
	NOT-FOR-US: Desknet's (niokeru)
CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: PacPoll
CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll ...)
	NOT-FOR-US: PacPoll
CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach ...)
	NOT-FOR-US: ArticleBeach Script
CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and ...)
	NOT-FOR-US: LedgerSMB (LSMB)
CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...)
	NOT-FOR-US: MDweb
CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...)
	NOT-FOR-US: Microsoft GDI
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2006-5582
	RESERVED
CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-5580
	RESERVED
CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2006-5576
	RESERVED
CVE-2006-5575
	RESERVED
CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...)
	NOT-FOR-US: Microsoft
CVE-2006-5573
	RESERVED
CVE-2006-5572
	RESERVED
CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before ...)
	NOT-FOR-US: WinAmp
CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script ...)
	NOT-FOR-US: Shop-Script
CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in ...)
	NOT-FOR-US: SourceForge (gforge is not affected)
CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...)
	NOT-FOR-US: Discuz! GBK
CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...)
	NOT-FOR-US: ProgSys
CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...)
	NOT-FOR-US: ADODB.Connection 2.7 ActiveX control
CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...)
	NOT-FOR-US: HP-UX
CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify ...)
	NOT-FOR-US: HP-UX
CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other ...)
	NOT-FOR-US: swask
CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in ...)
	NOT-FOR-US: EPNadmin
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...)
	NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
	NOT-FOR-US: Cisco
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
	NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
	NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5549 (** DISPUTED ** ...)
	NOT-FOR-US: Adobe PHP SDK
CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x ...)
	NOT-FOR-US: Symantec
CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...)
	NOT-FOR-US: PHP Generator of Object SQL Database
CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...)
	- postgresql-7.4 1:7.4.14-1 (unimportant)
	- postgresql-8.1 8.1.5-1 (unimportant)
	[sarge] - postgresql <unfixed> (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...)
	NOT-FOR-US: UeberProject Management System
CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...)
	NOT-FOR-US: D-Link
CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm ...)
	NOT-FOR-US: D-Link
CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...)
	NOT-FOR-US: D-Link
CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...)
	NOT-FOR-US: WebHostManager cPanel
CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in ...)
	NOT-FOR-US: Zwahlen Online Shop Freeware
CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...)
	NOT-FOR-US: RMSOFT Gallery System
CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended ...)
	NOT-FOR-US: Ascended Guestbook
CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in ...)
	NOT-FOR-US: InteliEditor
CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
	NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket ...)
	NOT-FOR-US: EZ-Ticket
CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
	NOT-FOR-US: Kawf
CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...)
	NOT-FOR-US: Net_DNS
CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
	TODO: check egroupware
CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...)
	NOT-FOR-US: RSSonate
CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...)
	NOT-FOR-US: Open Meetings Filing Application
CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WikiNi
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...)
	NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...)
	NOT-FOR-US: Web Group Communication
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...)
	NOT-FOR-US: GeoNetwork opensource
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities]
	- mysql-dfsg-5.0 5.0.26-1 (low)
CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...)
	NOT-FOR-US: Zwahlen Online Shop
CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...)
	NOT-FOR-US: Pexplorer
CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...)
	NOT-FOR-US: Burning Book
CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...)
	NOT-FOR-US: Burning Book
CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...)
	NOT-FOR-US: Der Dirigent
CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...)
	NOT-FOR-US: WiClear
CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...)
	NOT-FOR-US: 2BGal
CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...)
	- serendipity 1.0.2-1
CVE-2006-5498 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5497 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...)
	NOT-FOR-US: Timothy Claason KnowledgeBank
CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...)
	NOT-FOR-US: Trawler Web CMS
CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: pandaBB for PHP-Nuke
CVE-2006-5493 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DigitalHive
CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...)
	NOT-FOR-US: Maarch
CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...)
	NOT-FOR-US: UltraCMS
CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...)
	NOT-FOR-US: RIM BlackBerry Enterprise Server
CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, ...)
	NOT-FOR-US: Marshal MailMarshal SMTP
CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...)
	NOT-FOR-US: SpeedBerg
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
	NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...)
	NOT-FOR-US: Castor
CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...)
	NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5474 (The &quot;forgot password&quot; function in OneOrZero Helpdesk before 1.6.5.4 ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2006-5473 (** DISPUTED ** ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5470
	REJECTED
CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
	{DSA-1235-1 DSA-1234-1}
	- ruby1.8 1.8.5-3 (medium; bug #398457)
	- ruby1.9 <unfixed> (medium)
	NOTE: ruby1.9 not to be released with etch
CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...)
	- rpm 4.4.1-11 (low; bug #397076)
	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
	NOTE: Only hypothetical, far-fetched attacks feasible
CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
	{DSA-1206-1}
	- php4 4:4.4.4-4 (high; bug #396764)
	- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox <removed> (low)
	- iceweasel 2.0+dfsg-1 (low)
	- icedove 1.5.0.8-1 (low)
	- mozilla <unfixed> (low)
	- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-67
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-66
	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
	NOTE: the fixes for CVE-2006-4340 were incomplete
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...)
	- avahi 0.6.15-1 (low)
CVE-2006-XXXX [diffmon information leakage]
	- diffmon 20020222-2.2 (bug #382132)
CVE-2006-5460 (** DISPUTED ** ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Casino Script (Masvet)
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...)
	{DSA-1213}
	- graphicsmagick 1.1.7-9 (medium)
	- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <no-dsa> (CSRF infrastructure not present, too intrusive to backport)
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
	{DSA-1208-1}
	- bugzilla 2.22.1-1 (bug #395094; low)
CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
	NOT-FOR-US: HP Tru64
CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
	- torrentflux 2.1-5 (bug #395099; low)
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
	NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
	{DSA-1204-1}
	- ingo1 1.1.2-1 (bug #396099)
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...)
	NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...)
	NOT-FOR-US: DEV Web Management System (WMS)
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...)
	NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...)
	{DSA-1229-1}
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
	- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
	- viewvc 1.0.3-1 (medium; bug #397669)
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5437 (** DISPUTED ** ...)
	- phpadsnew <itp> (bug #226636)
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...)
	NOT-FOR-US: FreeFAQ
CVE-2006-5435 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (not vulnerable)
CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 ...)
	NOT-FOR-US: P-News
CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
	NOT-FOR-US: ALiCE-CMS
CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: phpPowerCards
CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...)
	NOT-FOR-US: PHPOutsourcing Zorum
CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: db-central (dbc) Enterprise CMS
CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
	NOT-FOR-US: BRIM
CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
	NOT-FOR-US: Php AMX
CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...)
	NOT-FOR-US: LoCal Calendar System
CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...)
	NOT-FOR-US: XORP (eXtensible Open Router Platform)
CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...)
	NOT-FOR-US: Lou Portail
CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...)
	NOT-FOR-US: Lodel
CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: WSN Forum
CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
	NOT-FOR-US: Specimen Image Database (SID)
CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...)
	NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB
CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...)
	NOT-FOR-US: McAfee
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...)
	NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: News Defilante Horizontale
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Barry Nauta BRIM
CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...)
	NOT-FOR-US: SuperMod for YABB (YaBBSM)
CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...)
	NOT-FOR-US: PHP Outburst Easynews
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...)
	NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...)
	NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...)
	NOT-FOR-US: Toshiba Bluetooth wireless device driver
CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
	- phpmybibli <itp> (bug #369328)
CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...)
	NOT-FOR-US: CyberBrau
CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
	NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...)
	- libx11 2:1.0.3-3 (low; bug #398460)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
	NOT-FOR-US: Microsoft
CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...)
	NOT-FOR-US: Cisco
CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...)
	NOT-FOR-US: Cisco
CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...)
	NOT-FOR-US: OpenDock FullCore
CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Xfire
CVE-2006-5390 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ACP User Registration (MMW) module for phpBB
CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Wyana
CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...)
	NOT-FOR-US: WebSPELL
CVE-2006-5387 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PlusXL phpBB module
CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...)
	NOT-FOR-US: NuralStorm Webmail
CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
	NOT-FOR-US: SpamOborona phpBB module
CVE-2006-5384 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: CDS Agenda
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...)
	NOT-FOR-US: Def-Blog
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...)
	NOT-FOR-US: 3Com
CVE-2003-1307 (** DISPUTED ** ...)
	NOTE: More of an apache flaw than a php flaw. And just one more reason
	NOTE: why you have lost as soon as an attacker can execute arbitrary
	NOTE: php scripts.
	NOTE: http://www.securityfocus.com/bid/9302
	NOTE: Probably an unfixable design flaw. But if you can execute a malicious
	NOTE: program, you can do $BADSTUFF anyway.
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2006-XXXX [unspecified steam cache vulnerability]
	- steam 2.2.31-1
	[sarge] - steam <not-affected> (Sarge version doesn't implement caching)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5380 (** DISPUTED ** ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...)
	- nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
	[sarge] - nvidia-graphics-drivers <not-affected> (1.0.7174 not affected)
	NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...)
	NOT-FOR-US: EnterpriseOne
CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in ...)
	NOT-FOR-US: Oracle
CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer ...)
	NOT-FOR-US: Oracle
CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...)
	NOT-FOR-US: Oracle
CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...)
	NOT-FOR-US: Oracle
CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in ...)
	NOT-FOR-US: Oracle
CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC) ...)
	NOT-FOR-US: Oracle
CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for ...)
	NOT-FOR-US: Oracle
CVE-2006-5331
	RESERVED
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 for ...)
	- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
	NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version)
	NOTE: or not but it's fix in 9.0.31.0.1 for sure.
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
CVE-2006-5329
	RESERVED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5326 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz ...)
	NOT-FOR-US: dwingmods for phpBB
CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...)
	NOT-FOR-US: phplist
CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...)
	NOT-FOR-US: phplist
CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...)
	NOT-FOR-US: Album Photo Sans Nom
CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...)
	NOT-FOR-US: Foafgen
CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...)
	NOT-FOR-US: Nayco JASmine
CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...)
	NOT-FOR-US: eboli
CVE-2006-5316 (registroTL stores sensitive information under the web root with ...)
	NOT-FOR-US: registroTL
CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...)
	NOT-FOR-US: registroTL
CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...)
	NOT-FOR-US: TribunaLibre
CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...)
	NOT-FOR-US: Hastymail
CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...)
	NOT-FOR-US: Ajax Shoutbox
CVE-2006-5311 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Buzlas
CVE-2006-5310 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpMyConferences
CVE-2006-5309 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...)
	NOT-FOR-US: Open Conference Systems
CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...)
	NOT-FOR-US: AFGB GUESTBOOK
CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...)
	NOT-FOR-US: Journals System module for phpBB
CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...)
	NOT-FOR-US: lat2cyr
CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...)
	NOT-FOR-US: IncCMS Core
CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...)
	NOT-FOR-US: Secure Computing SafeWord RemoteAccess
CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
	NOT-FOR-US: Redaction System
CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...)
	NOT-FOR-US: SpamBlockerMODv module for phpBB
CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...)
	NOT-FOR-US: HP
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-5291 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...)
	NOT-FOR-US: Vtiger CRM
CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...)
	NOT-FOR-US: Cisco
CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...)
	NOT-FOR-US: Xeobook
CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
	NOT-FOR-US: XeoPort
CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...)
	NOT-FOR-US: PHP News Reader (aka pnews)
CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...)
	NOT-FOR-US: Minichat
CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...)
	NOT-FOR-US: SH-News
CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...)
	NOT-FOR-US: n@board
CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
	NOT-FOR-US: communityPortals
CVE-2006-5279
	RESERVED
CVE-2006-5278
	RESERVED
CVE-2006-5277
	RESERVED
CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...)
	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
CVE-2006-5275
	RESERVED
CVE-2006-5274
	RESERVED
CVE-2006-5273
	RESERVED
CVE-2006-5272
	RESERVED
CVE-2006-5271
	RESERVED
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft
CVE-2006-5269
	RESERVED
CVE-2006-5268
	RESERVED
CVE-2006-5267
	RESERVED
CVE-2006-5266
	RESERVED
CVE-2006-5265
	RESERVED
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...)
	NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...)
	NOT-FOR-US: Hastymail
CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...)
	NOT-FOR-US: PHPMyNews
CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...)
	NOT-FOR-US: Asbru Web Content Management
CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ciamos Content Management System
CVE-2006-5256 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-5255 (** DISPUTED ** ...)
	NOT-FOR-US: gCards
CVE-2006-5254 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed
CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana ...)
	NOT-FOR-US: phpOnline (aka PHP-Online)
CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...)
	NOT-FOR-US: Deep CMS
CVE-2006-5250 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BlueShoes
CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...)
	NOT-FOR-US: Etomite Content Management System
CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Gallery
CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in ...)
	NOT-FOR-US: Docmint
CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 ...)
	NOT-FOR-US: eXpBlog
CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows ...)
	NOT-FOR-US: 4images
CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5234 (** DISPUTED ** ...)
	NOT-FOR-US: phpWebSite
CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version ...)
	NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone
CVE-2006-5232 (** DISPUTED ** ...)
	NOT-FOR-US: iSearch
CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, ...)
	NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...)
	NOT-FOR-US: FreeForum
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...)
	NOTE: This issues depends on the stack of selected authentication modules, while
	NOTE: some are resilient against such timing attacks, some aren't
	NOTE: This is inside responsibility of an admin
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...)
	NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux ...)
	- torrentflux 2.1-4 (bug #392501; low)
CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in ...)
	NOT-FOR-US: Freenews
CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...)
	NOT-FOR-US: AAIportal
CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php ...)
	NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB
CVE-2006-5223 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow ...)
	NOT-FOR-US: Cahier de textes
CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, ...)
	NOT-FOR-US: WebYep
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...)
	- moodle 1.6.2+20060930-1 (medium; bug #390294)
	[sarge] - moodle <not-affected> (Vulnerable code not present)
CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...)
	NOT-FOR-US: systrace in OpenBSD and NetBSD
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...)
	NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...)
	- shttpd <itp> (bug #341284)
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...)
	- xdm 1:1.0.5-1 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...)
	- xdm 1:1.0.5-1 (low)
	- xorg 1:7.1.0-13 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5213 (Sun Solaris 10 before 20061006 uses &quot;incorrect and insufficient ...)
	NOT-FOR-US: Solaris
CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 ...)
	NOT-FOR-US: IronWebMail
CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5207 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpMyTeam
CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...)
	NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...)
	- sun-java5 1.5.0-10-1 (bug #393042)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	NOTE: this is similar to CVE-2006-4339
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
	NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
	NOT-FOR-US: Adobe
CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ...)
	NOT-FOR-US: WinZip
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...)
	NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
	NOT-FOR-US: Motorola SURFboard
CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...)
	NOT-FOR-US: net2ftp
CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...)
	NOT-FOR-US: WikyBlog
CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...)
	NOT-FOR-US: phpGreetz
CVE-2006-5191 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nivisec Static Topics module for phpBB
CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...)
	NOT-FOR-US: klinza professional cms
CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...)
	NOT-FOR-US: webGENEius GOOP Gallery
CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Bulletin Board Ace (BBaCE)
CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...)
	NOT-FOR-US: phpMyProfiler
CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...)
	NOT-FOR-US: HAMweather
CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...)
	NOT-FOR-US: PKR Internet Taskjitsu
CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...)
	NOT-FOR-US: Dayfox Blog
CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...)
	NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
	- php5 <unfixed> (bug #391281; unimportant)
	- php4 <unfixed> (bug #391282; unimportant)
	NOTE: open_basedir is not supported
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
	NOT-FOR-US: TeraStation HD-HTGL
CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-5
	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
	- linux-2.6 2.6.18-1
CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
	{DSA-1203-1}
	- libpam-ldap 180-1.2 (bug #392984; medium)
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Pebble
CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...)
	NOT-FOR-US: Microsoft
CVE-2006-XXXX [zabbix format string vulnerabilities]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-XXXX [zabbix buffer overflows]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...)
	NOT-FOR-US: BasiliX
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
	NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...)
	NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...)
	NOT-FOR-US: IBM
CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...)
	NOT-FOR-US: IBM
CVE-2006-5160 (** DISPUTED ** ...)
	- firefox <not-affected> (no real issues)
CVE-2006-5159 (** DISPUTED ** ...)
	NOT-FOR-US: Bogus Firefox issue
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
	- linux-2.6 2.6.15
CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
	NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...)
	NOT-FOR-US: McAfee
CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...)
	NOT-FOR-US: VideoDB
CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...)
	NOT-FOR-US: HP
CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5149 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...)
	NOT-FOR-US: Forum82
CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...)
	NOT-FOR-US: VAMP Webmail
CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...)
	NOT-FOR-US: Yblog
CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...)
	NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...)
	NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...)
	NOT-FOR-US: Image Host Script (phpkimagehost)
CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to ...)
	NOT-FOR-US: MkPortal
CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow ...)
	NOT-FOR-US: A-Blog
CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to ...)
	NOT-FOR-US: Mercury SiteScope
CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...)
	NOT-FOR-US: GuildFTPd
CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...)
	NOT-FOR-US: just another flat file (JAF) CMS
CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...)
	NOT-FOR-US: ConPresso
CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...)
	NOT-FOR-US: ConPresso
CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht ...)
	NOT-FOR-US: PHProjekt
CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury ...)
	NOT-FOR-US: SiteScope
CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the ...)
	NOT-FOR-US: PostNuke
CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer ...)
	NOT-FOR-US: Red Mombin
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...)
	NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...)
	NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...)
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
	NOTE: Only path disclosure
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...)
	NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...)
	NOT-FOR-US: SAP
CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa ...)
	NOT-FOR-US: Exporia
CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...)
	- libksba 0.9.14-1 (low; bug #391278)
	[sarge] - libksba <no-dsa> (Minor issue)
CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CubeCart
CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion ...)
	NOT-FOR-US: CubeCart
CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x ...)
	NOT-FOR-US: CubeCart
CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 ...)
	NOT-FOR-US: FacileForms for Mambo and Joomla!
CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...)
	NOT-FOR-US: SyntaxCMS
CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...)
	NOT-FOR-US: vBulletin
CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...)
	NOT-FOR-US: bbsNew
CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV ...)
	NOT-FOR-US: Comdev CSV Importer
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...)
	NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5097 (** DISPUTED ** ...)
	NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2006-5095 (** DISPUTED ** ...)
	NOT-FOR-US: MyPhotos
CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
	NOT-FOR-US: phpBB XS
CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...)
	NOT-FOR-US: A-Blog
CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server ...)
	NOT-FOR-US: HP-UX Samba
CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix ...)
	NOT-FOR-US: Phoenix Evolution CMS (PECMS)
CVE-2006-5089 (** DISPUTED ** ...)
	NOT-FOR-US: My-BIC
CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...)
	NOT-FOR-US: phpMyChat
CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ...)
	NOT-FOR-US: evoBB
CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay ...)
	NOT-FOR-US: Skype
CVE-2006-5083 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Integrated MODs (IM) Portal
CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...)
	NOT-FOR-US: Sugar Suite Open Source (SugarCRM)
CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...)
	NOT-FOR-US: Movable Type
CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt ...)
	NOT-FOR-US: paBugs
CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in ...)
	NOT-FOR-US: Polaring
CVE-2006-5077 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Minerva
CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...)
	NOT-FOR-US: OpenConcept Back-End
CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...)
	- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
	NOT-FOR-US: eyeOS
CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
	- typo3 <not-affected> (only versions 4.0.0+4.0.1 affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
	NOT-FOR-US: BrudaNews
CVE-2006-5067 (** DISPUTED ** ...)
	NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...)
	NOT-FOR-US: DanPHPSupport
CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...)
	NOT-FOR-US: ZoomStats
CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...)
	NOT-FOR-US: BirdBlog
CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...)
	{DSA-1242-1}
	- elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
	NOT-FOR-US: Advanced-Clan-Script (AVCX)
CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...)
	NOT-FOR-US: Jamroom
CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
	NOT-FOR-US: Call of Duty
CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...)
	NOT-FOR-US: PhotoStore
CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...)
	NOT-FOR-US: Opial Audio/Video Download Management
CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: syntaxCMS
CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...)
	NOT-FOR-US: iyzi Forum
CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...)
	NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
	TODO: check
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
	{DSA-1212 DSA-1189-1}
	- openssh 1:4.3p2-4 (unimportant)
	- openssh-krb5 <removed> (high)
	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
	NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
	- busybox <not-affected> (bug #390555; irreproducible)
	[sarge] - busybox <not-affected> (Vulnerable code not present)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
	NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images ...)
	NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...)
	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and ...)
	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
	NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...)
	NOT-FOR-US: SEF404x (com_sef) for Joomla!
CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...)
	NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...)
	NOT-FOR-US: FiWin
CVE-2006-5037 (** DISPUTED ** ...)
	NOT-FOR-US: MySource Matrix
CVE-2006-5036 (** DISPUTED ** ...)
	NOT-FOR-US: MySource Matrix
CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...)
	NOT-FOR-US: vCAP
CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
	NOT-FOR-US: vCAP
CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...)
	NOT-FOR-US: vCAP
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
	NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
	NOT-FOR-US: CakePHP
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board (wBB)
CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...)
	NOT-FOR-US: Plesk
CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
	NOT-FOR-US: JevonCMS
CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
	NOT-FOR-US: xweblog
CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...)
	NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...)
	NOT-FOR-US: RedBLoG
CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...)
	NOT-FOR-US: SolidState
CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Google Mini
CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...)
	NOT-FOR-US: ContentKeeper
CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
	NOT-FOR-US: Kietu
CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...)
	NOT-FOR-US: cPanel
CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...)
	NOT-FOR-US: Solaris
CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...)
	NOT-FOR-US: Solaris
CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...)
	NOT-FOR-US: AIX
CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...)
	NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4999
	RESERVED
CVE-2006-4998
	RESERVED
CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 ...)
	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...)
	NOT-FOR-US: BSQ Sitestats for Joomla!
CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache ...)
	NOT-FOR-US: XAMPP
CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuests
CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...)
	NOT-FOR-US: JD-WordPress for Joomla!
CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows ...)
	NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager
CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network ...)
	NOT-FOR-US: Cisco
CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device ...)
	NOT-FOR-US: Cisco
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass ...)
	NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...)
	{DSA-1198-1 DSA-1197-1}
	- python2.5 2.5-1 (bug #391589)
	- python2.4 2.4.3-9 (bug #391589)
	- python2.3 2.3.5-16 (bug #393053)
	- python2.2 <not-affected> (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...)
	- libphp-adodb <unfixed> (unimportant)
	- gallery2 <unfixed> (unimportant)
	- phppgadmin <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpwiki <unfixed> (unimportant)
	- moodle <unfixed> (unimportant)
	NOTE: full path is known in Debian anyway
CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4968 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PNphpBB
	NOTE: code in phpBB is different and not affected
CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart ...)
	NOT-FOR-US: NextAge Cart
CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in ...)
	NOT-FOR-US: phpQuestionnaire
CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...)
	NOT-FOR-US: MyReview
CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...)
	NOT-FOR-US: Cisco
CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site ...)
	NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...)
	NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...)
	NOT-FOR-US: Search Keywords module for Drupal
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...)
	NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...)
	NOT-FOR-US: DigitalWebShop
CVE-2006-4944 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ProgSys
CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (File not present)
CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...)
	- moodle 1.6.2-1
CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...)
	- moodle 1.6.2-1
CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (Function not present)
CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...)
	- moodle 1.6.2-1
CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...)
	- moodle 1.6.2-1
CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle ...)
	- moodle 1.6.2-1
CVE-2006-4934
	RESERVED
CVE-2006-4933
	RESERVED
CVE-2006-4932
	RESERVED
CVE-2006-4931
	RESERVED
CVE-2006-4930
	RESERVED
CVE-2006-4929
	RESERVED
CVE-2006-4928
	RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
	NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
	- linux-2.6 2.6.14
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...)
	- openssh <unfixed> (unimportant)
	NOTE: That's a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
	{DSA-1212 DSA-1189-1}
	- openssh 1:4.3p2-4 (low; bug #389995)
	- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
	NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Site@School
CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 ...)
	NOT-FOR-US: Site@School
CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School ...)
	NOT-FOR-US: Site@School
CVE-2006-4919 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Site@School
CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
	NOT-FOR-US: Simple Discussion Board
CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News ...)
	NOT-FOR-US: PT News
CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) ...)
	NOT-FOR-US: Tekman Portal
CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate ...)
	NOT-FOR-US: Innovate Portal
CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote ...)
	NOT-FOR-US: A.l-Pifou
CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in ...)
	NOT-FOR-US: AlstraSoft E-friends
CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and ...)
	NOT-FOR-US: PHP DocWriter
CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 ...)
	NOT-FOR-US: Cisco
CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before ...)
	NOT-FOR-US: Cisco
CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS ...)
	NOT-FOR-US: Cisco
CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OSU
CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OSU
CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...)
	NOT-FOR-US: More.groupware
CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...)
	NOT-FOR-US: Artmedic Links
CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam ...)
	NOT-FOR-US: X-Cart
CVE-2006-4903
	RESERVED
CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...)
	NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...)
	NOT-FOR-US: CMtextS
CVE-2006-4896
	REJECTED
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4893 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...)
	NOT-FOR-US: Techno Dreams FAQ
CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...)
	NOT-FOR-US: UNAK-CMS
CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...)
	NOT-FOR-US: Telekorn SignKorn Guestbook
CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...)
	NOT-FOR-US: Apple
CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...)
	NOT-FOR-US: McAfee
CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot BizDirectory
CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...)
	NOT-FOR-US: Cart 3
CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4875 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...)
	NOT-FOR-US: ECardPro
CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...)
	NOT-FOR-US: EShoppingPro
CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...)
	NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...)
	NOT-FOR-US: phpunity.postcard
CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine ...)
	NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...)
	NOT-FOR-US: GNUTurk
CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...)
	NOT-FOR-US: Apple
CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...)
	NOT-FOR-US: ReviewPost
CVE-2006-4863 (** DISPUTED ** ...)
	NOT-FOR-US: mcLinksCounter
CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...)
	NOT-FOR-US: easypage
CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...)
	NOT-FOR-US: Complain Center
CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...)
	NOT-FOR-US: Limbo
CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...)
	NOT-FOR-US: Limbo
CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...)
	NOT-FOR-US: Serverstat (com_serverstat) component for Mambo
CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...)
	NOT-FOR-US: ClickBlog
CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...)
	NOT-FOR-US: WebLogger
CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec
CVE-2006-4854
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...)
	NOT-FOR-US: Haberx
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
	NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848 (** DISPUTED ** ...)
	NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...)
	NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
	- xulrunner 1.8.0.9-1 (low; bug #405062)
	[sarge] - mozilla <unfixed> (low)
	[sarge] - mozilla <no-dsa> (Minor issue)
	NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
	TODO: check whether sarge has a setuid/setgid binary linking against libnspr
CVE-2006-4841
	RESERVED
CVE-2006-4840
	REJECTED
CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sophos
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...)
	NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
	NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...)
	NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...)
	NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
	NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...)
	NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...)
	NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...)
	NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...)
	NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote ...)
	NOT-FOR-US: Opera
CVE-2006-4818
	RESERVED
CVE-2006-4817
	RESERVED
CVE-2006-4816
	RESERVED
CVE-2006-4815
	RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...)
	- linux-2.6 2.6.18.dfsg.1-9 (low)
	- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...)
	{DSA-1233}
	- linux-2.6 2.6.13-1
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
	- php4 <not-affected>
	- php5 5.1.6-5 (bug #391586)
CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...)
	{DSA-1200-1}
	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
	- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used ...)
	{DSA-1219}
	- texinfo 4.8.dfsg.1-4
CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...)
	{DSA-1201-1}
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4804
	RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...)
	NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...)
	NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
	{DSA-1215}
	- ffmpeg 0.cvs20060329-1
	- xine-lib 1.1.2-1
	- gst-ffmpeg 0.8.7-7 (medium; bug #401304)
	- gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311)
	- mplayer 1.0~rc1-1
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
	{DSA-1215}
	- xine-lib 1.1.2-1 (bug #369876; medium)
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
	TODO: check ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
	- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...)
	NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
	NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...)
	NOT-FOR-US: TualBLOG
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...)
	{DSA-1217}
	- linux-ftpd 0.17-23 (low; bug #384454)
CVE-2006-XXXX [ejabberd HTML code injection]
	- ejabberd 1.1.1-8
CVE-2006-4792
	RESERVED
CVE-2006-4791
	RESERVED
CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...)
	NOT-FOR-US: Open Movie Editor
CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...)
	NOT-FOR-US: SignKorn Guestbook
CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...)
	NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ...)
	- moodle 1.6.2-1 (medium; bug #387177)
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4779 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...)
	NOT-FOR-US: Creative Commons Tools ccHost
CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...)
	NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...)
	NOT-FOR-US: Cisco
CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...)
	NOT-FOR-US: Cisco
CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...)
	NOT-FOR-US: Sun StorEdge
CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...)
	NOT-FOR-US: ForumJBC
CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...)
	NOT-FOR-US: MiniPort@l
CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...)
	NOT-FOR-US: p4CMS
CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...)
	NOT-FOR-US: NETGEAR
CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...)
	NOT-FOR-US: WTools
CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...)
	NOT-FOR-US: Ykoon RssReader
CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...)
	NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...)
	NOT-FOR-US: RSSOwl
CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...)
	NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...)
	- phpbb2 2.0.21-4 (bug #388120; unimportant)
	NOTE: Only exploitable by admins, which you'd need to trust
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...)
	NOT-FOR-US: e107
CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...)
	NOT-FOR-US: PHProg
CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 ...)
	NOT-FOR-US: PHProg
CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4750 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OPENi-CMS
CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow ...)
	NOT-FOR-US: F-ART BLOG:CMS
CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot ...)
	NOT-FOR-US: IdevSpot TextAds
CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...)
	NOT-FOR-US: Web Server Creator
CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to ...)
	NOT-FOR-US: ScaryBear PocketExpense Pro
CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...)
	NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...)
	- wordpress <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...)
	NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...)
	- magpierss <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...)
	- tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122)
CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...)
	NOT-FOR-US: simple, integrated publishing system (SIPS)
CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...)
	NOT-FOR-US: Microsoft
CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...)
	{DSA-1239-1}
	- sql-ledger 2.6.19-1
CVE-2006-4730
	RESERVED
CVE-2006-4729
	RESERVED
CVE-2006-4728
	RESERVED
CVE-2006-4727
	RESERVED
CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...)
	NOT-FOR-US: Adobe
CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...)
	NOT-FOR-US: Adobe
CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2006-4723 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...)
	NOT-FOR-US: Open Bulletin Board (OpenBB)
CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...)
	NOT-FOR-US: CCleague Pro Sports CMS
CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...)
	NOT-FOR-US: mcGalleryPRO
CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...)
	NOT-FOR-US: KorviBlog
CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module ...)
	NOT-FOR-US: Pubcookie module for Drupal
CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...)
	NOT-FOR-US: Fire Soft Board (FSB)
CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...)
	NOT-FOR-US: PSYWERKS PUMA
CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...)
	NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker ...)
	NOT-FOR-US: Microsoft
CVE-2006-4703
	RESERVED
CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4701
	RESERVED
CVE-2006-4700
	RESERVED
CVE-2006-4699
	RESERVED
CVE-2006-4698
	RESERVED
CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-4695
	RESERVED
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...)
	NOT-FOR-US: Microsoft
CVE-2006-4690
	RESERVED
CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...)
	NOT-FOR-US: Microsoft
CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...)
	NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...)
	NOT-FOR-US: Microsoft
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
	{DSA-1176-1}
	- zope2.7 <removed>
	- zope2.8 2.8.8-2
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
	NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...)
	NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...)
	NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...)
	- dokuwiki 0.0.20060309-5.1 (low; bug #388082)
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
	NOT-FOR-US: News Evolution
CVE-2006-4677 (** DISPUTED ** ...)
	NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...)
	NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
	NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...)
	NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...)
	NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...)
	NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...)
	NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...)
	NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...)
	NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Premod Shadow
CVE-2006-4663 (** DISPUTED ** ...)
	NOT-FOR-US: User problem
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...)
	NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...)
	NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...)
	NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...)
	NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...)
	NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...)
	NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...)
	NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...)
	NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...)
	NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...)
	NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...)
	NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...)
	NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using &quot;Remote Audit,&quot; logs the administrator ...)
	NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...)
	NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...)
	NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...)
	NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...)
	NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...)
	NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...)
	NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...)
	NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...)
	NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...)
	NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	- php5 5.2.0-1 (bug #391281; unimportant)
	NOTE: open_basedir violations not supported in Debian's PHP
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...)
	- linux-2.6 2.6.18-1
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...)
	{DSA-1182-1}
	NOTE: GNUTLS-SA-2006-4
	- gnutls13 1.4.4-1 (high)
	- gnutls12 <unfixed> (high)
	- gnutls11 <unfixed> (high)
CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack]
	NOTE: GNUTLS-SA-2006-3 (withdrawn)
	- gnutls13 1.4.3-1 (unimportant)
	- gnutls12 <unfixed> (unimportant)
	- gnutls11 <unfixed> (unimportant)
CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV ...)
	NOT-FOR-US: AnnonceV
CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...)
	NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...)
	NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...)
	- libphp-adodb <not-affected> (vulnerable code seems to be In-link specific)
	- egroupware <not-affected> (vulnerable code seems to be In-link specific)
	- moodle <not-affected> (vulnerable code seems to be In-link specific)
	- phppgadmin <not-affected> (vulnerable code seems to be In-link specific)
	- gallery2 <not-affected> (vulnerable code seems to be In-link specific)
	- phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise ...)
	NOT-FOR-US: MailEnable
CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...)
	NOT-FOR-US: Shape Services
CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords ...)
	NOT-FOR-US: PDAapps Verichat
CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...)
	NOT-FOR-US: SnapGear
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows ...)
	NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks ...)
	NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda ...)
	NOT-FOR-US: GrapAgenda
CVE-2006-4609 (** DISPUTED ** ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote ...)
	NOT-FOR-US: php-Revista
CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista ...)
	NOT-FOR-US: php-Revista
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php ...)
	NOT-FOR-US:  Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass ...)
	NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows ...)
	NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...)
	- openldap2.3 2.3.25-1
	- openldap2.2 <removed> (low)
	- openldap2 <not-affected> (low) (slapd not built from this version)
CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...)
	NOT-FOR-US: Autentificator
CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 ...)
	NOT-FOR-US: ssLinks
CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...)
	NOT-FOR-US: ICBlogger
CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...)
	NOT-FOR-US: MyBace Light Skrip
CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under the web ...)
	NOT-FOR-US: muforum
CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
	NOT-FOR-US: phpAtm
CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 ...)
	NOT-FOR-US: SoftBB
CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...)
	NOT-FOR-US: Simple Blog
CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AltraSoft Template Seller
CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...)
	NOT-FOR-US: Jetstat.com JS ASP Faq Manager
CVE-2006-4589 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DynCMS
CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...)
	NOT-FOR-US: FlashChat
CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e ...)
	NOT-FOR-US: The Address Book
CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e validates ...)
	NOT-FOR-US: The Address Book
CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to ...)
	NOT-FOR-US: The Address Book
CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book ...)
	NOT-FOR-US: The Address Book
CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...)
	NOT-FOR-US: The Address Book
CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e ...)
	NOT-FOR-US: The Address Book
CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows ...)
	NOT-FOR-US: The Address Book
CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote ...)
	NOT-FOR-US: The Address Book
CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the &quot;utf8 combining characters ...)
	{DSA-1202-1}
	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
	- linux-2.6 2.6.18.dfsg.1-9 (medium)
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-64
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...)
	{DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-63
	- thunderbird 1.5.0.7-1
	- mozilla <unfixed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the &quot;blocked ...)
	NOTE: MFSA-2006-62
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
	[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-61
	- mozilla <unfixed> (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
	NOTE: MFSA-2006-58
	- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
	- thunderbird 1.5.0.7-1 (unimportant)
	[sarge] - mozilla-firefox <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-4562 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
	- xulrunner 1.8.0.7-1 (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- mozilla <unfixed> (low)
	- mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4557 (** DISPUTED ** ...)
	NOT-FOR-US: Discloser
CVE-2006-4556 (** DISPUTED ** ...)
	NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control ...)
	NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...)
	NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the ...)
	NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...)
	NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4545 (** DISPUTED ** ...)
	NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...)
	NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...)
	NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...)
	{DSA-1199-1}
	- webmin <removed> (bug #391284)
	- usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...)
	NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.17-9
CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and ...)
	NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
	NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local ...)
	- linux-2.6 2.6.18-1
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...)
	NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...)
	NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in ...)
	NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...)
	NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...)
	NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...)
	NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in ...)
	NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and ...)
	NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...)
	NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and ...)
	NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...)
	- libphp-adodb <not-affected>
	- egroupware <not-affected>
	- moodle <not-affected>
	- phppgadmin 4.0.1-2 (unimportant)
	- gallery2 <not-affected>
	- phpwiki <unfixed> (unimportant)
CVE-2006-XXXX [hostapd dos]
	- hostapd 1:0.5.4-1
	[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4519
	RESERVED
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
	RESERVED
CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in ...)
	{DSA-1221-1}
	- libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
	- wv 1.2.4-1 (bug #396256; medium)
	TODO: The maintainer tagged it Sarge, check, when this was fixed in etch/sid
	[sarge] - abiword <unfixed> (bug #396360)
CVE-2006-4512
	RESERVED
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...)
	- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
	NOT-FOR-US: Sony
	NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...)
	NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...)
	NOT-FOR-US: xbiff2
	NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...)
	NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...)
	NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
	NOT-FOR-US: DUpoll
CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, ...)
	- php5 5.1.6-1
	- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
	- php5 5.1.6-1
	- php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
	- libgd2 2.0.33-5.1 (medium; bug #384838)
	- xloadimage <unfixed> (unimportant; bug #384841)
	NOTE: xloadimage is a crasher only, not a security problem
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
	{DSA-1206-1}
	- php5 5.1.6-1 (medium)
	- php4 4:4.4.4-1 (medium)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Basedir violations not supported
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
	NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...)
	NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
	NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	- joomla <itp> (bug #326398)
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
	- joomla <itp> (bug #326398)
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	- joomla <itp> (bug #326398)
	NOTE: Joomla is a new package and the version 1.0.12-2 is not affected.
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
	- joomla <itp> (bug #326398)
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
	- joomla <itp> (bug #326398)
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
	- joomla <itp> (bug #326398)
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
	- joomla <itp> (bug #326398)
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
	- joomla <itp> (bug #326398)
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	- joomla <itp> (bug #326398)
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
	- joomla <itp> (bug #326398)
CVE-2006-4465 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
	NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...)
	NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
	NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...)
	NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in ...)
	- phpgroupware 0.9.16.011-1 (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
	NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...)
	NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
	- xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
	NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
	NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...)
	NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...)
	- phpbb2 2.0.21-1 (unimportant)
	NOTE: That's by design and even disabled by default
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
	NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
	{DSA-1193-1}
	- xbase-clients 1:7.1.ds-2 (unimportant)
	- xtrans 1.0.0-6 (unimportant)
	- xorg-server 1:1.0.2-9 (low)
	- libx11 2:1.0.0-7 (unimportant)
	- xdm 1:1.0.5-1 (unimportant)
	- xterm <unfixed> (unimportant)
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
	NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
	NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...)
	NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux ...)
	NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...)
	NOT-FOR-US: Tagger LE
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
	- mozilla <unfixed> (low)
	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
	- xulrunner <not-affected>
	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...)
	- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
	{DSA-1175-1}
	- isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
	NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
	{DSA-1164}
	- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.4-0.1 (unimportant)
	NOTE: Sanitising this is an application's job
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2006-4429 (** DISPUTED ** ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4428 (** DISPUTED ** ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...)
	NOT-FOR-US: eFiction
CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AlberT-EasySite
CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...)
	NOT-FOR-US: Bigace
CVE-2006-4422 (** DISPUTED ** ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Yet Another PHP Image Gallery
CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...)
	NOT-FOR-US: Phaos
CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...)
	NOT-FOR-US: ProManager
CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...)
	NOT-FOR-US: Wikepage
CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...)
	NOT-FOR-US: Xoops
CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4415
	RESERVED
CVE-2006-4414
	RESERVED
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
	RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...)
	NOT-FOR-US: Mac OS
CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows ...)
	NOT-FOR-US: Mac OS
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...)
	NOT-FOR-US: Mac OS
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4383
	RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
	{DSA-1169}
	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
	- mysql-dfsg <not-affected> (only 4.1 affected)
	- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
	NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378 (** DISPUTED ** ...)
	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4375 (** DISPUTED ** ...)
	NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd)
CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...)
	NOT-FOR-US: IrfanView
CVE-2006-4373 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: pSlash
CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...)
	NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo
CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4368 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...)
	NOT-FOR-US: All Topics Hack for phpBB
CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...)
	NOT-FOR-US: RedBLoG
CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...)
	NOT-FOR-US: VistaBB
CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
	NOT-FOR-US: CropImage component (com_cropimage) for Mambo
CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...)
	NOT-FOR-US: Diesel Paid Mail
CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Diesel Job Site
CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...)
	NOT-FOR-US: E-commerce for Drupal
CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...)
	NOT-FOR-US: PowerZip
CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...)
	NOT-FOR-US: Diesel Pay
CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
	NOT-FOR-US: Diesel Smart Traffic
CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...)
	NOT-FOR-US: Phome Empire CMS
CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...)
	NOT-FOR-US: Cisco
CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4349 (** DISPUTED ** ...)
	NOT-FOR-US: ToendaCMS
CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
	NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla!
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
	NOT-FOR-US: Cool Manager
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
	NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...)
	- linux-2.6 <not-affected> (Flaw specific to Red Hat backport)
CVE-2006-4341
	REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
	{DSA-1174-1 DSA-1173-1}
	- openssl 0.9.8b-3 (medium)
	- openssl097 0.9.7i-2 (medium)
	- openssl096 <removed>
CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (medium)
	- lha 1.14i-10.1 (medium; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
	{DSA-1171}
	- wireshark 0.99.2-5.1 (low; bug #384529)
	- ethereal <removed> (low; bug #384528)
CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
	- wireshark <not-affected> (windows only)
	- ethereal <not-affected> (windows only)
CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...)
	- wireshark 0.99.2-5.1 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
	- wireshark 0.99.2-5 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...)
	NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...)
	NOT-FOR-US: CloudNine
CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...)
	NOT-FOR-US: CloudNine
CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...)
	NOT-FOR-US: Ichitaro
CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...)
	NOT-FOR-US: Doika
CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...)
	NOT-FOR-US: CityForFree
CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...)
	NOT-FOR-US: CityForFree
CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...)
	NOT-FOR-US: Mambo
CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...)
	NOT-FOR-US: Mambo
CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...)
	NOT-FOR-US: OpenSEF for Joomla
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...)
	NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...)
	NOT-FOR-US: WoltLab
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
	NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
	NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	- firefox <removed>
	- iceweasel 2.0+dfsg-1
	- mozilla <unfixed>
	- mozilla-firefox <unfixed>
	- xulrunner 1.8.0.8-1
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...)
	NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
	NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
	NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
	{DSA-1190-1}
	- maxdb-7.5.00 7.5.00.34-5 (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
	- kfreebsd-5 5.4-18 (bug #391289)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
	NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
	- sun-java5 1.5.0-07-1
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
	NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
	- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
	NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...)
	NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...)
	- twiki 1:4.0.4-3 (bug #389267; low)
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
	- honeyd 1.5b-1 (low; bug #384806)
	[sarge] - honeyd <no-dsa> (Minor issue)
CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
	NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...)
	NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
	NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
	NOT-FOR-US: NES Game and NES System
CVE-2006-4286 (** DISPUTED ** ...)
	NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...)
	NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...)
	NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
	NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
	NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280 (** DISPUTED ** ...)
	NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
	NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
	NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272 (** DISPUTED ** ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271 (** DISPUTED ** ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
	NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269 (** DISPUTED ** ...)
	NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
	NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...)
	NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
	NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
	NOT-FOR-US: Kaspersky
CVE-2006-4264 (** DISPUTED ** ...)
	NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
	{DSA-1186-1}
	- cscope 15.5+cvs20060902-1 (low; bug #385893)
CVE-2006-4261
	REJECTED
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
	- horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
	- imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...)
	NOTE: MFSA-2006-59
	- xulrunner 1.8.0.7-1 (medium)
	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
	- mozilla <unfixed> (medium)
	- thunderbird 1.5.0.7-1 (low)
	- mozilla-firefox <removed> (unimportant)
	[sarge] - mozilla <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al.
CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...)
	- pdns-recursor 3.1.4-1 (bug #398559)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...)
	{DSA-1211}
	- pdns-recursor 3.1.4-1 (bug #398557; high)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...)
	{DSA-1278-1}
	- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...)
	- zope-cmfplone 2.5.1-3 (bug #401796)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...)
	{DSA-1205-1}
	- thttpd 2.23beta1-5 (bug #396277)
CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on ...)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
	- zope-cmfplone 2.5.1-1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...)
	{DSA-1177-1}
	- usermin <removed> (bug #374609)
CVE-2006-4245
	RESERVED
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
	{DSA-1239-1}
	- sql-ledger 2.6.18-1 (medium; bug #386519)
CVE-2006-4243 [linux vserver priviledge escalation in remount code]
	RESERVED
	- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
	NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
	NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...)
	NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...)
	NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...)
	NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...)
	NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
	NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...)
	NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...)
	NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...)
	NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...)
	NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...)
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
	{DSA-1169}
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
	REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
	NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...)
	NOT-FOR-US: IBM
CVE-2006-4220
	RESERVED
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...)
	NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4216
	REJECTED
	NOT-FOR-US: Chaussette
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...)
	NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...)
	NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
	NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
	- wordpress 2.0.5-0.1 (unimportant; bug #384800)
	NOTE: Only exploitable by admin users, someone with the privilege to backup
	NOTE: your data must be trustworthy
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
	NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
	NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...)
	NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...)
	NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
	NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
	{DSA-1162}
	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
	- libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
	NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...)
	NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...)
	NOT-FOR-US: 04WebServer
CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...)
	NOT-FOR-US: 04WebServer
CVE-2006-XXXX [gallery2 session ID disclosure]
	- gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
	- mysql-dfsg-5.0 5.0.24-1
	NOTE: mysql_upgrade not in 4.x
CVE-2006-4194 (** DISPUTED ** ...)
	NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
	NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...)
	- libmodplug 1:0.7-5.2 (medium; bug #383574)
	- gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
	NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...)
	NOT-FOR-US: PHP-Nuke module AutoHTML
CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 ...)
	NOT-FOR-US: Dolphin
CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, ...)
	NOT-FOR-US: HP-UX
CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...)
	NOT-FOR-US: HP-UX
CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce ...)
	NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183
	RESERVED
CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...)
	NOT-FOR-US: GNU Radius
CVE-2006-4180
	REJECTED
CVE-2006-4179
	RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...)
	- kfreebsd-5 <unfixed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4176
	RESERVED
CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-4174
	RESERVED
CVE-2006-4173
	RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...)
	- kfreebsd-5 <unfixed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4171
	RESERVED
CVE-2006-4170
	REJECTED
CVE-2006-4169
	RESERVED
CVE-2006-4168
	RESERVED
CVE-2006-4167
	RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and ...)
	NOT-FOR-US: NetCommons
CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4163 (** DISPUTED ** ...)
	NOT-FOR-US: miniBloggie
CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...)
	NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...)
	NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...)
	NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
	NOT-FOR-US: Spaminator
CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another ...)
	NOT-FOR-US: Yet another Bulletin Board (YaBB)
CVE-2006-4156 (** DISPUTED ** ...)
	NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x ...)
	NOT-FOR-US: mod_tcl
CVE-2006-4153
	RESERVED
CVE-2006-4152
	RESERVED
CVE-2006-4151
	RESERVED
CVE-2006-4150
	RESERVED
CVE-2006-4149
	RESERVED
CVE-2006-4148
	RESERVED
CVE-2006-4147
	RESERVED
CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 ...)
	- gdb <unfixed> (unimportant)
	NOTE: Every sensible use of gdb involves executing the debugged binary
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...)
	- linux-2.6 2.6.17-7
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to ...)
	NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...)
	NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...)
	NOT-FOR-US: Microsoft
CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4135 (** DISPUTED ** ...)
	NOT-FOR-US: Calendarix
CVE-2006-4134 (Unspecified vulnerability related to a &quot;design flaw&quot; in SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
	NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...)
	NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...)
	NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...)
	- lesstif2 1:0.94.4-1 (bug #382411; low)
CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...)
	NOT-FOR-US: Boite de News
CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Simple one-file guestbook
CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...)
	NOT-FOR-US: See-Commerce
CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...)
	NOT-FOR-US: Recipe module (recipe.module) for Drupal
CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...)
	NOT-FOR-US: Solaris
CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...)
	NOT-FOR-US: Lhaz
CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...)
	NOT-FOR-US: PgMarket
CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...)
	NOT-FOR-US: hitweb
CVE-2006-4112 (Unspecified vulnerability in the &quot;dependency resolution mechanism&quot; in ...)
	- rails 1.1.6-1 (bug #382255; medium)
CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...)
	- rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
	- apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...)
	NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...)
	NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...)
	NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...)
	NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...)
	NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
	RESERVED
CVE-2006-4100
	RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...)
	NOT-FOR-US: Business Objects
CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4094
	RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...)
	{DSA-1237}
	- linux-2.6 2.6.17-7
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...)
	NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
	NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
	{DSA-1179-1}
	- alsaplayer 0.99.76-9 (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...)
	NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...)
	NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
	NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
	NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...)
	NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
	NOT-FOR-US: Club-Nuke [XP]
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314)
	- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
	NOTE: GNUTLS-SA-2006-2
	- gnutls11 <unfixed> (unimportant)
	- gnutls12 1.2.11-3 (unimportant)
	- gnutls13 1.4.2-1 (unimportant)
	NOTE: Normal bug, no reliable denial of service potential
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
	NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
	NOT-FOR-US: Imendio Planner
CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
	NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
	NOT-FOR-US: CakePHP
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
	NOT-FOR-US: SAPID Gallery
CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...)
	NOT-FOR-US: YenerTurk Haber Script
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...)
	NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SAPID Shop
CVE-2006-4061 (** DISPUTED ** ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
	NOT-FOR-US: Visual Events Calendar
CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...)
	NOT-FOR-US: USOLVED NEWSolved Lite
CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...)
	NOT-FOR-US: Eremove
CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...)
	NOT-FOR-US: katzlbt The Address Book
CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...)
	NOT-FOR-US: ME Download System
CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...)
	NOT-FOR-US: ME Download System
CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Simple Shop
CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...)
	NOT-FOR-US: Sun
CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...)
	NOT-FOR-US: Torbstoff News
CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
	NOT-FOR-US: phpCodeCabinet
CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...)
	- pike7.6 7.6.86-1
	[sarge] - pike7.6 <unfixed> (unimportant; bug #382607; bug #383766)
	[sarge] - pike7.2 <unfixed> (unimportant; bug #382607; bug #383766)
	NOTE: No applications using pike+postgres in Sarge, fix provides
	NOTE: new functions for proper quoting
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...)
	NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
	NOT-FOR-US: Fenestrae Faxination Server
CVE-2006-4036 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ZoneX Publishers
CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...)
	NOT-FOR-US: CounterChaos
CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...)
	NOT-FOR-US: ModernGigabyte ModernBill
CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...)
	NOT-FOR-US: Lhaplus
CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...)
	NOT-FOR-US: Cisco
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...)
	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
	- mysql-dfsg <removed> (bug #380271; low)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real fix feasible)
	[sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix feasible)
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5.3-1
	- gallery2 <not-affected> (vulnerable code not present)
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...)
	NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...)
	- wordpress 2.0.4-1
CVE-2006-4027
	RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
	- realtime-lsm 0.8.7-2 (bug #382161; low)
	[sarge] - realtime-lsm <not-affected>
	NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...)
	NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...)
	NOT-FOR-US: XennoBB
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
	- festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
	- php5 <unfixed> (unimportant; bug #382257)
	- php4 <unfixed> (unimportant; bug #382270)
	NOTE: Not every lack of protection of programmer's flaws is a vulnerability
	NOTE: See notes by Sean for details
	NOTE: > the entry states that this is more likely a bug in any
	NOTE: > applications not performing further validation/sanitizing,
	NOTE: > and i tend to agree based on the php.net documentation, which
	NOTE: > states: "ip2long() should not be used as the sole form of IP
	NOTE: > validation. Combine it with long2ip()".
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...)
	NOT-FOR-US: Intel Windows driver
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
	NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
	- php5 5.1.6-1 (unimportant; bug #382256; bug #382262)
	- php4 4:4.4.4-1 (unimportant; bug #382261)
	NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
	{DSA-1154}
	- squirrelmail 2:1.4.8-1 (bug #382621)
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
	{DSA-1153}
	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
	NOT-FOR-US: Inter Network Marketing (INM) CMS G3
CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS ...)
	NOT-FOR-US: toendaCMS
CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control ...)
	NOT-FOR-US: Symantec
CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail ...)
	NOT-FOR-US: Symantec
CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...)
	NOT-FOR-US: circeOS SaveWeb
CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kayako eSupport
CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...)
	NOT-FOR-US: Virtual War
CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War ...)
	NOT-FOR-US: Virtual War
CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht Guestbook
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...)
	NOT-FOR-US: vbPortal
CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 ...)
	NOT-FOR-US: Henrik Storner Hobbit monitor
CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...)
	{DSA-1147-1}
	- drupal 4.5.8-2 (bug #382087; medium)
CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and ...)
	NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US:  UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in ...)
	NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf ...)
	NOT-FOR-US: The Search Engine Project
CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) ...)
	NOT-FOR-US: Intel
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...)
	- egroupware <not-affected>
	NOTE: According to upstream egroupware is not affected, see #382207
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware ...)
	NOT-FOR-US: ConeXware
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...)
	NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...)
	NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
	NOT-FOR-US: ColdFusion MX
CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974
	RESERVED
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is ...)
	NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...)
	NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Colophon for joomla
CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...)
	NOT-FOR-US: Solaris
CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: moskool
CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: com_bayesiannaivefilter for mambo
CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...)
	NOT-FOR-US: X-Scripts X-Protection
CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...)
	NOT-FOR-US: BosDates
CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...)
	NOT-FOR-US: EFS Software Easy File Sharing FTP
CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...)
	NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...)
	NOT-FOR-US: X-Statistics
CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
	NOT-FOR-US: com_artlinks for Mambo
CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: php-nuke
CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambatstaff
CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...)
	NOT-FOR-US: Apple Safari 2.0.4
	NOTE: konqueror 3.5.x is not affected
	NOTE: PoC http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
	NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
	NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...)
	NOT-FOR-US: ScriptsCenter ezUpload Pro
CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: DotClear
CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...)
	NOT-FOR-US: x_atrix xGuestBook
CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
	NOT-FOR-US: OpenCms
CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...)
	NOT-FOR-US: Midirecord
CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...)
	NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...)
	NOT-FOR-US: Zyxel
CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...)
	NOT-FOR-US: WMNews
CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...)
	NOT-FOR-US: Dokeos
CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...)
	NOT-FOR-US: Fire-Mouse Toplist
CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...)
	NOT-FOR-US: PortailPHP
CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...)
	NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
	{DSA-1167-1}
	- apache2 2.0.55-4.1 (bug #381376; medium)
	- apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
	NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
	NOT-FOR-US: Solucija News
CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...)
	NOT-FOR-US: Academic Suite
CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...)
	{DSA-1142-1}
	- freeciv 2.0.8-3 (bug #381378; medium)
CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...)
	NOT-FOR-US: WinRAR
CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...)
	NOT-FOR-US: PHP Live
CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
	NOT-FOR-US: Game Network Engine (GNE)
CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Siemens
CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...)
	NOT-FOR-US: Cisco
CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...)
	NOT-FOR-US: Tumbleweed Email Firewall
CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...)
	NOT-FOR-US: TP-Book
CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...)
	NOT-FOR-US: NeoScale Systems CryptoStor
CVE-2006-3895
	RESERVED
CVE-2006-3894
	RESERVED
	NOT-FOR-US: RSA BSAFE
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...)
	NOT-FOR-US: Newtone ImageKit
CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...)
	NOT-FOR-US: EMC NetWorker
CVE-2006-3891
	RESERVED
CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...)
	NOT-FOR-US: Sky Software FileView ActiveX
CVE-2006-3889
	RESERVED
CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...)
	NOT-FOR-US: AOL
CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX ...)
	NOT-FOR-US: AOL
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880 (** DISPUTED ** ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
	- libmikmod2 <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
	NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3874
	RESERVED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3872
	RESERVED
CVE-2006-3871
	RESERVED
CVE-2006-3870
	RESERVED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3866
	REJECTED
CVE-2006-3865
	RESERVED
CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3863
	RESERVED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...)
	NOT-FOR-US: Micro GuestBook
CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-3850 (** DISPUTED ** ...)
	NOT-FOR-US: Vanilla CMS
CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...)
	NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...)
	- ipcalc 0.41-1 (bug #381469; low)
	[sarge] - ipcalc <no-dsa> (No exploit potential)
CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...)
	NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...)
	NOT-FOR-US: MultiBanners
CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...)
	NOT-FOR-US: WinRAR
CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...)
	NOT-FOR-US: Calendar Mambo Module
CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...)
	NOT-FOR-US: Zoho Virtual Office
CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...)
	NOT-FOR-US: WebScarab
CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
	NOT-FOR-US: various ISS products
CVE-2006-3839
	RESERVED
CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...)
	NOT-FOR-US: eIQnetworks Enterprise
CVE-2006-XXXX [syslog-ng dos]
	- syslog-ng 2.0rc1-2 (low)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
	- courier-authlib 0.58-3.1 (bug #378571; medium)
	[sarge] - courier-authlib <not-affected> (bug #378571; medium)
CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...)
	- ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
	- uqwk 2.21-13 (bug #376577; low)
	[sarge] - uqwk <no-dsa> (Minor issue)
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
	NOT-FOR-US: UNIDOmedia Chameleon
CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...)
	- tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
	- tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...)
	NOT-FOR-US: Gerrit van Aaken Loudblog
CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...)
	NOT-FOR-US: Solaris
CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic
CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions
CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...)
	NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
	NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
	- twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
	- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
	{DSA-1128}
	- heartbeat 1.2.4-13 (bug #379904; bug #380289)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
	{DSA-1166}
	- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...)
	NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-56
	[sarge] - mozilla <not-affected>
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-55
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
	{DSA-1159}
	NOTE: MFSA-2006-54
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-53
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-52
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-51
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...)
	NOTE: MFSA-2006-49
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	[sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
	- mozilla <unfixed> (high)
	- thunderbird 1.5.0.5-1 (high)
	- mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
	NOTE: MFSA-2006-48
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-47
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
	NOTE: MFSA-2006-44
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- xulrunner 1.8.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3794 (** DISPUTED ** ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...)
	NOT-FOR-US: SiteDepth
CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...)
	NOT-FOR-US: UFO2000
CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
	NOT-FOR-US: UFO2000
CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
	NOT-FOR-US: UFO2000
CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...)
	NOT-FOR-US: UFO2000
CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...)
	NOT-FOR-US: UFO2000
CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
	NOT-FOR-US: Solaris
CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...)
	NOT-FOR-US: Solaris
CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...)
	NOT-FOR-US: Keyifweb Keyif Portal
CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...)
	NOT-FOR-US: Citrix
CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...)
	NOT-FOR-US: IBM
CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
	NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...)
	NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...)
	NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
	NOT-FOR-US: iManage CMS
CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...)
	NOT-FOR-US: Top XL
CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...)
	NOT-FOR-US: uttenlocher Webdesign hwdeGUEST
CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...)
	NOT-FOR-US: phpPolls
CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...)
	NOT-FOR-US: Touch Control ActiveX control
CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...)
	NOT-FOR-US: Geeklog
CVE-2006-3755 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3754 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3751 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: HTMLArea3
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...)
	NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...)
	NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...)
	{DSA-1132-1 DSA-1131-1}
	- apache 1.3.34-3 (medium; bug #380231)
	- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
	{DSA-1141-1 DSA-1140-1}
	- gnupg 1.4.5-1 (medium; bug #381204)
	- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
	- linux-2.6 2.6.17-7
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-7
CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...)
	- kdebase <not-affected>
	NOTE: only in Fedora
CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...)
	{DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-XXXX [htdig: several unspecified security problems]
	- htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
	- ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
	- ldap-account-manager 1.0.3-1 (bug #375453; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Plesk
CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...)
	NOT-FOR-US: VideoDB for Mambo
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...)
	NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...)
	NOT-FOR-US: Cisco
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
	NOT-FOR-US: Cisco
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...)
	NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
	NOT-FOR-US: MSIE
CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch ...)
	NOT-FOR-US: Solaris
CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow ...)
	NOT-FOR-US: Eskolar CMS
CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a ...)
	NOT-FOR-US: Norton Personal Firewall
CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...)
	NOT-FOR-US: Oracle
CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
	NOT-FOR-US: Oracle
CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and ...)
	NOT-FOR-US: Oracle
CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
	NOT-FOR-US: Oracle
CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
	{DSA-1157 DSA-1139-1}
	- ruby1.8 1.8.4-3 (bug #378029; medium)
	- ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...)
	NOT-FOR-US: Rocks Clusters
CVE-2006-3692 (** DISPUTED ** ...)
	NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2006-3689 (** DISPUTED ** ...)
	NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...)
	NOT-FOR-US: Francisco Charrua Photo-Gallery
CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: D-Link
CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...)
	NOT-FOR-US: CzarNews
CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...)
	NOT-FOR-US: SoftComplex PHP Event Calendar
CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll ...)
	NOT-FOR-US: Flipper Poll
CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...)
	- awstats 6.5-2 (bug #378960; low)
	[sarge] - awstats 6.4-1sarge3
	NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective
CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...)
	- awstats 6.5-2 (bug #378960; unimportant)
	NOTE: Path disclosure is not an issue for Debian
CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...)
	NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...)
	NOT-FOR-US: FatWire Content Server
CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...)
	NOT-FOR-US: TippingPoint
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
	NOTE: MFSA-2006-45
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird <not-affected>
	- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
	NOT-FOR-US: planetGallery
CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
	NOT-FOR-US: Password Safe
	NOTE: mypasswordsafe and pwsafe might use code from Password Safe,
	NOTE: but the problematic functionality is not present
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...)
	- kdelibs 4:3.5.4-1 (bug #378962; low)
	[sarge] - kdelibs <not-affected> (Doesn't trigger a crash on Sarge)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...)
	{DTSA-31-1}
	- hyperestraier 1.3.3-1 (bug #379060; low)
CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...)
	NOT-FOR-US: Winlpd
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...)
	NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
	{DSA-1123}
	- libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...)
	NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...)
	- squirrelmail 2:1.4.7-1 (unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
	NOT-FOR-US: Finjan Appliance
CVE-2006-3662 (** DISPUTED ** ...)
	NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...)
	NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...)
	NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3646
	RESERVED
CVE-2006-3645
	RESERVED
CVE-2006-3644
	RESERVED
CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3642
	RESERVED
CVE-2006-3641
	RESERVED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...)
	NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...)
	NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-3635
	RESERVED
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...)
	- linux-2.6 2.6.17-1 (medium)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FLV Players
CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...)
	NOT-FOR-US: FLV Players
CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...)
	{DSA-1170}
	- gcc-4.1 4.1.1-11 (bug #368397; low)
	- gcc-3.4 3.4.4-0
	NOTE: gcc-3.4 no longer builds the fastjar package
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, ...)
	NOT-FOR-US: Phorum
CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland ...)
	NOT-FOR-US: Chamberland Technology ezWaiter
CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows ...)
	NOT-FOR-US: Phorum
CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when ...)
	NOT-FOR-US: Simone Vellei Flatnuke
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...)
	NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...)
	NOTE: Sun Solaris
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in ...)
	NOTE: this is CVE-2005-4600
	NOT-FOR-US: Farsinews
CVE-2006-3601 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
	{DSA-1135-1}
	- libtunepimp 0.4.2-4 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...)
	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
	NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...)
	- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...)
	NOT-FOR-US: Cisco
CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through ...)
	NOT-FOR-US: Cisco
CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) ...)
	NOT-FOR-US: Cisco
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
	{DSA-1111}
	- linux-2.6 2.6.17-4 (bug #378324; high)
CVE-2006-XXXX [insufficient form variable escaping]
	- webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...)
	NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows ...)
	NOT-FOR-US: LifeType
CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing
CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...)
	NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...)
	NOT-FOR-US: Papoo
CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...)
	- drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
	NOT-FOR-US: Fantastic Guestbook
CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration ...)
	NOT-FOR-US: Juniper
CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: HiveMail
CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...)
	NOT-FOR-US: HiveMail
CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
	NOT-FOR-US: HiveMail
CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in ...)
	NOT-FOR-US: Winged Gallery
CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow ...)
	NOT-FOR-US: Plume CMS
CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and ...)
	NOT-FOR-US: BT Voyager
CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...)
	NOT-FOR-US: Blue Dojo Graffiti Forums
CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...)
	NOT-FOR-US: auraCMS
CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...)
	NOT-FOR-US: auraCMS
CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...)
	NOT-FOR-US: MT Orumcek Toplist
CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...)
	NOT-FOR-US: Mohamed Moujami ExtCalendar
CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...)
	NOT-FOR-US: MKPortal
CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...)
	NOT-FOR-US: planetNews
CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...)
	NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium
CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and ...)
	NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell)
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...)
	NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...)
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547 (** DISPUTED ** ...)
	NOT-FOR-US: EMC VMware Player
CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote ...)
	NOT-FOR-US: Patrice Freydiere ImgSvr
CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3544 (** DISPUTED ** ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3543 (** DISPUTED ** ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...)
	NOT-FOR-US: Garry Glendown Shopping Cart
CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ...)
	NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help
CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com ...)
	NOT-FOR-US: DKScript.com Dragon's Kingdom Script
CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in ...)
	NOT-FOR-US: BeatificFaith Eprayer
CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop ...)
	NOT-FOR-US: Randshop
CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...)
	- pivot <itp> (bug #305786)
CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot ...)
	- pivot <itp> (bug #305786)
CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...)
	- pivot <itp> (bug #305786)
CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
	NOT-FOR-US: EarlyImpact ProductCart
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...)
	NOT-FOR-US: Simpleboard Mambo module
CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...)
	NOT-FOR-US: BosClassifieds Classified Ads
CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
	NOT-FOR-US: Sport-slo Advanced Guestbook
CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
	NOT-FOR-US: PHCDownload
CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
	NOT-FOR-US: SIPfoundry sipXtapi
CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: SiteForge Collaborative Development Platform
CVE-2006-3520 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sabdrimer Pro
CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...)
	NOT-FOR-US: The Banner Engine
CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...)
	NOT-FOR-US: Webvizyon Portal
CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...)
	NOT-FOR-US: RW::Download
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...)
	NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple ...)
	NOT-FOR-US: Apple
CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...)
	NOT-FOR-US: Apple
CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver ...)
	NOT-FOR-US: Apple
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...)
	NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the &quot;compression state handling&quot; in Bom ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...)
	NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...)
	NOT-FOR-US: MICO
CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
	NOT-FOR-US: Kaillera Server
CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...)
	NOT-FOR-US: AstroDog Press Some Chess
CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...)
	- joomla <itp> (bug #326398)
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	- joomla <itp> (bug #326398)
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyPHP CMS
CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...)
	NOT-FOR-US: QBoard
CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
	- drupal <not-affected> (form_mail Module not in debian)
CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...)
	NOT-FOR-US: Dell Openmanage CD
CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
	- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
	{DSA-1193-1 DSA-1178-1}
	- freetype 2.2.1-5 (bug #379920; medium)
	- libxfont 1:1.2.0-2 (medium; bug #383353)
CVE-2006-3466
	REJECTED
CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3486 (** DISPUTED ** ...)
	- mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...)
	NOT-FOR-US: Symantec
CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka ...)
	NOT-FOR-US: Symantec
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...)
	NOT-FOR-US: Microsoft
CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-3447
	RESERVED
CVE-2006-3446
	RESERVED
CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...)
	NOT-FOR-US: Microsoft
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...)
	NOT-FOR-US: Microsoft
CVE-2006-3437
	RESERVED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2006-3433
	RESERVED
CVE-2006-3432
	REJECTED
	NOTE: duplicate of CVE-2007-0028
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...)
	NOT-FOR-US: WonderEdit Pro CMS
CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...)
	- tor 0.1.1.20-1
CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...)
	- tor 0.1.1.20-1
CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...)
	- tor 0.1.1.20-1
CVE-2006-3416 (** DISPUTED ** ...)
	- tor 0.1.1.20-1
CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the &quot;OR&quot; ...)
	- tor 0.1.1.20-1
CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
	- tor 0.1.1.20-1
CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...)
	- tor 0.1.1.20-1
CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...)
	- tor 0.1.1.20-1
CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...)
	- tor 0.1.1.20-1
CVE-2006-3410 (Tor before 0.1.1.20 creates &quot;internal circuits&quot; primarily consisting ...)
	- tor 0.1.1.20-1
CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...)
	- tor 0.1.1.20-1
CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...)
	- tor 0.1.1.20-1
CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...)
	- tor 0.1.1.20-1
CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...)
	{DSA-1110}
	- samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...)
	- quake3 <itp> (bug #337937)
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...)
	NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...)
	NOT-FOR-US: MoniWiki
CVE-2006-3398 (The &quot;change password forms&quot; in Taskjitsu before 2.0.1 includes ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...)
	NOT-FOR-US: Galleria Mambo Module
CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...)
	NOT-FOR-US: SiteBuilder-FX
CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...)
	NOT-FOR-US: BXCP
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
	NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...)
	{DSA-1199-1}
	- webmin <removed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...)
	NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...)
	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...)
	NOT-FOR-US: Fusion News
CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...)
	NOT-FOR-US: mAds
CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...)
	NOT-FOR-US: mAds
CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...)
	NOT-FOR-US: SturGeoN
CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...)
	{DSA-1119}
	- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
	{DSA-1150-1}
	- shadow 1:4.0.14-1 (bug #379174)
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
	NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
	{DSA-1194-1}
	- libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
	NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...)
	NOT-FOR-US: Randshop
CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...)
	NOT-FOR-US: Hobbit
CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...)
	NOT-FOR-US: Eupla Foros
CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...)
	NOT-FOR-US: Blueboy
CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...)
	NOT-FOR-US: Kamikaze-QSCM
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...)
	NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...)
	NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
	NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...)
	- phpsysinfo <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpgroupware <unfixed> (unimportant)
	NOTE: Only the existence of files inside the WWW root is leaked. If this is
	NOTE: a threat to your setup you most probably shouldn't install a script which
	NOTE: exposes all your system data, either.
CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...)
	NOT-FOR-US: HTML Help ActiveX control
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
	NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
	- mpg123 0.60-1 (bug #377264; medium)
	[sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Opera
CVE-2006-3352 (** DISPUTED ** ...)
	NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...)
	NOT-FOR-US: Windows Explorer
CVE-2006-3695 (Trac before 0.9.6 does not disable the &quot;raw&quot; or &quot;include&quot; commands ...)
	{DSA-1152}
	- trac 0.9.6-1 (medium)
	[sarge] - trac 0.8.1-3sarge5
CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does ...)
	{DSA-1113}
	- zope2.7 <removed> (bug #377285; medium)
	- zope2.8 2.8.7-2 (bug #377277; medium)
	- zope2.9 2.9.3-3 (bug #377286; medium)
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...)
	{DSA-1116}
	- gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
	NOT-FOR-US: AutoVue SolidModel Professional Desktop
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...)
	NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...)
	NOT-FOR-US: HSPcomplete
CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP ...)
	NOT-FOR-US: deV!Lz Clanportal DZCP
CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...)
	NOT-FOR-US: AliPAGER
CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...)
	NOT-FOR-US: Siemens Speedstream Wireless Router
CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in ...)
	NOT-FOR-US: CrisoftRicette
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...)
	NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
	NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...)
	NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...)
	NOT-FOR-US: Atlassian
CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...)
	NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...)
	- twiki 1:4.0.4-3 (low; bug #381907)
	NOTE: only in some server configurations
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
	- libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
	NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
	NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...)
	NOT-FOR-US: Opera
CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...)
	NOT-FOR-US: Hostflow
CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...)
	NOT-FOR-US: Custom dating biz dating script
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
	NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
	- quake3 <itp> (bug #337937)
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
	- quake3 <itp> (bug #337937)
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
	NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
	NOT-FOR-US: phpRaid
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
	NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
	{DSA-1130-1}
	- sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)
	NOT-FOR-US: phpRaid
CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
	NOT-FOR-US: phpRaid
CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...)
	NOT-FOR-US: phpRaid
CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...)
	NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...)
	NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3310
	RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
	NOT-FOR-US: Scout Portal
CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ...)
	NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...)
	NOT-FOR-US: bbsengine
CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring funtion ...)
	NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin ...)
	- phpqladmin <unfixed> (bug #376442; low)
CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in ...)
	NOT-FOR-US: phpmysms
CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...)
	NOT-FOR-US: Usenet Script
CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to ...)
	NOT-FOR-US: Offical Yahoo! Messenger client
CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...)
	NOT-FOR-US: EnergyMech
CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...)
	NOT-FOR-US: Jaws
CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on ...)
	NOT-FOR-US: Cisco
CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and ...)
	NOT-FOR-US: Cisco
CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...)
	NOT-FOR-US: Cisco
CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and ...)
	NOT-FOR-US: Cisco
CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...)
	NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...)
	NOT-FOR-US: H-Sphere
CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
	NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...)
	NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...)
	- webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
	NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...)
	NOT-FOR-US: Some Chess
CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow ...)
	NOT-FOR-US: Softbiz Dating
CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
	NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...)
	NOT-FOR-US: Bee-hive
CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Qdig
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...)
	NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...)
	NOT-FOR-US: vlbook
CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
	NOT-FOR-US: e107
CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...)
	NOT-FOR-US: BNBT TrinEdit and EasyTracker
CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...)
	NOT-FOR-US: Claroline
CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3253 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...)
	NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...)
	{DSA-1114}
	- hashcash 1.21 (bug #376444)
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2006-3249 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2006-3248
	REJECTED
	NOT-FOR-US: PHP Event Calendar
CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...)
	NOT-FOR-US: mvnForum
CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier ...)
	NOT-FOR-US: Anthill
CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in ...)
	{DSA-1108}
	- mutt 1.5.11+cvs20060403-2 (low; bug #375828)
CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB ...)
	NOT-FOR-US: XennoBB
CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in ...)
	NOT-FOR-US: dotProject
CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise ...)
	NOT-FOR-US: Enterprise Groupware System
CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier ...)
	NOT-FOR-US: thinkWMS
CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FineShop
CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 ...)
	NOT-FOR-US: FineShop
CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...)
	NOT-FOR-US: Azureus plugin that isn't distributed by default
CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including ...)
	NOT-FOR-US: WinAmp
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...)
	NOT-FOR-US: Cisco
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
	NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...)
	NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP)
CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...)
	NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...)
	NOT-FOR-US: JaguarEditControl
CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...)
	NOT-FOR-US: WeBBoA Hosting
CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...)
	NOT-FOR-US: NetBSD's KAME stack
CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Opera
CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: singapore
CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
	NOT-FOR-US: singapore
CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite
CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...)
	NOT-FOR-US: Ad Manager
CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...)
	NOT-FOR-US: MPCS
CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
	{DSA-1144-1}
	- chmlib 0.38-1 (bug #374085; low)
CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
	NOT-FOR-US: The Bible Portal Project
CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...)
	NOT-FOR-US: xarancms
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
	NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
	- squirrelmail 2:1.4.7-1 (bug #375782; unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
	NOT-FOR-US: Free Realty
CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...)
	NOT-FOR-US: Free Realty
CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
	NOT-FOR-US: Free Realty
CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...)
	NOT-FOR-US: tplShop
CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
	NOT-FOR-US: IMGallery
CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
	NOT-FOR-US: Sun ONE/iPlanet Messaging Server
CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...)
	NOT-FOR-US: Eduha Meeting
CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...)
	NOT-FOR-US: UltimateGoogle
CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...)
	NOT-FOR-US: Ultimate eShop
CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...)
	NOT-FOR-US: phpTRADER
CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...)
	NOT-FOR-US: CavoxCms
CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...)
	NOT-FOR-US: phpMyForum
CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...)
	NOT-FOR-US: Open-Realty
CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...)
	NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...)
	- netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php in IBD ...)
	NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
	NOT-FOR-US: Maximus SchoolMAX
CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
	NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
	NOT-FOR-US: openCI
CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War 1.5.0 ...)
	NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...)
	NOT-FOR-US: Edge eCommerce Shop
CVE-2006-3136 (** DISPUTED ** ...)
	NOT-FOR-US: Nucleus
CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2006-3133
	RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...)
	NOT-FOR-US: Clubpage
CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote ...)
	NOT-FOR-US: Clubpage
CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...)
	NOT-FOR-US: LinkList
CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does ...)
	NOT-FOR-US: easy-CMS
CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun ...)
	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...)
	{DSA-1165}
	- capi4hylafax 1:01.03.00.99.svn.300-3
CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...)
	{DSA-1163}
	- getrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
	{DSA-1158}
	- streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...)
	{DSA-1138-1}
	- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...)
	{DSA-1143-1}
	- dhcp 2.0pl5-19.5 (bug #380273)
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...)
	{DSA-1151-1}
	- heartbeat-2 2.0.6-2
	- heartbeat 1.2.4-14
CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...)
	{DSA-1129}
	- osiris 4.2.0-2 (medium)
CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...)
	{DSA-1124}
	- fbi 2.05-1
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
	- spread 3.17.3-4 (bug #375617; low)
	[sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...)
	NOT-FOR-US: phpRaid
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
	NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-46
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...)
	NOT-FOR-US: Cisco
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: phpMyDesktop
CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3099
	RESERVED
CVE-2006-3098
	RESERVED
CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and ...)
	NOT-FOR-US: HP-UX Support Tools Manager
CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...)
	NOT-FOR-US: iPostMX
CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 ...)
	NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
	NOT-FOR-US: Calendarix Basic
CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car ...)
	NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 ...)
	NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...)
	NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
	{DSA-1115 DSA-1107}
	- gnupg 1.4.3-2 (bug #375052; bug #375473; low)
	- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...)
	{DSA-1112}
	- mysql-server-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 [termnetd buffer overflow]
	RESERVED
	- termnetd 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
	- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
	- webalizer-stonesteps 2.4.1.2-1
CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in ...)
	NOT-FOR-US: aXentForum
CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus ...)
	NOT-FOR-US: SSPwiz Plus
CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier ...)
	NOT-FOR-US: APBoard
CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in ...)
	NOT-FOR-US: aXentGuestbook
CVE-2006-3076 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...)
	NOT-FOR-US: PictureDis Professional
CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet ...)
	NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...)
	NOT-FOR-US: Cisco
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...)
	NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...)
	NOT-FOR-US: MP3 Search/Archive
CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...)
	NOT-FOR-US: Zeroboard
CVE-2006-3069 (** DISPUTED ** ...)
	NOT-FOR-US: DoubleSpeak
CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex ...)
	NOT-FOR-US: blur6ex
CVE-2006-3064 (SQL injection vulnerability in the add_hit function in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review ...)
	NOT-FOR-US: 5 Star Review
CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...)
	NOT-FOR-US: P.A.I.D
CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3058
	RESERVED
CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...)
	- dhcdbd 1.14-1
CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3053 (** DISPUTED ** ...)
	NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...)
	NOT-FOR-US: Event Registration
CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...)
	NOT-FOR-US: SixCMS
CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...)
	NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
	NOT-FOR-US: Mole Group Ticket Booking Script
CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...)
	NOT-FOR-US: Subtext
CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...)
	NOT-FOR-US: Foing
CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...)
	NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...)
	NOT-FOR-US: CFXe-CMS
CVE-2006-3042 (** DISPUTED ** ...)
	NOT-FOR-US: ISPConfig
CVE-2006-3041 (** DISPUTED ** ...)
	NOT-FOR-US: Codewalkers Ltwcalendar
CVE-2006-3040 (** DISPUTED ** ...)
	NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...)
	NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: 35mmslidegallery
CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...)
	NOT-FOR-US: Xtreme ASP Photo Gallery
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...)
	NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
	NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...)
	NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Minerva
CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
	NOT-FOR-US: Enthrallwebe ePhotos
CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...)
	NOT-FOR-US: ClickGallery
CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...)
	NOT-FOR-US: Chris Lea Lucid Calendar
CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...)
	NOT-FOR-US: EvGenius Counter
CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...)
	NOT-FOR-US: fipsGallery
CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
	NOT-FOR-US: BlueCollar i-Gallery
CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...)
	NOT-FOR-US: WS-Album
CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...)
	NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
	{DSA-1206-1}
	- php5 5.1.4-0.1 (medium)
	- php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 4:4.4.4-1 (unimportant; bug #382259)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
	NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Excel / Flashplayer for Windows
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: Safe mode violations are not supported
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
	NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...)
	- php4 4:4.3.2+rc3-1
CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
	NOT-FOR-US: IBM AIX
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3008
	REJECTED
	NOT-FOR-US: Particle Links
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...)
	NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...)
	- libjpeg62 <not-affected> (--maxmem is set during configure)
	- libjpeg-mmx <removed> (bug #373672; low)
	[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...)
	NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...)
	- zope-zms <unfixed> (bug #373667; unimportant)
	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
	NOTE: register_globals is an unsupported mode of operation in Debian
CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in ...)
	NOT-FOR-US: aePartner
CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB ...)
	NOT-FOR-US: WebprojectDB
CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phazizGuestbook
CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 ...)
	NOT-FOR-US: Ringlink
CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...)
	NOT-FOR-US: VanillaSoft
CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...)
	NOT-FOR-US: Chemical Dictionary
CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...)
	NOT-FOR-US: PICRATE
CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie ...)
	NOT-FOR-US: vSCAL and vsREAL
CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...)
	NOT-FOR-US: ViArt
CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...)
	NOT-FOR-US: ViArt
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...)
	NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PBL Guestbook
CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite ...)
	NOT-FOR-US: PHP Lite Calendar
CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows ...)
	- overkill 0.16-9 (bug #373687; low)
	[sarge] - overkill <no-dsa> (Only DoS against an obscure game, no code injection possible)
CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...)
	NOT-FOR-US: LabWiki
CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network ...)
	NOT-FOR-US: SafeNET
CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft ...)
	NOT-FOR-US: Particle Whois
CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts ...)
	NOT-FOR-US: Xtreme Downloads
CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in ...)
	NOT-FOR-US: Cabacos Web CMS
CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...)
	NOT-FOR-US: Empris
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...)
	NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...)
	- joomla <itp> (bug #326398)
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...)
	NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...)
	NOT-FOR-US: FilZip
CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and ...)
	NOT-FOR-US: i.List
CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...)
	NOT-FOR-US: i.List
CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
	NOT-FOR-US: KAPhotoservice
CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...)
	NOT-FOR-US: NPDS
CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
	NOT-FOR-US: NPDS
CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote ...)
	NOT-FOR-US: NPDS
CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root ...)
	NOT-FOR-US: A-CART
CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...)
	- dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...)
	NOT-FOR-US: FORM2MAIL
CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...)
	NOT-FOR-US: WebFORM
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...)
	- twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...)
	- mailman <not-affected>
	NOTE: Mailman uses the system version of the affected Python lib
	TODO: Check affected Python versions
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-2939
	RESERVED
CVE-2006-2938
	RESERVED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...)
	{DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
	- linux-2.6 2.6.17-3
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...)
	- linux-2.6 <not-affected> (vulnerable code not present)
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...)
	NOT-FOR-US: Sun
CVE-2006-2929 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...)
	NOT-FOR-US: CMS-Bandits
CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
	NOT-FOR-US: CAForum
CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate ...)
	NOT-FOR-US: Qbik
CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Ingate
CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before ...)
	NOT-FOR-US: Ingate
CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as ...)
	- iaxclient 0.0+svn20060520-2
CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie ...)
	NOT-FOR-US: MiraksGalerie
CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in ...)
	NOT-FOR-US: CMPro
CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...)
	- sylpheed 2.2.6-1 (low)
	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
	- sylpheed-claws 1.0.5-3 (bug #372891; low)
	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
	NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...)
	NOT-FOR-US: WinGate
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
	- arts 1.5.3-2 (bug #374003; low)
	[sarge] - arts <not-affected> (Not setuid root in Debian)
	NOTE: artswrapper is not suid root by default, but README.Debian describes it
CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...)
	NOT-FOR-US: jetAudio
CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
	NOT-FOR-US: PicoZip
CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2907
	RESERVED
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
	{DSA-1117}
	- libgd2 2.0.33-5 (bug #372912; low)
	- tetex-bin <not-affected> (Links dynamically, see #382506)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
	NOT-FOR-US: Partial Links
CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle ...)
	NOT-FOR-US: Partial Links
CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...)
	NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...)
	NOT-FOR-US: D-Link
CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
	NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
	{DSA-1126}
	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
	- iax 0.2.2-5
	[sarge] - iax <not-affected> (Vulnerable code not present)
	- iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
	NOT-FOR-US: Funkboard
CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...)
	NOT-FOR-US: Funkboard
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey ...)
	NOTE: There are very few scenarios, where this could be exploited
	NOTE: We can probably ignore this
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
	NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
	NOT-FOR-US: GANTTy
CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...)
	NOT-FOR-US: Wikiwig
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
	NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)
	- knowledgetree <unfixed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
	- knowledgetree <unfixed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...)
	NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...)
	NOT-FOR-US: Kmita
CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...)
	NOT-FOR-US: ASPScriptz
CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
	NOT-FOR-US: DreamAccount
CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...)
	NOT-FOR-US: pyblosxom package doesn't ship plugins
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...)
	NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...)
	- dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...)
	NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
	NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
	- quake3 <itp> (bug #337937)
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
	NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...)
	NOT-FOR-US: Rumble
CVE-2006-2871 (** DISPUTED ** ...)
	NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...)
	NOT-FOR-US: Intelligent Solutions Inc.
CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
	NOT-FOR-US: Avast
CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...)
	NOT-FOR-US: Claroline
CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...)
	NOT-FOR-US: CoolForum
CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...)
	NOT-FOR-US: DotClear
CVE-2006-2865 (** DISPUTED ** ...)
	NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
	NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
	NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
	NOT-FOR-US: Particle Gallery
CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...)
	NOT-FOR-US: Webspotblogging
CVE-2006-2859 (** DISPUTED ** ...)
	NOT-FOR-US: MyBloggie
CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...)
	NOT-FOR-US: LocazoList
CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...)
	NOT-FOR-US: LifeType
CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...)
	NOT-FOR-US: ActiveState
CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...)
	NOT-FOR-US: xueBook
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...)
	NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...)
	NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...)
	NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...)
	NOT-FOR-US: dotProject
CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...)
	NOT-FOR-US: LabWiki
CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...)
	NOT-FOR-US: Bytehoard
CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...)
	NOT-FOR-US: VisionGate
CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
	NOT-FOR-US: Redaxo
CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
	NOT-FOR-US: Redaxo
CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...)
	NOT-FOR-US: Redaxo
CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...)
	NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...)
	NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...)
	NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
	NOT-FOR-US: saphplesson
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...)
	{DSA-1125}
	NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
	NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
	NOTE: fixes CVE-2006-2831.
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...)
	NOT-FOR-US: TIBCO
CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...)
	NOT-FOR-US: TIBCO
CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-2827 (** DISPUTED ** ...)
	NOT-FOR-US: X-Cart
CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...)
	NOT-FOR-US: PHPLIB
CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...)
	NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool
CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...)
	NOT-FOR-US: Logicalware
CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...)
	NOT-FOR-US: ashopKart
CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...)
	NOT-FOR-US: cforum
CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...)
	NOT-FOR-US: DeltaScripts
CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...)
	NOT-FOR-US: HotWebScripts
CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...)
	NOT-FOR-US: Barnraiser Igloo
CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...)
	NOT-FOR-US: Cameron McKay Informium
CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
	NOT-FOR-US: tekno.Portal
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...)
	NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...)
	NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...)
	NOT-FOR-US: iShopCart
CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: PICRATE
CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...)
	NOT-FOR-US: Ovidentia
CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...)
	NOT-FOR-US: Belchior vCard
CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ar-blog
CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...)
	NOT-FOR-US: Lycos
CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...)
	NOT-FOR-US: ASPwebSoft
CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...)
	NOT-FOR-US: Apache James
CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...)
	NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2006-2842 (** DISPUTED ** ...)
	- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
	NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [webalizer: symlink vulnerability]
	- webalizer 2.01.10-29 (low; bug #359745)
	[sarge] - webalizer <no-dsa> (Minor issue)
	NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
	NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...)
	NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
	NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
	{DSA-1105}
	- xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
	NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
	NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
	NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
	NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
	NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
	NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when &quot;load images if ...)
	- evolution 2.4.0-1 (low)
	[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
	NOTE: Verified that the patch has been applied in 2.4.0-1,
	NOTE: may have been fixed earlier.
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.4 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-31
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-33
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-34
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-36
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-42
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-41
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
	{DSA-1134-1 DSA-1118}
	NOTE: MFSA-2006-40
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
	{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-38
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-43
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-37
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-35
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
	NOT-FOR-US: QontentOne
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
	NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
	- snort 2.3.3-8 (low; bug #381726)
	[sarge] - snort <no-dsa> (Minor impact)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
	NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)
	NOT-FOR-US: Ottoman
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...)
	NOT-FOR-US: Interlink
CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...)
	NOT-FOR-US: GuestbookXL
CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...)
	{DSA-1096-1}
	- webcalendar 1.0.4-1 (medium)
CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...)
	NOT-FOR-US: Hitachi
CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...)
	NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...)
	- jetty <unfixed> (bug #393073)
	NOTE: sf: pinged maintainers about jetty 5
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...)
	- jetty <unfixed> (bug #393073)
	NOTE: sf: pinged maintainers about jetty 5
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...)
	NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eitsop
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
	- openldap2.3 <unfixed> (bug #375494; bug #377047; unimportant)
	NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...)
	NOT-FOR-US: OSIC
CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...)
	NOT-FOR-US: OSIC
CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...)
	NOT-FOR-US: OSIC
CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
	NOT-FOR-US: OSIC
CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...)
	NOT-FOR-US: PhpMyDesktop
CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile ...)
	NOT-FOR-US: F@cile
CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile ...)
	NOT-FOR-US: F@cile
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...)
	NOT-FOR-US: F@cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...)
	NOT-FOR-US: tinyBB
CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
	NOT-FOR-US: tinyBB
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...)
	NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...)
	NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
	NOT-FOR-US: Blend Portal
CVE-2006-2735 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Amod
CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...)
	NOT-FOR-US: Hot Open Tickets
CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...)
	NOT-FOR-US: Eggblog
CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...)
	NOT-FOR-US: Fastpublish
CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...)
	NOT-FOR-US: Eggblog
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
	- mozilla-firefox <unfixed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
	NOT-FOR-US: JIWA
CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...)
	NOT-FOR-US: JIWA
CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...)
	NOT-FOR-US: Geeklog
CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...)
	NOT-FOR-US: Geeklog
CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Geeklog
CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...)
	NOT-FOR-US: DGNews
CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...)
	NOT-FOR-US: EzUpload
CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in ...)
	NOT-FOR-US: Nivisec
CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2691 (Unspecified &quot;information leakage&quot; vulnerabilities in aMuleWeb for ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
	NOT-FOR-US: Achievo
CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...)
	NOT-FOR-US: AGTC
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...)
	NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
	- acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...)
	NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...)
	NOT-FOR-US: open-medium
CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...)
	NOT-FOR-US: Back-End
CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...)
	NOT-FOR-US: SocketMail
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...)
	NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
	NOT-FOR-US: Cisco
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...)
	NOT-FOR-US: Tamber Forum
CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...)
	NOT-FOR-US: Elite-Board
CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...)
	NOT-FOR-US: Realty Pro One
CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...)
	NOT-FOR-US: ChatPat
CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 ...)
	NOT-FOR-US: ChatPat
CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2666 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2665 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...)
	NOT-FOR-US: iFdate
CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...)
	NOT-FOR-US: iFlance
CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...)
	NOT-FOR-US: VMware Server
CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
	NOTE: tempnam create a file without the temp extension.  sounds like
	NOTE: another shoot yourself in the foot issue, since the local user
	NOTE: could just as easily create the file manually, and if the
	NOTE: tempnam function is taking unsanitized input, it's an
	NOTE: application error
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...)
	- xsp 1.1.15-1
CVE-2006-2657
	REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
	NOT-FOR-US: build process for ypserv in FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
	NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...)
	NOT-FOR-US: D-Link
CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...)
	NOT-FOR-US: WikiNi
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...)
	NOT-FOR-US: ASPBB
CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...)
	NOT-FOR-US: IBM AIX
CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Plume
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #365910)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
	- mkvtoolnix 1.7.0-2 (bug #370144; low)
CVE-2006-XXXX ['Cache' shell injection vulnerability]
	- wordpress 2.0.3-1 (high; bug #369014)
CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...)
	{DSA-1092-1}
	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)
	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
	- mysql-dfsg-4.1 <removed> (bug #369754; medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
	{DSA-1101}
	- courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
	{DSA-1091-1}
	- tiff 3.8.2-3 (bug #369819; low)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
	NOT-FOR-US: Monster Top List
CVE-2006-2642 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: Php-residence
CVE-2006-2641 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...)
	NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...)
	NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...)
	NOT-FOR-US: TuttoPhp
CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...)
	NOT-FOR-US: Katy Whitton NewsCMSLite
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...)
	NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...)
	NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-2628
	RESERVED
CVE-2006-2627
	RESERVED
CVE-2006-2626
	RESERVED
CVE-2006-2625
	RESERVED
CVE-2006-2624
	RESERVED
CVE-2006-2623
	RESERVED
CVE-2006-2622
	RESERVED
CVE-2006-2621
	RESERVED
CVE-2006-2620
	RESERVED
CVE-2006-2619
	RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...)
	NOTE: Installation path disclosure is uninteresting on Debian systems.
	NOTE: The profile path might be more sensitive, but exploit that
	NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...)
	NOT-FOR-US: Novell Client for Windows
	NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...)
	- mediawiki1.7 <not-affected> (Fixed in 1.7 prior to release)
	- mediawiki1.5 <unfixed> (bug #394568)
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...)
	NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
	NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
	NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...)
	- linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
	- sun-java5 1.5.0-06-1 (low; bug #384734)
CVE-2006-XXXX [mono xsp file disclosure]
	- xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...)
	- cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
	NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...)
	NOT-FOR-US: DSChat
CVE-2006-2604
	REJECTED
CVE-2006-2603
	REJECTED
CVE-2006-2602
	REJECTED
CVE-2006-2601
	REJECTED
CVE-2006-2600
	REJECTED
CVE-2006-2599
	REJECTED
CVE-2006-2598
	REJECTED
CVE-2006-2597
	REJECTED
CVE-2006-2596
	REJECTED
CVE-2006-2595
	REJECTED
CVE-2006-2594
	REJECTED
CVE-2006-2593
	REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...)
	NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...)
	NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...)
	NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
	NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
	NOT-FOR-US: WebTool HTTP server
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
	NOT-FOR-US: IpLogger
CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows ...)
	NOT-FOR-US: Destiney Links Script
CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	NOT-FOR-US: SkyeBox
CVE-2006-2583 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nucleus
CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote ...)
	NOT-FOR-US: RWiki
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...)
	NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...)
	NOT-FOR-US: eSyndicat Directory
CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...)
	- netpanzer 0.8+svn20060319-2 (bug #370146; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...)
	NOT-FOR-US: Software Distributor in HP-UX
CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...)
	NOT-FOR-US: DGBook
CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...)
	NOT-FOR-US: DGBook
CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...)
	NOT-FOR-US: Linklist
CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...)
	NOT-FOR-US: UBB.threads
CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
	- php4 4:4.4.4-1 (bug #370166; unimportant)
	- php5 5.1.6-1 (bug #370165; unimportant)
	NOTE: Safe mode violations are not supported
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
	NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
	NOT-FOR-US: Edimax BR-6104K router
CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...)
	NOT-FOR-US: Sitecom WL-153 router
CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...)
	NOT-FOR-US: Linksys WRT54G router
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
	NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...)
	- newsportal <itp> (bug #149069)
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
	NOT-FOR-US: newsportal
	NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...)
	NOT-FOR-US: Genecys
CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...)
	NOT-FOR-US: Genecys
CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...)
	NOT-FOR-US: HP-UX
CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
	NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...)
	- bind <unfixed> (unimportant)
	- bind9 <not-affected> (does not send parallel queries)
	NOTE: Disabling recursion does not close all attack vectors.
	NOTE: Browser reflection attacks will still work.
	NOTE: Bind 8 design limitations that are only addressed in bind 9 are not
	NOTE: treated a security issues, DNS admins need to be aware what they are using
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: perlpodder
CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...)
	NOT-FOR-US: PDF Form Filling and Flattening Tool
CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
	NOT-FOR-US: prodder/perlpodder
CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...)
	NOT-FOR-US: Sap
CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...)
	NOT-FOR-US: BEA
CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
	{DSA-1086-1}
	- xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
	NOT-FOR-US: Zixforum
CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...)
	NOT-FOR-US: Diesel
CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
	NOT-FOR-US: Sybase
CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...)
	NOT-FOR-US: Windows-only Firefox plugin
CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...)
	NOT-FOR-US: *BOR
CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...)
	NOT-FOR-US: Destiney
CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...)
	NOT-FOR-US: Destiney
CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
	NOT-FOR-US: Destiney
CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...)
	NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
	NOT-FOR-US: Destiney
CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...)
	NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
	NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
	NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)
	NOT-FOR-US: phpBazar
CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...)
	NOT-FOR-US: PHP Easy Galerie
CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
	NOT-FOR-US: UseBB
CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...)
	NOT-FOR-US: UseBB
CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
	NOT-FOR-US: phpListPro
CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...)
	NOT-FOR-US: Dayfox
CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...)
	NOT-FOR-US: BitZipper
CVE-2006-2519 (Directory traversal vulnerability in ...)
	NOT-FOR-US: phpwcms
CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...)
	NOT-FOR-US: phpwcms
CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...)
	NOT-FOR-US: MyWeb
CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...)
	NOT-FOR-US: XOOPS
CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...)
	NOT-FOR-US: Hiox
CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...)
	NOT-FOR-US: Coppermine
CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...)
	NOT-FOR-US: Sun
CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...)
	NOT-FOR-US: Hitachi
CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...)
	NOT-FOR-US: FrontRange
CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
	NOT-FOR-US: phpbb2 mod
CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Sphider
CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...)
	NOT-FOR-US: Oracle
CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
	NOT-FOR-US: AZBOARD
CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...)
	- cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
	NOT-FOR-US: Sun
CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...)
	NOT-FOR-US: Invision
CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...)
	NOT-FOR-US: AspBB
CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
	NOT-FOR-US: Novell
CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...)
	- serendipity 1.0-1
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTampe
CVE-2006-2493
	REJECTED
CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, ...)
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1753 (ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache ...)
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...)
	- gforge 3.1-30
	NOTE: viewFile.php disabled in 3.1-30
CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: BoastMachine
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...)
	NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
	- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...)
	NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
	NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
	NOT-FOR-US: YapBB
CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Quezza
CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp ...)
	NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...)
	NOT-FOR-US: Squirrelcart
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...)
	NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
	NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...)
	- dia 0.95.0-4 (bug #368202; low)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
	NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
	NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...)
	NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 ...)
	NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...)
	NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...)
	NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
	NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...)
	NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
	NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
	- mp3info 0.8.4-9.1 (bug #368207; low)
	[sarge] - mp3info <no-dsa> (Hardly exploitable)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
	NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...)
	NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...)
	NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
	NOT-FOR-US: SugarCRM
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
	{DSA-1081-1}
	- libextractor 0.5.14-1
CVE-2006-2457
	RESERVED
CVE-2006-2456
	RESERVED
CVE-2006-2455
	RESERVED
CVE-2006-2454
	RESERVED
CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...)
	- dia 0.95.0-4 (bug #368202; medium)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the &quot;face browser&quot; feature ...)
	- gdm 2.16.1-1 (bug #375281; medium)
	[sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
	- linux-2.6 2.6.17-3 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass ...)
	- libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
	{DSA-1156}
	- kdebase 4:3.5.2-2 (bug #374002; medium)
CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...)
	- linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
	{DSA-1090-1}
	- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
	- linux-2.6 2.6.16-1
	NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the
	NOTE: patch is included there
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...)
	- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...)
	- linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
	{DSA-1062-1}
	- kphone 1:4.2-3 (bug #337830; medium)
CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...)
	NOT-FOR-US: ZipCentral
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
	NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...)
	NOT-FOR-US: Caucho
CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...)
	NOT-FOR-US: IBM
CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server ...)
	NOT-FOR-US: IBM
CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
	NOT-FOR-US: IBM
CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...)
	NOT-FOR-US: Duware
CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...)
	- clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...)
	- sun-java5 1.5.0-10-1 (bug #384734)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...)
	NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...)
	NOT-FOR-US: ezUserManager
CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...)
	NOT-FOR-US: Confixx
CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
	NOT-FOR-US: phpCOIN
CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...)
	NOT-FOR-US: Pragma
CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...)
	NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
	- bugzilla <unfixed> (unimportant)
CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...)
	NOT-FOR-US: Directory Listing Script
CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...)
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...)
	NOT-FOR-US: e107
CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...)
	NOT-FOR-US: FlexChat
CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...)
	{DSA-1080-1}
	- dovecot 1.0.beta8-1 (low)
	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...)
	- gnunet 0.7.0e-1 (bug #368159; medium)
	[sarge] - gnunet <not-affected> (according to maintainer)
CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
	NOT-FOR-US: Raydium
CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...)
	NOT-FOR-US: Raydium
CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...)
	NOT-FOR-US: Raydium
CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...)
	NOT-FOR-US: Raydium
CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...)
	NOT-FOR-US: Raydium
CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...)
	NOT-FOR-US: ActiveX component
CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...)
	NOT-FOR-US: RadScripts
CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...)
	NOT-FOR-US: Outgun
CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
	NOT-FOR-US: Outgun
CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
	NOT-FOR-US: Outgun
CVE-2006-2399 (Stack-based buffer overflow in the ...)
	NOT-FOR-US: Outgun
CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...)
	NOT-FOR-US: phpODP
CVE-2006-2395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PopPhoto
CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...)
	NOT-FOR-US: PHP Live Support
CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...)
	NOT-FOR-US: Debian's 'empire' is a different game
CVE-2006-2392 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Blue Dragon Platinum
CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...)
	NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2381
	RESERVED
CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...)
	NOT-FOR-US: Microsoft
CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-2377
	RESERVED
CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering ...)
	NOT-FOR-US: Microsoft
CVE-2006-2375
	RESERVED
CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...)
	NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...)
	- vnc4 4.1.1+X4.3.0-10 (high)
	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
	NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
	NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
	- libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
	NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
	NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
	NOT-FOR-US: Limbo
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)
	- binutils 2.17-1 (low; bug #368237)
	[sarge] - binutils <no-dsa> (Very minor issue)
CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2192
	RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
	{DSA-857-1}
	- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
	{DSA-1216}
	- flexbackup 1.2.1-3 (bug #334350; low)
CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...)
	NOT-FOR-US: YaPIG
CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...)
	NOT-FOR-US: YaPIG
CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
	NOT-FOR-US: YaPIG
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
	NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350
	REJECTED
	NOT-FOR-US: AliPAGER
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...)
	- vpopmail <not-affected> (vulnerability introduced in 5.4.14)
	NOTE: Unable to reach CVS to determine if prior versions are affected
	NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...)
	NOT-FOR-US: PassMasterFlex
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...)
	NOT-FOR-US: evoTopsites
CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain ...)
	NOT-FOR-US: PlaNet
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...)
	NOT-FOR-US: D-Link
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...)
	NOT-FOR-US: vBulletin
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...)
	NOT-FOR-US: Windows
CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...)
	NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
	- firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) ...)
	NOT-FOR-US: Novell
CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2324 (180solutions Zango downloads &quot;required Adware components&quot; without ...)
	NOT-FOR-US: 180solutions
CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft ...)
	NOT-FOR-US: SmartISoft
CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...)
	NOT-FOR-US: Cisco
CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...)
	NOT-FOR-US: Intel Windows software
CVE-2006-2315 (** DISPUTED ** ...)
	NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (medium; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (medium)
	- postgresql-8.1 8.1.4-1 (medium)
	[sarge] - pygresql <not-affected> (Already includes proper quoting)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code.  That's why
	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
	NOTE: The following packages needed to adapted to cope with the new system:
	NOTE: psycopg 1.1.21-5 (bug #369230)
	NOTE: python-pgsql 2.4.0-8 (bug #369250)
	NOTE: pygresql 1:3.8-1.1 (bug #369239)
	NOTE: dovecot 1.0.beta8-3 (bug #369359)
	NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (high; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (high)
	- postgresql-8.1 8.1.4-1 (high)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code.  That's why
	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...)
	NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
	NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
	NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
	NOT-FOR-US: Website Baker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
	NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...)
	NOT-FOR-US: Jadu
CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in ...)
	NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...)
	NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...)
	NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...)
	NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...)
	NOT-FOR-US: EImagePro
CVE-2006-2299
	RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
	NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...)
	NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...)
	NOT-FOR-US: EDirectoryPro
CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...)
	NOT-FOR-US: 2005-Comments-Script
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...)
	- avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...)
	- avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...)
	NOT-FOR-US: Vision Source
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Dokeos
CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...)
	NOT-FOR-US: Dokeos
CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
	NOT-FOR-US: Claroline
CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
	NOT-FOR-US: phpRaid
CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...)
	NOT-FOR-US: openEngine
CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...)
	{DSA-1059-1}
	- quagga 0.99.4-1 (bug #366980; low)
CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	- linux-2.6 2.6.16-13
CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka ...)
	NOT-FOR-US: Verisign
CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
	- linux-2.6 <not-affected>
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...)
	NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...)
	NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...)
	NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...)
	NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...)
	NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...)
	- drupal <not-affected> (bug #366947)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
	NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...)
	NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...)
	NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...)
	NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...)
	NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...)
	NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...)
	NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...)
	{DSA-1056-1}
	- webcalendar 1.0.2-2.2 (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...)
	NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...)
	NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...)
	NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
	NOT-FOR-US: Newsadmin
CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
	{DSA-1058-1}
	- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
	- quake3 <itp> (bug #337937)
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
	NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...)
	NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...)
	NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...)
	NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
	NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
	{DSA-1093-1}
	- xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
	- openvpn <unfixed> (unimportant)
	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
	NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...)
	NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...)
	NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, ...)
	NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
	- ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: SQL query disclosure
CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: path disclosure
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...)
	NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBB
CVE-2006-2215
	REJECTED
	NOT-FOR-US: Albinator
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...)
	NOT-FOR-US: Solaris
CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...)
	- xview <unfixed> (unimportant)
	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
	NOTE: those anyway. Exact information is not available, but a similar problem
	NOTE: is already fixed in the Debian package.
CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library ...)
	NOT-FOR-US: Solaris
CVE-2006-XXXX [cyrus-imapd allows user probes]
	- cyrus-imapd-2.2 2.2.13-3
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...)
	NOT-FOR-US: 4images
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...)
	{DSA-1065-1}
	- hostapd 1:0.5.0-1 (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2207
	RESERVED
CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 ...)
	NOT-FOR-US: UltraVNC
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager ...)
	NOT-FOR-US: CA Resource Initialization Manager
CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...)
	- libmms 0.2-7 (bug #374577; medium)
	- mimms 2.0.0-1 (bug #374577; medium)
	- xine-lib 1.1.2-2 (bug #374577; unimportant)
	NOTE: Not exploitable within xine, as alloced buffer are large enough
CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...)
	{DSA-1100}
	- wv2 0.2.2-6 (medium)
CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...)
	{DSA-1102}
	- pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)
	{DSA-1099-1 DSA-1098-1}
	- horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...)
	{DSA-1106}
	- ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
	{DSA-1091-1}
	- tiff 3.8.2-4 (bug #371064; bug #370355; medium)
CVE-2006-2191 (** DISPUTED ** ...)
	- mailman <unfixed> (unimportant)
	NOTE: not exploitable
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...)
	NOT-FOR-US: Servous sBLOG
CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 ...)
	NOT-FOR-US: CMScout
CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...)
	NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...)
	NOT-FOR-US: zenphoto
CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...)
	NOT-FOR-US: Novell
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...)
	NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...)
	NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...)
	NOT-FOR-US: albinator
CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...)
	NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
	NOT-FOR-US: geoBlog
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
	NOT-FOR-US: PHP Linkliste
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
	NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Virtual Hosting Control System (VHCS)
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote ...)
	NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...)
	NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...)
	NOT-FOR-US: WarFTPD
CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...)
	- request-tracker3.4 <not-affected> (file not included in 3.4)
CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: FileProtection Express
CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...)
	NOT-FOR-US: SloughFlash
CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis ...)
	NOT-FOR-US: Avactis
CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...)
	NOT-FOR-US: Avactis
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
	- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...)
	NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...)
	NOT-FOR-US: Russcom
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp ...)
	NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus ...)
	NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ...)
	NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...)
	NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not ...)
	{DSA-1047-1}
	- resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 ...)
	NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter ...)
	NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB ...)
	NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in ...)
	NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...)
	NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 ...)
	NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...)
	NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...)
	NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke ...)
	NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...)
	NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...)
	NOT-FOR-US: Ruperts News
CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...)
	NOT-FOR-US: phpbb2 mod
CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...)
	NOT-FOR-US: Cisco
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
	{DSA-1052-1}
	- cgiirc 0.5.9-1 (bug #365680; medium)
	[sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...)
	NOT-FOR-US: BoonEx Barracuda
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...)
	NOT-FOR-US: DUclassified
CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x ...)
	NOT-FOR-US: Blog Mod
CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...)
	NOT-FOR-US: MaxTrade
CVE-2006-2125
	REJECTED
CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...)
	NOT-FOR-US: SunShop
CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...)
	NOT-FOR-US: Network Administration Visualiazed
CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...)
	NOT-FOR-US: CoolMenus
CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...)
	NOT-FOR-US: I-RATER Platinum
CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
	{DSA-1078-1}
	- tiff 3.8.1 (bug #366588; medium)
CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
	NOT-FOR-US: Artmedic
CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
	NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...)
	- thyme <itp> (bug #361599)
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...)
	NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...)
	NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly other ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
	{DSA-1060-1}
	- kernel-patch-vserver 2:2.0.1-4 (low)
	- linux-2.6 2.6.16-11 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str ...)
	NOTE: #357204: request for removal
	- jsboard 2.0.10-2 (bug #368305; low)
CVE-2006-2108 (parser.exe in Oc&#233; (OCE) 3121/3122 Printer allows remote attackers to ...)
	NOT-FOR-US: OCE
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...)
	NOT-FOR-US: BL4
CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...)
	- trac 0.9.5-1 (medium)
	[sarge] - trac <unfixed> (medium)
	NOTE: http://trac.edgewall.org/changeset/3201
	NOTE: http://trac.edgewall.org/changeset/3287
	NOTE: the second reference fixes a regression in the first.  i *believe*
	NOTE: that these correctly solve the problem, though we really ought
	NOTE: to run this by upstream or the reporter.
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...)
	NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)
	NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...)
	NOT-FOR-US: PowerISO
CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote ...)
	NOT-FOR-US: WinISO
CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows ...)
	NOT-FOR-US: Magic ISO
CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...)
	NOT-FOR-US: UltraISO
CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...)
	NOT-FOR-US: Thumbnail AutoIndex
CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board ...)
	NOT-FOR-US: Invision
CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote ...)
	NOT-FOR-US: LDU
CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...)
	- libnasl 2.2.8-1 (bug #365898; low)
	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
	NOT-FOR-US: HP
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...)
	NOT-FOR-US: Virtual War
CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...)
	NOT-FOR-US: MySmartBB
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in ...)
	NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open ...)
	NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx ...)
	NOT-FOR-US: juniper SSL-VPN
CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended ...)
	- rsync 2.6.8-1 (bug #365614; high)
	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
	- quake3 <itp> (bug #337937)
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
	NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)
	NOT-FOR-US: Verosky
CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky ...)
	NOT-FOR-US: Verosky
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...)
	NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...)
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...)
	NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
	- bind9 <unfixed> (unimportant)
	NOTE: Only exploitable by trusted users after TSIG transaction
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...)
	NOT-FOR-US: DeleGate
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...)
	NOT-FOR-US: Hitachi
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...)
	NOT-FOR-US: Opera
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
	- linux-2.6 2.6.16-8
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...)
	NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
	- pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...)
	NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
	NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...)
	NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...)
	NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...)
	NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...)
	NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
	NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...)
	NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
	NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
	NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
	NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...)
	NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
	NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...)
	NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...)
	NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...)
	NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...)
	NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
	NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...)
	NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...)
	NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...)
	NOT-FOR-US: Adobe
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...)
	NOT-FOR-US: photokorn
CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...)
	NOT-FOR-US: Help Center Live
CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier ...)
	NOT-FOR-US: ampleShop
CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...)
	NOT-FOR-US: Thwboard
CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...)
	NOT-FOR-US: iOpus
CVE-2006-2035 (Websense, when configured to permit access to the dynamic content ...)
	NOT-FOR-US: Websense
CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB ...)
	NOT-FOR-US: FlexBB
CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ...)
	NOT-FOR-US: Core
CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and ...)
	NOT-FOR-US: Core
CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
	NOT-FOR-US: Allied Telesyn
CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...)
	NOT-FOR-US: Pablo Software
CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
	NOT-FOR-US: Fenice
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...)
	NOT-FOR-US: Fenice
CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
	NOT-FOR-US: Apple
CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
	NOT-FOR-US: SUSE-specific
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
	NOT-FOR-US: SUSE-specific
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
	- resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
	- resmgr <not-affected>
CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...)
	- resmgr <not-affected>
CVE-2006-XXXX [librsvg2 crash on certain svg files]
	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...)
	NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.30-1 (medium)
	[sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...)
	{DSA-1057-1}
	- phpldapadmin 0.9.8.3-1 (bug #365313; low)
	- egroupware 1.2-104.dfsg-1 (bug #365314; low)
	NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin
CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...)
	NOT-FOR-US: SL_site
CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 ...)
	NOT-FOR-US: SL_site
CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote ...)
	NOT-FOR-US: SL_site
CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows ...)
	NOT-FOR-US: Skulltag
CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...)
	NOT-FOR-US: 4images
CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...)
	NOT-FOR-US: Bloggage
CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go ...)
	NOT-FOR-US: Built2Go
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
	NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...)
	NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
	NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...)
	NOT-FOR-US: RI Blog
CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...)
	NOT-FOR-US: Community Architect Guestbook
CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...)
	NOT-FOR-US: MyGamingLadder
CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...)
	NOT-FOR-US: logMethods
CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware ...)
	NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier ...)
	NOT-FOR-US: dForum
CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows ...)
	- php4 <not-affected> (substr_compare does not exist in PHP 4.4.2)
	- php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
	- php4 4:4.4.2-1.1 (bug #365311; unimportant)
	- php5 5.1.4-0.1 (bug #365312; unimportant)
	NOTE: This could only be exploited by a malicious, local user, which is an
	NOTE: unsupported use case
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...)
	{DSA-1050-1}
	- clamav 0.88.2
	[sarge] - clamav 0.84-2.sarge.9
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build ...)
	NOT-FOR-US: BOMArchiveHelper
CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...)
	NOT-FOR-US: W2B Online Banking
CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web ...)
	NOT-FOR-US: Manic Web MWGuest
CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and ...)
	NOT-FOR-US: FlexBB
CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...)
	NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
	{DSA-1055-1 DSA-1053-1}
	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
	- mozilla <unfixed> (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
	- typo3-src 4.0.2-1 (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
	- moin 1.5.3-1
CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...)
	NOT-FOR-US: Prayer Request Board
CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...)
	NOT-FOR-US: PHP-Gastebuch
CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router ...)
	NOT-FOR-US: Linksys router
CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...)
	NOT-FOR-US: EasyGallery
CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ...)
	NOT-FOR-US: KRANKIKOM ContentBoxX
CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...)
	NOT-FOR-US: KCScripts Classifieds
CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an ...)
	NOT-FOR-US: KCScripts
CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in ...)
	NOT-FOR-US: KCScripts
CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in ...)
	NOT-FOR-US: KCScripts
CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net ...)
	NOT-FOR-US: Net Clubs Pro
CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and ...)
	NOT-FOR-US: ASPSitem
CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express ...)
	NOT-FOR-US: Cisco
CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user ...)
	NOT-FOR-US: Cisco
CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Lite
CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...)
	NOT-FOR-US: WWWThreads
CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...)
	- mambo 4.6.1-4 (bug #364769; medium)
	- joomla <itp> (bug #326398)
CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...)
	- mambo 4.6.1-4 (bug #364769; medium)
	- joomla <itp> (bug #326398)
CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 ...)
	NOT-FOR-US: Caucho
CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...)
	NOT-FOR-US: WinAgents TFTP Server for Windows
CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in ...)
	NOT-FOR-US: PerlCoders BannerFarm
CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1948 (The &quot;Add Sender to Address Book&quot; operation ...)
	NOT-FOR-US: Lotus Notes
CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and ...)
	NOT-FOR-US: Visale
CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #364443; medium)
	NOTE: this might be the same core issue as CVE-2005-2732
CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft ...)
	NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
	NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-39
	- firefox 1.5.dfsg+1.5.0.4-1 (low)
	- thunderbird <not-affected> (Windows-specific)
	- mozilla 2:1.7.13-0.3 (low)
	- xulrunner <not-affected> (Windows-specific)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
	NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
	{DSA-1157}
	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
	- ruby1.8 1.8.3 (bug #365520)
CVE-2006-1930 (** DISPUTED ** ...)
	NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: I-Rater Platinum
CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
	NOT-FOR-US: Cisco
CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
	NOT-FOR-US: Cisco
CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 ...)
	NOT-FOR-US: ThWboard
CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...)
	NOT-FOR-US: CuteNews
CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 ...)
	NOT-FOR-US: LinPHA
CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
	NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
	NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...)
	NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...)
	NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
	NOT-FOR-US: Blackorpheus ClanMemberSkript
CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: DbbS
CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...)
	NOT-FOR-US: DbbS
CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: DbbS
CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...)
	NOT-FOR-US: Jax Guestbook
CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...)
	NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...)
	NOT-FOR-US: myEvent
CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote ...)
	NOT-FOR-US: myEvent
CVE-2005-4787 (** DISPUTED ** ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2004-2657 (** DISPUTED ** ...)
	- mozilla-firefox <not-affected>
	- firefox <not-affected>
CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...)
	NOT-FOR-US: phpLister
CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
	- xine-ui 0.99.4-1 (bug #363370; unimportant)
	NOTE: This is a non-issue: An attacker would need to trick the user into opening
	NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode
CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...)
	NOT-FOR-US: AnimeGenesis Gallery
CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...)
	- gcc-4.1 4.1.0-2 (bug #356896; unimportant)
	NOTE: Turned out to be a non-issue
CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...)
	NOT-FOR-US: Mozilla Camino
CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...)
	- amaya 9.51-1 (bug #362575; medium)
CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
	NOT-FOR-US: Neuron Blog
CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...)
	NOT-FOR-US: Tiny PHP Forum
CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for &quot;Script ...)
	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...)
	{DSA-1066-1}
	- phpbb2 2.0.18-3 (bug #365533; medium)
CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
	- phpbb2 <not-affected> (bug #365535)
CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...)
	NOT-FOR-US: RevoBoard / PunBB
CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...)
	NOT-FOR-US: ar-blog
CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...)
	NOT-FOR-US: avast! 4 Linux Home Edition
CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
	NOT-FOR-US: betaboard
CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...)
	NOT-FOR-US: myWebland
CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...)
	NOT-FOR-US: Boardsolution
CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: phpGraphy
CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...)
	NOT-FOR-US: Oracle
CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...)
	NOT-FOR-US: Oracle
CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...)
	NOT-FOR-US: Oracle
CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...)
	NOT-FOR-US: Oracle
CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...)
	NOT-FOR-US: Oracle
CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...)
	NOT-FOR-US: Oracle
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows ...)
	- beagle 0.2.6-2 (bug #365371; medium)
CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...)
	{DSA-1103}
	- linux-2.6 2.6.16-10
CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local ...)
	- linux-2.6 <not-affected> (seems to be RedHat-specific)
CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...)
	{DSA-1095-1}
	- freetype 2.2.1-1
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...)
	- linux-2.6 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...)
	- linux-2.6 2.6.16-14
CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ...)
	- linux-2.6 2.6.16-12
CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain ...)
	NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog
	- linux-2.6 2.6.12-1
CVE-2006-1854 (** DISPUTED ** ...)
	NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
	NOT-FOR-US: ModernBill
CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...)
	NOT-FOR-US: Article Publisher Pro
CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...)
	NOT-FOR-US: xFlow
CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...)
	NOT-FOR-US: xFlow
CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...)
	NOT-FOR-US: xFlow
CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...)
	NOT-FOR-US: LinPHA
CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1845
	REJECTED
	NOT-FOR-US: Microsoft Exchange
	NOTE: Duplicate of CVE-2006-0537
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	NOTE: seems to be a duplicate of CVE-2006-1376
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
	NOT-FOR-US: boastMachine
CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 ...)
	NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...)
	NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...)
	NOT-FOR-US: Fuju News
CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in ...)
	NOT-FOR-US: Symantec LiveUpdate
CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...)
	NOT-FOR-US: NetBSD
CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the ...)
	NOT-FOR-US: sysinfo
CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo ...)
	NOT-FOR-US: sysinfo
CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...)
	NOT-FOR-US: Sun Java Studio Enterprise
CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote ...)
	NOT-FOR-US: EAServer Manager in Sybase EAServer
CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
	NOT-FOR-US: PHP121
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
	[woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...)
	NOT-FOR-US: HAURI anti-virus
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...)
	NOT-FOR-US: Snipe Gallery
CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...)
	NOT-FOR-US: phpLinks
CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PhpGuestbook
CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in ...)
	NOT-FOR-US: phpWebSite
CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...)
	NOT-FOR-US: VBulletin
CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow ...)
	NOT-FOR-US: FlexBB
CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 ...)
	NOT-FOR-US: FlexBB
CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain ...)
	NOT-FOR-US: Lifetype
CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype ...)
	NOT-FOR-US: Lifetype
CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...)
	NOT-FOR-US: Musicbox
CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox ...)
	NOT-FOR-US: Musicbox
CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows ...)
	NOT-FOR-US: PowerClan
CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected>
CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport)
	NOTE: maintainer considers this not-affected.
CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in ...)
	NOT-FOR-US: planetSearch+
CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 ...)
	NOT-FOR-US: SimpleBBS
CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers ...)
	NOT-FOR-US: Censtore
CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...)
	NOT-FOR-US: RateIt
CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links ...)
	- wordpress 2.0.1 (bug #328909)
CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...)
	NOT-FOR-US: UPDI Network Enterprise
CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...)
	NOTE: only in experimental
	- mambo 4.5.3h-1 (bug #354468)
CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows ...)
	NOT-FOR-US: runCMS
CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5
	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
	NOT-FOR-US: pajax
CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, ...)
	NOT-FOR-US: Adobe
CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's ...)
	NOT-FOR-US: Adobe
CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...)
	NOT-FOR-US: Adobe
CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote ...)
	NOT-FOR-US: Adobe
CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in ...)
	NOT-FOR-US: Sphider
CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...)
	NOT-FOR-US: PatroNet CMS
CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R ...)
	NOT-FOR-US: Circle R Monster Top List
CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...)
	NOT-FOR-US: Simplog
CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Only exploitable by authenticated admin users
CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...)
	- mnogosearch 3.2.37-3.1 (bug #361775)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...)
	NOT-FOR-US: SAXoPRESS
CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...)
	NOT-FOR-US: AzDGVote
CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...)
	NOT-FOR-US: Papoo
CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 ...)
	NOT-FOR-US: JBook
CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...)
	NOT-FOR-US: JetPhoto
CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...)
	NOT-FOR-US: Vegadns
CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...)
	NOT-FOR-US: Vegadns
CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a ...)
	NOT-FOR-US: MD News 1
CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote ...)
	NOT-FOR-US: MD News 1
CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite ...)
	{DSA-1035-1}
	- fcheck 2.7.59-8
CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
	NOT-FOR-US: MvBlog
CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow ...)
	NOT-FOR-US: MvBlog
CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Autogallery
CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
	NOT-FOR-US: phpListPro
CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows ...)
	NOT-FOR-US: XMB Forum
CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War
CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
	NOT-FOR-US: PHPList
CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
	NOT-FOR-US: Bitweaver
CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...)
	NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: The Mozilla Foundation labels this as "critical", but it's not
	NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
	NOTE: exploitable in the default configuration.
	- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla <unfixed> (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: If print preview (and this bug) can be triggered from JavaScript,
	NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla <unfixed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.2 (medium)
	- mozilla-firefox <unfixed> (medium)
	- mozilla <unfixed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
	NOT-FOR-US: ShopXS
CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...)
	{DSA-1042-1}
	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...)
	NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...)
	NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...)
	NOT-FOR-US: DNGuestbook
CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...)
	NOTE: this does not affect linux
	TODO: check kfreebsd
CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...)
	NOT-FOR-US: NetBSD
CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...)
	NOT-FOR-US: NetBSD
CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
	NOT-FOR-US: SergiD Top Music module
CVE-2005-4780 (** DISPUTED ** ...)
	NOT-FOR-US: LightHouse CMS
CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
	NOT-FOR-US: NetBSD
CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...)
	- powersave 0.12.7-1
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find
	TODO: Pinged maintainer.  Not clear if this bug has indeed been fixed.
CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...)
	NOT-FOR-US: Tashcom ASPEdit
CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
	NOT-FOR-US: NetBSD
CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...)
	NOT-FOR-US: Contineo
CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...)
	NOT-FOR-US: Xerver
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
	NOT-FOR-US: VMware
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
CVE-2006-XXXX [firebird local DoS]
	- firebird2 1.5.3.4870-4 (bug #362001)
	[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...)
	{DSA-1036-1}
	- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...)
	- mailman 0:2.1.7-2.1.8rc1-1
	[sarge] - mailman <not-affected> (Only affects Mailman 2.1.7)
CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...)
	{DSA-1032-1}
	- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...)
	NOT-FOR-US: interaktiv.shop
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
	NOT-FOR-US: Clansys
CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with &quot;SELECT&quot; ...)
	NOT-FOR-US: Oracle
CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...)
	NOT-FOR-US: SPIP
CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...)
	NOT-FOR-US: Aweb Scripts Seller
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...)
	NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...)
	- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
	{DSA-1068-1}
	- fbi 2.05-1 (bug #361370)
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...)
	NOT-FOR-US: XBrite Members
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...)
	NOT-FOR-US: HP-UX
CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...)
	NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...)
	NOT-FOR-US: TalentSoft Web+Shop
CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...)
	- cherokee 0.5.1-1
CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...)
	NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...)
	NOT-FOR-US: Cisco
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...)
	NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...)
	- libxine1 <not-affected> (Not reproducible with Debian version, see bug #363127)
CVE-2006-1663
	REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...)
	NOT-FOR-US: SKForum
CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...)
	NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...)
	NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise ...)
	NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...)
	NOT-FOR-US: Tux Racer TuxBank
CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, ...)
	- xscreensaver 4.18-1 (low)
CVE-2006-XXXX [linphone insecure password leakage]
	- linphone 1.3.5-1 (bug #361913)
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...)
	- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...)
	{DSA-1074-1}
	- mpg123 0.59r-22 (bug #361863; unknown)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ...)
	NOT-FOR-US: UltraVNC
CVE-2006-1651 (** DISPUTED ** ...)
	NOT-FOR-US: MS ISA
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...)
	NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The &quot;restore to&quot; selection in the &quot;quarantine a file&quot; capability of ...)
	NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified &quot;logical programming mistake&quot; in SMART SynchronEyes ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
	NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732
CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...)
	NOT-FOR-US: ReloadCMS
CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...)
	NOT-FOR-US: Interact
CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows ...)
	NOT-FOR-US: Interact
CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows ...)
	NOT-FOR-US: Interact
CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote ...)
	NOT-FOR-US: CzarNews
CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...)
	NOT-FOR-US: CzarNews
CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote ...)
	NOT-FOR-US: wpBlog
CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote ...)
	NOT-FOR-US: aWebBB
CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 ...)
	NOT-FOR-US: aWebBB
CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar ...)
	NOT-FOR-US: VWar
CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1633
	RESERVED
CVE-2006-1632
	RESERVED
CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in ...)
	NOT-FOR-US: Cisco
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...)
	{DSA-1045-1}
	- openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...)
	NOT-FOR-US: Adobe LiveCycle
CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide ...)
	NOT-FOR-US: Adobe Document Server
CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package ...)
	- sysklogd <unfixed> (unimportant)
	NOTE: No sane person will open a network socket for syslog without apropriate
	NOTE: firewall rules. The default is not to listen to the network.
CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified &quot;file created ...)
	NOT-FOR-US: FleXiBle Development
CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit ...)
	NOT-FOR-US: PHPSelect
CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote ...)
	NOT-FOR-US: WebSphere
CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf ...)
	- doomsday <itp> (bug #319419)
CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote ...)
	NOT-FOR-US: aWebNews
CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in ...)
	NOT-FOR-US: aWebNews
CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 ...)
	NOT-FOR-US: KGB Archiver
CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...)
	NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
	- php4 4:4.4.4-1 (bug #361856; unimportant)
	- php5 5.1.4-0.1 (bug #361915; unimportant)
	NOTE: Safe mode violations not supported
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...)
	- phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
	NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
	NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
	NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
	NOTE: javascript in your password can't be exposed otherwise
	NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
CVE-2006-1602 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPNuke Clan
CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...)
	NOT-FOR-US: Sun Cluster
CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before ...)
	NOT-FOR-US: v-creator
CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows ...)
	NOT-FOR-US: AN HTTPD
CVE-2006-1597
	RESERVED
CVE-2006-1596 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in ...)
	NOT-FOR-US: Claroline
CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php ...)
	NOT-FOR-US: Claroline
CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...)
	NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...)
	- acidbase 1.2.5-1 (bug #363548; low)
	[sarge] - acidbase <no-dsa> (Hardly exploitable)
	- acidlab <removed> (bug #363549; low)
	[sarge] - acidlab <no-dsa> (Hardly exploitable)
CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has &quot;set record&quot; in .mailrc with the ...)
	NOT-FOR-US: NetBSD
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
	- openoffice.org 1.0.2
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
	NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...)
	NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 ...)
	NOT-FOR-US: Bugzero
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board ...)
	NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
	NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1133-1}
	[woody] - mantis <not-affected> (Vulnerable code not present)
	- mantis 0.19.4-3.1 (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
	NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: QLnews
CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, ...)
	NOT-FOR-US: Groupmax World Wide Web et. al.
CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash ...)
	NOT-FOR-US: MediaSlash Gallery
CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote ...)
	NOT-FOR-US: Oxygen
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in ...)
	NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 ...)
	NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote ...)
	NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: RedCMS
CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in ...)
	NOT-FOR-US: SiteSearch Indexer
CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in ...)
	- libtunepimp 0.4.2-3 (bug #359241; low)
	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...)
	- gpib 3.2.06-3 (bug #359239; low)
	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for ...)
	- subversion 1.3.0-5 (bug #359234; low)
	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ...)
	NOT-FOR-US: VBook
CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VBook
CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba ...)
	NOT-FOR-US: VBook
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...)
	NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote ...)
	NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
	NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
	- php4 <unfixed> (bug #361854; unimportant)
	- php5 <unfixed> (bug #361917; unimportant)
	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...)
	NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...)
	NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...)
	NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow
	NOTE: Should be rejected
CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...)
	NOT-FOR-US: EzASPSite
CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...)
	- bsdgames 2.17-6 (bug #361160)
	[sarge] - bsdgames <no-dsa> (Minor impact)
CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...)
	NOT-FOR-US: Enova X-Wall ASIC
CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...)
	- webcalendar <unfixed> (unimportant)
CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote ...)
	NOT-FOR-US: Null news
CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop ...)
	NOT-FOR-US: Sourceworkshop newsletter
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2-1 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ...)
	- linux-2.6 2.6.13-1
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
	- linux-2.6 2.6.16-12 (low)
CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...)
	- xorg-server 1:1.0.2-8 (bug #378464)
	[sarge] - xfree86 <not-affected> (Vulnerable code not present)
CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...)
	- linux-2.6 2.6.16-7
CVE-2006-1521
	RESERVED
CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...)
	NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag)
	- libspf <not-affected> (bug #368780; low)
CVE-2006-1519
	REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium)
	- mysql-dfsg-4.1 <removed> (bug #365939; medium)
	- mysql-dfsg <removed> (bug #365939; bug #356751; medium)
	- mysql <removed> (bug #365939; medium)
CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; bug #366043; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...)
	{DSA-1084-1}
	- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
	{DSA-1043-1}
	- abcmidi 20060422-1
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted ...)
	{DSA-1041-1}
	- abc2ps <removed> (bug #373685; low)
CVE-2006-1512
	REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...)
	NOT-FOR-US: Microsoft
CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...)
	NOT-FOR-US: HP-UX
CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...)
	NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...)
	- acidbase 1.2.4-1 (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote ...)
	NOT-FOR-US: MPlayer
	NOTE: I can't find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows ...)
	NOT-FOR-US: OneOrZero
CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows ...)
	NOT-FOR-US: Tilde CMS 3.0
CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows ...)
	NOT-FOR-US: vCounter
CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...)
	NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 4:4.4.4-1 (bug #361855; unimportant)
	- php5 5.1.4-0.1 (bug #361916; unimportant)
	NOTE: open_basedir violations are not supported
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE ...)
	NOT-FOR-US: FusionZONE CouponZONE
CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in ...)
	NOT-FOR-US: Virtual War
CVE-2006-XXXX [unixodbc rpath set to /home]
	- unixodbc 2.2.11-11 (bug #358142; low)
	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
CVE-2006-XXXX [fftw rpath set to user home]
	- fftw 2.1.3-17 (bug #358157; low)
	[sarge] - fftw <not-affected> (No rpath set in Sarge)
CVE-2006-XXXX [gauche-config rpath set to user home]
	- gauche 0.8.7-1 (bug #358139; low)
	[sarge] - gauche <not-affected> (gauche-config is a shell script in Sarge)
CVE-2006-XXXX [tcpquota rpath set to user home]
	- tcpquota 1.6.15-11 (bug #358369; low)
	[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell name)
CVE-2006-XXXX [hamlib3-perl rpath set to user home]
	- hamlib 1.2.5-3 (bug #358166; low)
	[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in ...)
	{DSA-1025-1}
	- dia 0.94.0-18 (bug #360566)
CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...)
	- mediawiki 1.4.15-1
	- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...)
	- php5 5.1.4-0.1 (bug #359907; low)
	- php4 4:4.4.2-1.1 (bug #359904; low)
	[sarge] - php4 <no-dsa> (Application's responsibility to sanitize input)
CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
	NOT-FOR-US: realestateZONE
CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users ...)
	NOT-FOR-US: Greymatter
CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files, ...)
	NOT-FOR-US: Genius VideoCAM NB Driver
CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...)
	NOT-FOR-US: Blazix Web Server
CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...)
	NOT-FOR-US: ConfTool
CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows ...)
	NOT-FOR-US: PHP Ticket
CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...)
	NOT-FOR-US: WebAlbum
CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey ...)
	NOT-FOR-US: Serge Rey gtd-php
CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the &quot;failed&quot; functionality ...)
	NOT-FOR-US: Raindance Web Conferencing Pro
CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 ...)
	NOT-FOR-US: Apple
CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers ...)
	- openldap2 <not-affected> (Vulnerable code not present)
	- openldap2.2 <unfixed> (medium)
CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to ...)
	NOT-FOR-US: Apple
CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before ...)
	NOT-FOR-US: Apple iTunes
CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...)
	NOT-FOR-US: Apple
CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when &quot;Open `safe' files after ...)
	NOT-FOR-US: Apple
CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to ...)
	NOT-FOR-US: Apple
CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a ...)
	NOT-FOR-US: MySQL Manager
CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted ...)
	NOT-FOR-US: Apple
CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an ...)
	NOT-FOR-US: Apple
CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when &quot;Enable access for ...)
	NOT-FOR-US: Apple
CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 ...)
	NOT-FOR-US: Apple
CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...)
	NOT-FOR-US: Apple
CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not ...)
	NOT-FOR-US: Apple
CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...)
	NOT-FOR-US: aphpkb
CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...)
	NOT-FOR-US: UPOINT
CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...)
	NOT-FOR-US: UPOINT
CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in ...)
	NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria
CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ...)
	NOT-FOR-US: CONTROLzx HMS
CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in ...)
	NOT-FOR-US: classifiedZONE
CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 ...)
	NOT-FOR-US: phpCOIN
CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily ...)
	NOT-FOR-US: phpmyfamily
CVE-2006-1424
	REJECTED
CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...)
	NOT-FOR-US: UBB.threads
CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calendar ...)
	NOT-FOR-US: PHP Booking Calendar
CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...)
	NOT-FOR-US: AkoComment
CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...)
	NOT-FOR-US: nuked-klan
CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris ...)
	NOT-FOR-US: Caloris Planitia E-School Management
CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris ...)
	NOT-FOR-US: Caloris Planitia Online Quiz System
CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...)
	NOT-FOR-US: Absolute FAQ Manager .NET
CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB ...)
	NOT-FOR-US: dotNetBB
CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in ...)
	NOT-FOR-US: Toast Forums
CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro ...)
	NOT-FOR-US: EZHomepagePro
CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...)
	NOT-FOR-US: TFT Gallery
CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...)
	NOT-FOR-US: XIGLA Absolute Live Support
CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
	NOT-FOR-US: Helm Web Hosting Control Panel
CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx ...)
	NOT-FOR-US: uniForum
CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in ...)
	NOT-FOR-US: SweetSuite.NET Content Management System
CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in ...)
	NOT-FOR-US: BlankOL
CVE-2006-1403 (Format string vulnerability in the PrintString function in ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Calendar Express
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...)
	NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...)
	NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...)
	NOT-FOR-US: WebHost Automation Ltd Helm
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...)
	{DSA-1089-1}
	- freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
	NOT-FOR-US: Solaris
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...)
	NOT-FOR-US: Cholod
CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...)
	NOT-FOR-US: Cholod
CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...)
	NOT-FOR-US: Quick 'n Easy/Baby Web Server
CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...)
	NOT-FOR-US: Shortcoming of Gentoo-specific games packaging
CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...)
	- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...)
	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...)
	NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...)
	NOT-FOR-US: IBM Tivoli Business Systems Manager
CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...)
	NOT-FOR-US: vBulletin
CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...)
	NOT-FOR-US: Trend Micro
CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...)
	NOT-FOR-US: Baby FTP Server
CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...)
	NOT-FOR-US: Baby FTP Server
CVE-2002-2209 (Unspecified &quot;security vulnerability&quot; in Baby FTP Server versions ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak ...)
	NOT-FOR-US: PasswordSafe
CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
	NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: AdMan
CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
	NOT-FOR-US: AdMan
CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...)
	NOT-FOR-US: PHP Live!
CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
	NOT-FOR-US: 1WebCalendar
CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page
CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...)
	NOT-FOR-US: Real Player, according to Real Helix not affected
CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...)
	NOT-FOR-US: Microsoft
CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...)
	NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
	NOT-FOR-US: OSWiki
CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...)
	NOT-FOR-US: MusicBox
CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...)
	- libvc 003-4
CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets &quot;BUILTIN\Everyone&quot; ...)
	NOT-FOR-US: avast AV
CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
	{DSA-1089-1}
	- freeradius 1.1.0-1.2 (bug #359042; high)
CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...)
	NOT-FOR-US: 99Articles.com
CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...)
	NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
	NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
	{DSA-1097-1}
	- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
	NOT-FOR-US: Veritas Backup
CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
	NOT-FOR-US: AnyPortal
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
	NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
	NOT-FOR-US: CuteNews
CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...)
	NOT-FOR-US: MailEnable
CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...)
	NOT-FOR-US: ExtCalendar
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...)
	- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...)
	NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
	NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...)
	NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...)
	- jabberd2 2.0s11-1 (bug #357874)
CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP ...)
	NOT-FOR-US: Skull-Splitter PHP
CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote ...)
	NOT-FOR-US: SoftBB
CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows ...)
	NOT-FOR-US: Streber
CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows ...)
	NOT-FOR-US: WinHKI
CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Netware
CVE-2006-1318
	RESERVED
CVE-2006-1317
	RESERVED
CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...)
	NOT-FOR-US: Microsoft JScript
CVE-2006-1312
	RESERVED
CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2006-1310
	RESERVED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1307
	RESERVED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-1299
	RESERVED
CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...)
	- beagle 0.2.3-1 (bug #357392; low)
CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...)
	NOT-FOR-US: SPIP
CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...)
	NOT-FOR-US: KnowledgebasePublisher
CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...)
	NOT-FOR-US: Contrexx
CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...)
	- libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
	- libcgi-session-perl 4.07-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...)
	- libcgi-session-perl 4.11-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GGZ Gaming Zone
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...)
	NOT-FOR-US: Antivir
CVE-2006-1273 (** DISPUTED ** ...)
	NOT-FOR-US: Reportedly problem with a firefox addon
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote ...)
	NOT-FOR-US: OxyNews
CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in ...)
	NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might ...)
	- zoo 2.10-18 (bug #367858; low)
	[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 ...)
	NOT-FOR-US: Funkwerk X2300
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in ...)
	NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1263 (Multiple &quot;unannounced&quot; cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.0.2-1
CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1-1 (bug #358812)
CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow ...)
	NOT-FOR-US: Maian Support
CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...)
	- phpmyadmin 4:2.8.0.2-2 (bug #382228)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren ...)
	NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook
CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging ...)
	NOT-FOR-US: Mercur Messaging
CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows ...)
	NOT-FOR-US: BorderWare MXtreme
CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote ...)
	NOT-FOR-US: glFTPd
CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 ...)
	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...)
	NOT-FOR-US: Winmail
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...)
	NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...)
	NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp ...)
	NOT-FOR-US: NeLogic Nephp Publisher
CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to ...)
	NOT-FOR-US: Echelog
CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...)
	NOT-FOR-US: NetBSD
CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...)
	NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: TuxBank
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2005-XXXX [xsupplicant information leak]
	- xsupplicant 1.0.1-5 (bug #317703; low)
CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
	{DSA-1019-1 DSA-982-1}
	- xpdf <not-affected> (All issues previously fixed)
	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
	- gpdf 2.10.0-3
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-4
CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
	NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
	NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
	NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
	NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
	NOT-FOR-US: Tivoli
CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
	{DSA-1010-1 DSA-1009-1}
	- crossfire 1.9.0-2 (medium)
CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
	NOT-FOR-US: HitHost
CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
	NOT-FOR-US: DSCounter
CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
	NOT-FOR-US: WMNews
CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
	NOT-FOR-US: DSDownload
CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
	- capi4hylafax <not-affected> (Affected DEFINE not defined)
CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...)
	NOT-FOR-US: vCard
CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...)
	NOT-FOR-US: GuppY
CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...)
	NOT-FOR-US: Jupiter Content Manager
CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...)
	NOT-FOR-US: zeroboard
CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...)
	NOT-FOR-US: TrueVector
CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
	NOT-FOR-US: Not included in php-pear or php4-pear
CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
	- darcsweb 0.15-1
CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...)
	NOT-FOR-US: MacOS X
CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and ...)
	- gallery2 2.0.4-1
CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to ...)
	NOT-FOR-US: DSPoll
CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...)
	NOT-FOR-US: Runcms
CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab ...)
	NOT-FOR-US: Woltlab BB
CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified ...)
	NOT-FOR-US: UnrealIRCd
CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier ...)
	NOT-FOR-US: JiRo's Banner System Experience and Professional
CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows ...)
	NOT-FOR-US: CoreNews
CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL ...)
	NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
	NOT-FOR-US: Tivoli
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
	NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...)
	- dropbear <unfixed> (unimportant)
	NOTE: By design to protect against DoSing the complete machine, future versions
	NOTE: will mitigate by introducing per-IP limits
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...)
	NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...)
	NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...)
	NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...)
	NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...)
	NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...)
	NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...)
	NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly ...)
	NOT-FOR-US: Microsoft
CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...)
	NOT-FOR-US: Microsoft
CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1187
	RESERVED
CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
	NOT-FOR-US: Microsoft
CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...)
	- base-config <not-affected> (UBuntu specific)
	- shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...)
	NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
	RESERVED
CVE-2006-1180
	RESERVED
CVE-2006-1179
	RESERVED
CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Tamarack MMSd
CVE-2006-1177
	RESERVED
CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
	NOT-FOR-US: eBay Enhanced Picture Services
CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...)
	NOT-FOR-US: WeOnlyDo! SFTP
CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...)
	- shadow 1:4.0.15-10 (low)
	[sarge] - shadow <not-affected> (Vulnerable code was introduced later)
CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...)
	{DSA-1155}
	- sendmail 8.13.7-1 (low; bug #373801)
CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
	NOT-FOR-US: ActiveX control
CVE-2006-1171
	RESERVED
CVE-2006-1170
	RESERVED
CVE-2006-1169
	RESERVED
CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...)
	{DSA-1149-1}
	- ncompress 4.2.4-16
CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...)
	NOT-FOR-US: SGI
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
	- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
	NOT-FOR-US: Nodez
CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows ...)
	NOT-FOR-US: Nodez
CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows ...)
	NOT-FOR-US: Nodez
CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic ...)
	NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...)
	NOT-FOR-US: D2-Shoutbox
CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...)
	- teg 0.11.1-3 (bug #357645; low)
	[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL ...)
	NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...)
	- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...)
	NOT-FOR-US: Hit Host
CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 ...)
	NOT-FOR-US: FTPoed Blog Engine
CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows ...)
	NOT-FOR-US: Ravenous Web Server
CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows ...)
	- qmailadmin <removed> (bug #357896; medium)
CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote ...)
	NOT-FOR-US: RedBLoG
CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 ...)
	NOT-FOR-US: sBlog
CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...)
	NOT-FOR-US: CyBoards
CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 ...)
	NOT-FOR-US: vbzoom
CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote ...)
	NOT-FOR-US: vbzoom
CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS ...)
	NOT-FOR-US: bitweaver
CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows ...)
	NOT-FOR-US: EKINboard
CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows ...)
	NOT-FOR-US: EKINboard
CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-XXXX [Directory traversal issue in Namazu2]
	- namazu2 <not-affected> (Windows-specific issue)
CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...)
	- monotone 0.26pre1-0.1 (low)
	[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
	NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...)
	- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...)
	- gallery2 2.0.3
CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...)
	- gallery2 2.0.3
CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...)
	NOT-FOR-US: Grisoft AVG
CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...)
	NOT-FOR-US: RevilloC MailServer and Proxy
CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...)
	NOT-FOR-US: CuteNews
CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...)
	NOT-FOR-US: Cpanel (PHP)
CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...)
	NOT-FOR-US: Aardvark
CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...)
	NOT-FOR-US: nCipher
CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...)
	NOT-FOR-US: nCipher
CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
	NOT-FOR-US: nCipher
CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...)
	NOT-FOR-US: Loudblog
CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...)
	NOT-FOR-US: Loudblog
CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...)
	NOT-FOR-US: Total Ecommerce
CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...)
	NOT-FOR-US: logIT
CVE-2006-1098 (** DISPUTED ** ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1096 (** DISPUTED ** ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in ...)
	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...)
	NOT-FOR-US: Solaris
CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...)
	NOT-FOR-US: PunBB
CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...)
	NOT-FOR-US: PunBB
CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1086
	REJECTED
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
	NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...)
	NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable, but source contains note about
	NOTE: not being safe for sudo
	NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...)
	NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...)
	NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...)
	NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...)
	NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...)
	NOT-FOR-US: VXWorks
CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...)
	- curl 7.15.3-1
	[woody] - curl <not-affected> (Vulnerable code not present)
	[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
	{DSA-1038-1 DSA-1037-1}
	- xzgv 0.8-5.1 (bug #362288; medium)
	- zgv 5.9-2
CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...)
	- samba 3.0.22-1
	[woody] - samba <not-affected>
	[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which ...)
	- busybox 1:1.1.3-1 (low; bug #360578)
	[woody] - busybox <not-affected>
	[sarge] - busybox <not-affected>
CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...)
	{DSA-1040-1}
	- gdm 2.14.4-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
	- kfreebsd-source-5.4 5.4-17
	- xen-3.0 3.0.2+hg9656-1
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...)
	- linux-2.6 2.6.16-6
CVE-2006-1054
	REJECTED
CVE-2006-1053
	RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
	NOT-FOR-US: Akurru Social BookMarking Engine
CVE-2006-1050 (** DISPUTED ** ...)
	NOT-FOR-US: Kwik-Pay Payroll
CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...)
	- amaya 9.4-1 (bug #341424)
	[sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set)
CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little ...)
	- runit 1.4.1-1 (bug #356016; medium)
	[sarge] - runit <not-affected>
CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access ...)
	NOT-FOR-US: Joomla!
CVE-2006-1047 (Unspecified vulnerability in the &quot;Remember Me login functionality&quot; in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...)
	- monopd 0.9.3-2 (bug #355797; low)
	[sarge] - monopd <no-dsa> (Very minor security ramifications)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when &quot;Block ...)
	{DSA-1051-1 DSA-1046-1}
	- thunderbird 1.5.0.2-1
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
	NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...)
	NOT-FOR-US: Gregarius
CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...)
	NOT-FOR-US: Gregarius
CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...)
	NOT-FOR-US: vBulletin
CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote ...)
	NOT-FOR-US: SAP
CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...)
	NOT-FOR-US: SecureCRT
CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...)
	NOT-FOR-US: Oracle
CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
	NOT-FOR-US: phpRPC
CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...)
	NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any ...)
	NOT-FOR-US: JFacets
CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage ...)
	NOT-FOR-US: HP System Management
CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...)
	NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...)
	NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
	NOT-FOR-US: DCI-Design Dawaween
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...)
	NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...)
	NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <unfixed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <unfixed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...)
	NOT-FOR-US: SMartBlog
CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...)
	- wordpress 2.0.1-1
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...)
	NOT-FOR-US: LetterMerger
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...)
	{DSA-1001-1}
	- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
	NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...)
	NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...)
	NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...)
	NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...)
	NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...)
	NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...)
	NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
	NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
	- php4 4:4.4.4-1 (bug #361853; unimportant)
	- php5 5.1.4-0.1 (bug #361914; unimportant)
	NOTE: Non-issue, explicit debug feature
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
	NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)
	NOT-FOR-US: Sophos
CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before ...)
	NOT-FOR-US: 3Com
CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...)
	NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...)
	- bind <unfixed> (bug #355787; unimportant)
	- bind9 <unfixed> (bug #356266; unimportant)
	NOTE: This is within the responsibilities of a local admin, especially when
	NOTE: operating a DNS server, affected sites can configure AllowRecursion
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...)
	- wordpress 2.0.2-1 (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;post ...)
	- wordpress 2.0.2-1 (bug #355055; medium)
CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...)
	NOT-FOR-US: EJ3 TOPo not in debian
CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)
	NOT-FOR-US: QWikiWiki not in debian
CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some ...)
	NOT-FOR-US: McAfee Virex 7.7 for Macintosh
CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier ...)
	NOT-FOR-US: WinAce
CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...)
	NOT-FOR-US: Jay Eckles CGI Calendar
CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...)
	NOT-FOR-US: Nidelven IT Issue Dealer
CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts ...)
	NOT-FOR-US: MTS Pro
CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris ...)
	NOT-FOR-US: SPiD
CVE-2006-0975
	REJECTED
CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe ...)
	NOT-FOR-US: bttlxeForum 2.0
CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News ...)
	NOT-FOR-US: Tony Baird Fantastic News
CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...)
	NOT-FOR-US: DirectContact
CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de ...)
	NOT-FOR-US: PixelArtKingdom TopSites
CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...)
	- stlport5 5.0.2-1 (bug #358471; medium)
CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to ...)
	NOT-FOR-US: VuBB
CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows ...)
	NOT-FOR-US: Cilem Hiber
CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote ...)
	NOT-FOR-US: Compex NetPassage WPE54G router
CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS ...)
	- nufw 1.0.23-1 (bug #358475; low)
CVE-2006-0955
	RESERVED
CVE-2006-0954
	RESERVED
CVE-2006-0953
	RESERVED
CVE-2006-0952
	RESERVED
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...)
	NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...)
	- unalz 0.55-1 (bug #356832; low)
	[sarge] - unalz <no-dsa> (Minor issue)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...)
	NOT-FOR-US: AOL
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0940 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote ...)
	NOT-FOR-US: DCI-Taskeen
CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...)
	- ezpublish3 <itp> (bug #267370)
CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
	{DSA-1109}
	- rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...)
	- webcheck 1.9.6
CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: U.N.U. Mailgust
CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...)
	NOT-FOR-US: Free Host Shop Website Generator
CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 ...)
	NOT-FOR-US: webinsta Limbo
CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote ...)
	NOT-FOR-US: PHPX
CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
	NOT-FOR-US: zip.lib.php
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2 allows ...)
	- php5 <unfixed> (bug #368545; unimportant)
	- php4 <unfixed> (bug #368545; unimportant)
	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
	NOTE: in any application not checking for such archives.
	NOTE: Lack of a security feature is not a vulnerability
CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...)
	NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 ...)
	NOT-FOR-US: iCal
CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...)
	NOT-FOR-US: MyPHPNuke
CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...)
	NOT-FOR-US: CubeCart
CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...)
	NOT-FOR-US: The Bat!
CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, ...)
	NOT-FOR-US: Melange Chat Server
CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle &quot;//&quot; sequences ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 do not properly handle ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Oreka
CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote ...)
	NOT-FOR-US: WhatsUp Professional
CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
	{DSA-1264-1}
	NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
	NOT-FOR-US: D3Jeeb Pro
CVE-2006-0905 (A &quot;programming error&quot; in fast_ipsec in FreeBSD 4.8-RELEASE through ...)
	- kfreebsd-source-5.4 5.4-16
CVE-2006-0904
	RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
	RESERVED
CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...)
	NOT-FOR-US: Solaris
CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial ...)
	- kfreebsd-5 5.4-15
CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ...)
	NOT-FOR-US: 4Images
CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...)
	{DSA-996-1}
	- libcrypt-cbc-perl 2.17-1
CVE-2006-0897 (** DISPUTED ** ...)
	NOT-FOR-US: VCS Virtual Program Management Intranet
CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows ...)
	NOT-FOR-US: Calcium
CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library ...)
	NOT-FOR-US: PHPLIB
CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...)
	NOT-FOR-US: DEV web management system
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine (&quot;rich mail&quot; editor) in Mozilla ...)
	{DSA-1051-1 DSA-1046-1}
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
	- mozilla 2:1.7.13-0.1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
	- xscreensaver 4.21-1
	NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
	NOTE: in the Sarge version --jmm
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...)
	- xscreensaver 4.15-1
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...)
	- openssh 1:3.8.1p1-4
	[woody] - openssh <not-affected>
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote ...)
	NOT-FOR-US: Easy Forum
CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ...)
	{DSA-1061-1}
	- popfile 0.22.4-1 (bug #354464; medium)
CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 ...)
	NOT-FOR-US: runCMS
CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in ...)
	- coppermine <itp> (bug #259206)
CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...)
	- coppermine <itp> (bug #259206)
CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in ...)
	- mambo 4.5.3h-1 (bug #354468)
	NOTE: only in experimental
CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke CMS
CVE-2006-0869 (Directory traversal vulnerability in the &quot;remember me&quot; feature in ...)
	NOT-FOR-US: PHP PEAR LiveUser
CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...)
	- php-auth 1.2.4-0.1 (bug #354474)
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...)
	NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...)
	NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...)
	NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
	NOT-FOR-US: StarForce Safe'n'Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...)
	NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
	{DSA-991-1}
	- zoo 2.10-17 (bug #354461)
CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere ...)
	NOT-FOR-US: TrueNorth Internet Anywhere
CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook ...)
	NOT-FOR-US: Admbook
CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and ...)
	NOT-FOR-US: ilchClan
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ...)
	NOT-FOR-US: ilchClan
CVE-2006-0849
	RESERVED
CVE-2006-0848 (The &quot;Open 'safe' files after downloading&quot; option in Safari on Apple ...)
	NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in ...)
	- cherrypy2.1 2.1.1-1 (bug #353542)
	- python-cherrypy 2.1.1-1 (bug #354479)
CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...)
	NOT-FOR-US: Calacode @Mail
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...)
	{DSA-1133-1}
	- mantis 0.19.4-3.1 (bug #378353)
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...)
	{DSA-944-1}
	- mantis 1.0
	NOTE: This was actually fixed upstream in Mantis 1.0.0rc5,
	NOTE: which was never uploaded.
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...)
	- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3 in sid)
CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...)
	NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...)
	NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...)
	- thunderbird <unfixed> (bug #370432; unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (bug #370432; unimportant)
	NOTE: Denial of service by tricking someone into importing a manipulated LDIF file
	NOTE: That's a bug, but calling it a security problem is very far-fetched
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...)
	NOT-FOR-US: MitriDAT Web Calendar
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...)
	NOT-FOR-US: Uniden UIP1868P VoIP Telephone
CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda ...)
	NOT-FOR-US: Barracuda Directory
CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...)
	NOT-FOR-US: WPC.easy
CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...)
	NOT-FOR-US: Tasarim Rehberi
CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...)
	NOT-FOR-US: E-Blah Platinum
CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before ...)
	NOT-FOR-US: Geeklog
CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...)
	NOT-FOR-US: EmuLinker Kaillera Server
CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...)
	NOT-FOR-US: BXCP
CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Server for ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...)
	NOT-FOR-US: Orion Application Server
CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
	NOT-FOR-US: Lighttpd under windows
CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted ...)
	NOT-FOR-US: WinACE
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...)
	NOT-FOR-US: WinACE VisNetic AntiVirus
CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...)
	NOT-FOR-US: gBook
CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...)
	- squid 2.5.6
CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
	NOT-FOR-US: Skate Board
CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...)
	NOT-FOR-US: Skate Board
CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
	NOT-FOR-US: Skate Board
CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MUTE
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...)
	NOT-FOR-US: NJStar
CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #358872; medium)
	- moodle 1.6.1+20060825-1 (bug #360396; medium)
	NOTE: according to maintainer, "Moodle neither uses nor plans to use
	NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for
	NOTE: it anyway, just in case somebody decides to use it out of the blue
CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...)
	NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...)
	- tin 1:1.8.2-1
	[sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online Update ...)
	NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...)
	NOT-FOR-US: PostNuke
CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...)
	NOT-FOR-US: PostNuke
CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...)
	NOT-FOR-US: Macallan Mail Solution
CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...)
	NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...)
	NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...)
	NOT-FOR-US: V-webmail
CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...)
	NOT-FOR-US: V-webmail
CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0789 (Certain unspecified Kyocera printers have a default &quot;admin&quot; account ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...)
	NOT-FOR-US: Plaino Wimpy
CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...)
	NOT-FOR-US: D-Link hardware
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...)
	NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...)
	NOT-FOR-US: BirthSys
CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...)
	NOT-FOR-US: DB_eSession
CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...)
	NOT-FOR-US: PunkBuster
CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Kadu
CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...)
	- cgiwrap 3.9-3.1
	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance of users on a system)
CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...)
	NOT-FOR-US: ICQ
CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...)
	NOT-FOR-US: ICQ
CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...)
	NOT-FOR-US: Cisco
CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in ...)
	NOT-FOR-US: cPanel (not the same as in the cpanel package)
CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized ...)
	NOT-FOR-US: WinAbility Folder Guard
CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...)
	NOT-FOR-US: LightTPD on windows
CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier ...)
	NOT-FOR-US: HiveMail
CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
	NOT-FOR-US: HiveMail
CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...)
	NOT-FOR-US: HiveMail
CVE-2006-0756 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0755 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0754 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...)
	NOT-FOR-US: Microsoft
CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...)
	- honeyd 1.5a-1 (bug #353064; low)
	[sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
	NOT-FOR-US: Network Object Oriented File System (NOOFS)
CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) ...)
	NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (high)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
	- xulrunner 1.8.0.1-9
CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
	{DSA-1008-1}
	- kdegraphics 3.5.0-3
	NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
	- xorg-server 1:1.0.2-1 (bug #378465; medium)
	- xfree86 <not-affected>
CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net ...)
	NOT-FOR-US: Log4Net
CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0740
	RESERVED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...)
	NOT-FOR-US: pam_micasa / Novell
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...)
	NOT-FOR-US: MUTE
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...)
	NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...)
	NOT-FOR-US: PhpTagCool
CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of ImageMagick ...)
	{DSA-1168-1}
	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
	NOT-FOR-US: My Blog
CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
	NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...)
	- dovecot 1.0.beta3-1 (bug #353341; medium)
	[sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1)
CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...)
	NOT-FOR-US: Teca Diary
CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...)
	NOT-FOR-US: webSPELL
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...)
	NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
	NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...)
	NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
	NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...)
	NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
	NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...)
	NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...)
	NOT-FOR-US: sNews
CVE-2006-0714 (Directory traversal vulnerability in the installation file ...)
	- flyspray <not-affected> (Vulnerable code not included in Debian)
CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...)
	NOT-FOR-US: LinPHA
CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...)
	NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...)
	NOT-FOR-US: NeoMail
CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
	NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...)
	{DSA-995-1}
	- metamail 2.7-51 (bug #352482; bug #353539)
CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...)
	NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...)
	- pyblosxom 1.3.2-1 (high)
	[sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in G&#228;stebuch ...)
	NOT-FOR-US: Gaestebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...)
	NOT-FOR-US: Proprietary SFTP servers
CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a &quot;bespoke error ...)
	NOT-FOR-US: iE Integrator
CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...)
	NOT-FOR-US: imageVue
CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...)
	NOT-FOR-US: imageVue
CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...)
	NOT-FOR-US: imageVue
CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...)
	NOT-FOR-US: imageVue
CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...)
	NOT-FOR-US: QWikiWiki
CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...)
	NOT-FOR-US: Ansilove
CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...)
	NOT-FOR-US: Ansilove
CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
	NOT-FOR-US: Roberto Butti CALimba
CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...)
	NOT-FOR-US: Carey Briggs Timesheet
CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...)
	NOT-FOR-US: nicecoder.com indexu
CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...)
	NOT-FOR-US: DocMGR
CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...)
	NOT-FOR-US: e107
CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
	NOT-FOR-US: powerd
	NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
	- webgui <itp> (bug #139749)
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
	NOTE: Only vulnerable when compiled with asserts
	- postgresql <unfixed> (unimportant)
	- postgresql-8.0 8.0.7-1 (unimportant)
	- postgresql-8.1 8.1.3-1 (unimportant)
CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...)
	{DSA-1044-1}
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...)
	NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...)
	NOT-FOR-US: Hitachi TP1
CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe ...)
	NOT-FOR-US: SiteFrame
CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic ...)
	NOT-FOR-US: Magic Calendar Lite
CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before ...)
	NOT-FOR-US: HP PSC 1210 All-in-One printer
CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ...)
	NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...)
	{DSA-990-1}
	- bluez-hcidump 1.30-1 (bug #351881; medium)
CVE-2006-0669 (** DISPUTED ** ...)
	NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary ...)
	NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...)
	NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...)
	NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...)
	NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...)
	NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...)
	NOT-FOR-US: vwdev
CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...)
	NOT-FOR-US: CPAINT
CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...)
	NOT-FOR-US: DataparkSearch
CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...)
	- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...)
	{DSA-986-1 DSA-985-1}
	- libtasn1-2 <unfixed> (bug #352182; bug #365234)
	NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
	- libtasn1-3 0.3.4-1
	- gnutls13 1.3.5-1
	- gnutls12 1.2.11-1
	- gnutls11 <unfixed>
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...)
	NOT-FOR-US: OpenVMPS
CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...)
	- pam-mysql 0.6.2-1 (bug #353589; low)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...)
	NOT-FOR-US: Handicapper
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
	- dpkg-sig 0.13 (bug #352723; low)
	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ...)
	- pioneers 0.9.55-1 (bug #351986; medium)
	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...)
	NOT-FOR-US: CPG-Nuke Dragonfly CMS
CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...)
	NOT-FOR-US: WiredRed e/pop Web Conferencing
CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...)
	NOT-FOR-US: Trend Micro
CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...)
	NOT-FOR-US: eyeOS
CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
	- tcc 0.9.24~cvs20070502-1 (bug #352202; low)
	[sarge] - tcc <no-dsa> (Only incorrect code gen, hardly any production use)
	[etch] - tcc <no-dsa> (Documented as insecure; only incorrect code gen, hardly any production use)
CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...)
	NOT-FOR-US: Borland C++Builder
CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...)
	- phpbb2 2.0.20 (low)
	[sarge] - phpbb2 <no-dsa> (Minor issue)
	NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against
	NOTE: brute-force password guessing and as password seeding is based on milliseconds
	NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
	NOTE: instead of a million
	NOTE: Fixed in 2.0.20
CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin ...)
	NOT-FOR-US: Erik C. Thauvin mailback
CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...)
	NOT-FOR-US: The Bat!
CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...)
	NOT-FOR-US: AIM
CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...)
	NOT-FOR-US: Dale Ray MyQuiz
CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...)
	NOT-FOR-US: Whomp Real Estate Manager
CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...)
	NOT-FOR-US: QNX
CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...)
	NOT-FOR-US: QNX
CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...)
	NOT-FOR-US: QNX
CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...)
	NOT-FOR-US: QNX
CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...)
	NOT-FOR-US: QNX
CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...)
	NOT-FOR-US: QNX
CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...)
	NOT-FOR-US: Sun Java
CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...)
	NOT-FOR-US: Sun Java
CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...)
	NOT-FOR-US: Sun Java
CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...)
	- powersave 0.11.2-1
CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...)
	NOT-FOR-US: @Mail
CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...)
	NOT-FOR-US: 2200net Calender system
CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0601
	RESERVED
CVE-2006-0596
	RESERVED
CVE-2006-0595
	RESERVED
CVE-2006-0594
	RESERVED
CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...)
	NOT-FOR-US: AutoCAD
CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
	NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...)
	NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian
CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: MyTopix
CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: MyTopix
CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows ...)
	NOT-FOR-US: MyTopix
CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 ...)
	- gallery 1.5.2-pl2-1
CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before ...)
	NOT-FOR-US: Oracle
CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 ...)
	NOT-FOR-US: PeopleSoft People Tools
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in ...)
	- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
	NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce ...)
	NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...)
	NOT-FOR-US: Lexmark printer
CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...)
	- oprofile 0.9.1-9 (bug #352910; low)
	[sarge] - oprofile <no-dsa> (requires sudo access to be vulnerable)
CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...)
	- fcron <not-affected> (Not included in Debian package)
CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ...)
	NOT-FOR-US: cPanel
CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to ...)
	NOT-FOR-US: phpstatus
CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 ...)
	NOT-FOR-US: phpstatus
CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when ...)
	NOT-FOR-US: phpstatus
CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo ...)
	NOT-FOR-US: Papoo
CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze ...)
	NOT-FOR-US: Outblaze
CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...)
	NOT-FOR-US: Xaraya
CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...)
	NOT-FOR-US: Communigate Pro
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
	NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
	NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...)
	NOT-FOR-US: Cisco
CVE-2006-0560
	RESERVED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...)
	NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0556
	RESERVED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...)
	- postgresql-8.1 8.1.3-1
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...)
	NOT-FOR-US: Oracle
CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...)
	NOT-FOR-US: Oracle
CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...)
	NOT-FOR-US: Oracle
CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...)
	NOT-FOR-US: Strange app at www.egeinternet.com
CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
	NOT-FOR-US: UBB.threads
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
	NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
	- fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when &quot;Denial of Service Protection&quot; is ...)
	NOT-FOR-US: IronMail
CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange ...)
	NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
	NOT-FOR-US: NeoMail
CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...)
	NOT-FOR-US: Community Server
CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: CyberShop Ultimate E-commerce
CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
	NOT-FOR-US: cPanel
	NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
	NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...)
	- evolution 2.2.3-4 (low)
	[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
	[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...)
	- bind 1:8.4.7-1 (low)
	[sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix)
	NOTE: BIND 8 is unsuitable for forwarder use because of its
	NOTE: architecture.  Upgrade to BIND 9 as a fix.
	NOTE: This was fixed in sid by documenting it as an unfixable design limitation
CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...)
	NOT-FOR-US: AOL
CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...)
	NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...)
	NOT-FOR-US: Derek Ashauer ashnews
CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...)
	NOT-FOR-US: Symantec Sygate Management Server
CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...)
	NOT-FOR-US: Browser CRM
CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...)
	- spip <removed> (medium; bug #351336)
CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...)
	- spip <removed> (medium; bug #351335)
CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
	- spip <removed> (medium; bug #351334)
CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...)
	- spip <removed> (medium; bug #352076)
	NOTE: http://www.securityfocus.com/bid/16556
CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...)
	- spip <removed> (medium; bug #352077)
	NOTE: http://www.securityfocus.com/bid/16551
CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...)
	NOT-FOR-US: Solaris
CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x ...)
	NOT-FOR-US: Cisco
CVE-2006-0514
	RESERVED
CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...)
	NOT-FOR-US: Tivoli
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...)
	{DSA-1187-1}
	- migrationtools 46-2.1 (bug #338920; medium)
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...)
	NOT-FOR-US: Daffodil
CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN ...)
	NOT-FOR-US: Nuked-klaN
CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to ...)
	NOT-FOR-US: Zbattle
CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...)
	NOT-FOR-US: MailEnable Enterprise Edition
CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows ...)
	NOT-FOR-US: MailEnable Professional Edition
CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 ...)
	NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package)
CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...)
	NOT-FOR-US: JBoss Enterprise Java Beans
CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...)
	NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client)
CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...)
	NOT-FOR-US: Derek Ashauer ashNews
CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
	- firefox <removed> (bug #349339)
	- iceweasel <unfixed> (bug #349339)
	NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
	- mozilla <unfixed>
	- iceape <unfixed>
	- xulrunner <unfixed>
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...)
	NOT-FOR-US: MG2
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...)
	NOT-FOR-US: Calendarix
CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...)
	NOT-FOR-US: SZUserMgnt
CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...)
	NOT-FOR-US: ASPThai Forums
CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...)
	NOT-FOR-US: mIRC
CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...)
	NOT-FOR-US: Microsoft
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...)
	NOT-FOR-US: Tumbleweed MailGate Email Firewall
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...)
	NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...)
	NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...)
	NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
	NOT-FOR-US: Cisco
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
	- libpng 1.2.8rel-3 (bug #352902; bug #352918)
	[sarge] - libpng <not-affected> (Only 1.2.7 affected)
	[woody] - libpng <not-affected> (Only 1.2.7 affected)
	[sarge] - libpng3 1.2.8rel-1
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...)
	NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...)
	- pmwiki <itp> (bug #330117)
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
	NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...)
	- git-core 1.1.5-1 (bug #350274)
CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...)
	NOT-FOR-US: PHP-Ping
CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...)
	NOT-FOR-US: Shareaza
CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
	NOT-FOR-US: My little homepage
CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...)
	NOT-FOR-US: My little homepage
CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
	NOT-FOR-US: My little homepage
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...)
	NOT-FOR-US: uebimiau
	NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
	NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the &quot;privilege management&quot; feature of Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: Windows Tomcat vulnerability
CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...)
	NOT-FOR-US: IPBProArcade
CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...)
	NOT-FOR-US: TellMe
CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...)
	NOT-FOR-US: TellMe
CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...)
	NOT-FOR-US: TellMe
CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...)
	NOT-FOR-US: Microsoft
CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...)
	NOT-FOR-US: Microsoft
CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...)
	- webgui <itp> (bug #139749)
CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...)
	- gaim-encryption 3.0~beta5-3 (low; bug #337127)
	[sarge] - gaim-encryption <no-dsa> (Minor issue)
CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...)
	NOT-FOR-US: mroovca
CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
	NOT-FOR-US: NetBSD
CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...)
	NOT-FOR-US: PunBB
CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's ...)
	NOT-FOR-US: PunBB
CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...)
	NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
	NOTE: see CVE-2005-4684
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
	[sarge] - mozilla <no-dsa> (Hardly exploitable)
	- xulrunner <unfixed> (unimportant)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...)
	NOTE: http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc5?root=fedora&rev=1.172&view=markup says "ignore (kdebase) not fixed upstream, low, can't fix"
	- kdebase <unfixed> (unimportant)
	[sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...)
	- migrationtools 46-2.1 (bug #338920; unimportant)
	NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
	NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
	NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
	NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...)
	NOT-FOR-US: osCommerce
CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...)
	- exiv2 0.9
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
	NOT-FOR-US: VMware
CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...)
	{DSA-964-1}
	[woody] - gnocatan 0.6.1-5woody3
	[sarge] - gnocatan 0.8.1.59-1sarge1
	- pioneers 0.9.49-1 (bug #350237; medium)
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...)
	NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...)
	NOT-FOR-US: active121 Site Manager
CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...)
	NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...)
	NOT-FOR-US: ExpressionEngine
CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...)
	{DSA-997-1}
	- bomberclone 0.11.6.2-1
CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer ...)
	{DSA-1020-1}
	- flex 2.5.33-1
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...)
	- linux-2.6 2.6.15-6
CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...)
	{DSA-978-1}
	- gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
	[sarge] - gnupg2 <not-affected> (Vulnerable code not activated)
	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html indicates that
	NOTE: *all* versions are affected because gpg --verify is also affected
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ...)
	- linux-2.6 2.6.15-5
	[sarge] - kernel-source-2.6.8 <not-affected>
	[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
	NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for
	NOTE:  a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...)
	NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...)
	NOT-FOR-US: CheesyBlog
CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...)
	NOT-FOR-US: Sami FTP Server
CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...)
	NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...)
	NOT-FOR-US: Text Rider
CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: No real world risk according to maintainer
CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Intended behaviour according to maintainer
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in ...)
	NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...)
	NOT-FOR-US: phpXplorer
CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...)
	NOT-FOR-US: ioFTPD
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...)
	NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...)
	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
	NOT-FOR-US: ParoxProxy
CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not ...)
	- kfreebsd-5 5.4-13
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted ...)
	{DSA-1012-1}
	- unzip 5.52-7 (low; bug #349794)
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
	NOT-FOR-US: 123 Flash Chat Server
CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)
	NOT-FOR-US: miniBloggie
CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...)
	- tor 0.1.1.11-alpha-1 (bug #349283)
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...)
	NOT-FOR-US: NewsPHP
CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...)
	NOT-FOR-US: CyberShop
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...)
	NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #349985; medium)
	- moodle 1.6-1 (bug #360395; medium)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...)
	NOT-FOR-US: Pixelpost Photoblog
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
	NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...)
	NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
	- tiff 3.8.0-2 (bug #350715)
	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
	[woody] - tiff <not-affected> (Vulnerability was introduced later)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
	NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
	NOT-FOR-US: e-moBLOG
CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...)
	{DSA-989-1}
	- zoph 0.5-1 (bug #350717)
CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on ...)
	NOT-FOR-US: Apple
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when ...)
	NOT-FOR-US: Apple
CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly ...)
	NOT-FOR-US: Apple
CVE-2006-0394
	REJECTED
CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple
CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted ...)
	NOT-FOR-US: Apple
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2006-0390
	REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...)
	NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...)
	NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...)
	NOT-FOR-US: Apple
CVE-2006-0385
	RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
	NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...)
	NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
	NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
	- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
	NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...)
	NOT-FOR-US: Windows
CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...)
	NOT-FOR-US: Douran FollowWeb
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
	NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369 (** DISPUTED ** ...)
	- mysql-dfsg-4.1 <unfixed> (unimportant)
	NOTE: This isn't a security hole, it's expected behaviour
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)
	NOT-FOR-US: Cisco
CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...)
	NOT-FOR-US: XMB
CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0363 (The &quot;Remember my Password&quot; feature in MSN Messenger 7.5 stores ...)
	NOT-FOR-US: MSN Messenger
CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...)
	NOT-FOR-US: MPM SIP IP Phone
CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...)
	NOT-FOR-US: eyeBeam SIP Softphone
CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...)
	NOT-FOR-US: PowerPortal
CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...)
	NOT-FOR-US: Grant Averett Cerberus FTP Server
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...)
	NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...)
	NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...)
	NOT-FOR-US: Cisco
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
	NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified &quot;critical denial-of-service vulnerability&quot; in MyDNS before ...)
	{DSA-963-1}
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...)
	NOT-FOR-US: eggblog
CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
	NOT-FOR-US: eggblog
CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...)
	NOT-FOR-US: Hitachi JP1/NetInsight II
CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...)
	NOT-FOR-US: Cisco
CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...)
	NOT-FOR-US: BitComet
CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...)
	NOT-FOR-US: F-Secure
CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...)
	NOT-FOR-US: F-Secure
CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...)
	NOT-FOR-US: My Amazon Store Manager
CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...)
	NOT-FOR-US: ar-blog
CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
	- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
	[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...)
	NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...)
	{DSA-1148-1}
	- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...)
	NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
	NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...)
	- typo3-src 4.0.2-1 (bug #364351; unimportant)
	NOTE: Only path disclosure
CVE-2006-0326
	RESERVED
CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
	NOT-FOR-US: WebspotBlogging
CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...)
	NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
	- mediawiki 1.4.15-1 (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)
	NOT-FOR-US: PHlyMail
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...)
	{DSA-956-1}
	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
	NOTE: woody seems to be vulnerable as well (looking at the source code).
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
	NOT-FOR-US: Oracle
CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...)
	- fetchmail 6.3.2-1 (bug #348747; low)
	[sarge] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
	[woody] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...)
	NOT-FOR-US: Farmers WIFE
CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...)
	NOT-FOR-US: BlogPHP
CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...)
	NOT-FOR-US: RedKernel Referrer Tracker
CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...)
	NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control
CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...)
	NOT-FOR-US: EZDatabase
CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...)
	NOT-FOR-US: aoblogger
CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...)
	NOT-FOR-US: aoblogger
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...)
	NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...)
	NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the ...)
	NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
	NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...)
	NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
	NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...)
	{DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1}
	- poppler 0.4.5-1 (medium)
	- tetex-bin 3.0-12 (medium)
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- kdegraphics 4:3.5.1-2 (medium)
	- gpdf 2.10.0-3 (medium)
	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
	- koffice 1.5.0-1 (medium)
	- libextractor 0.5.10-1 (medium)
	- pdfkit.framework 0.8-4 (medium)
CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...)
	{DSA-987-1}
	- tar 1.15.1-3 (bug #354091; high)
	- dpkg <not-affected> (has completely different tar implementation)
	[woody] - tar <not-affected>
CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	- mozilla 2:1.7.13-0.1
	- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected>
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- mozilla-thunderbird <unfixed>
	- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox 1.0.4-2sarge6
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
	NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer ...)
	NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...)
	NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) ...)
	NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0264
	REJECTED
	NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...)
	NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
	NOT-FOR-US: Apache Geronimo
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in &quot;Blue ...)
	NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...)
	NOT-FOR-US: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...)
	- faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
	NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
	NOTE: This bug is present in a fork, not in the mainline
	NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...)
	NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...)
	NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...)
	NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
	NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...)
	NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** ...)
	NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...)
	NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...)
	NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...)
	NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...)
	NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
	NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
	- mozilla-thunderbird 1.5.0.2-1 (bug #349242; bug #363777; medium)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
	NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
	NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...)
	NOT-FOR-US: microBlog
CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...)
	NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...)
	- kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium)
	- kernel-patch-2.4-grsecurity <removed> (bug #349247; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...)
	NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...)
	NOT-FOR-US: freebsd kernel
CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...)
	- openssh 1:4.3p2-1 (low; bug #349645; bug #352254)
	[sarge] - openssh <no-dsa> (Protocol flaws inherited from rcp)
	- dropbear 0.48-1 (unimportant)
	NOTE: dropbear doesn't include scp in binary package
CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...)
	{DSA-976-1}
	- libast 0.7-1
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
	NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)
	NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...)
	NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...)
	NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...)
	NOT-FOR-US: Kolab Server
	NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...)
	NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
	NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...)
	- php5 5.1.2-1
	- php4 4:4.4.2-1 (bug #354682)
	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
	- php5 5.1.2-1
	- php4 4:4.4.2-1 (bug #354683)
	NOTE: the second part (header function) affects also php4
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...)
	- php5 5.1.2-1 (unimportant)
	NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
	NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...)
	NOTE: exploitability uncertian
	- xorg-x11 <unfixed> (bug #349251; low)
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
	NOT-FOR-US: slsnif
CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354062)
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...)
	NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...)
	NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...)
	NOT-FOR-US: eStara Softphone
CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354064)
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...)
	NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...)
	NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...)
	NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...)
	NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...)
	NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...)
	NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...)
	NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...)
	NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...)
	NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...)
	NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...)
	NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of &quot;Search&quot; Mambots, which ...)
	NOT-FOR-US: Joomla!
CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...)
	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...)
	- knowledgetree 2.0.7-2 (bug #348306; medium)
CVE-2006-XXXX [php5 response splitting]
	- php5 5.1.2-1 (bug #347894)
	- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-XXXX [php5 mysqli format string issue]
	- php5 5.1.2-1 (bug #347894)
	- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0186
	REJECTED
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...)
	NOT-FOR-US: AspTopSites
CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
	- xmame 0.104-1 (medium; bug #349653)
	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
	NOTE: question, that makes it very clear that setuid root is only for single-user
	NOTE: systems and xmame-sdl and xmess aren't setuid at all
	[sarge] - xmame <no-dsa> (XMame is non-free software)
CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...)
	NOT-FOR-US: OrjinWeb E-commerce
CVE-2006-0170
	REJECTED
CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...)
	NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...)
	- webgui <itp> (bug #139749)
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...)
	NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...)
	NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
	NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
	{DSA-951-2}
	- trac 0.9.3-1
	[sarge] - trac 0.8.1-3sarge4 (medium)
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...)
	NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...)
	NOT-FOR-US: HydroBB
CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...)
	NOT-FOR-US: Venom Board
CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS ...)
	NOT-FOR-US: CyberDoc SiteSuite CMS
CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows ...)
	NOT-FOR-US: Reamday Enterprises Magic News Plus
CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows ...)
	NOT-FOR-US: Foxforum
CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...)
	NOT-FOR-US: 427BB
CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 ...)
	NOT-FOR-US: 427BB
CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the ...)
	NOT-FOR-US: 427BB
CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...)
	NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (medium)
	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
	NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
	{DSA-952-1}
	- libapache-auth-ldap <removed> (bug #347416)
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
	NOT-FOR-US: SimpBook
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: NetSarang Xlpd
CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1
CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and ...)
	NOT-FOR-US: NetBSD
CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...)
	NOT-FOR-US: Neither php-pear nor php4-pear ship this file
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...)
	NOT-FOR-US: Windows
CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...)
	NOT-FOR-US: Andromeda
CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...)
	NOT-FOR-US: Eudora
CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 ...)
	NOT-FOR-US: Navboard
CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote ...)
	NOT-FOR-US: eazyCMS
CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...)
	NOT-FOR-US: class-1 Poll
CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...)
	- linux-2.6 2.6.15-1 (low)
CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
	NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...)
	{DSA-947-1}
	- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
	NOT-FOR-US: Alvaro's Messenger
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow ...)
	NOT-FOR-US: AIX
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...)
	NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and ...)
	- rxvt-unicode 6.3-1
	[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
	[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...)
	NOT-FOR-US: AppServ
CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...)
	NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore ...)
	NOT-FOR-US: iNETstore Ebusiness Software
CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug ...)
	NOT-FOR-US: OnePlug Solutions OnePlug CMS
CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs ...)
	NOT-FOR-US: Joomla!
CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...)
	NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
	NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...)
	NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...)
	NOT-FOR-US: sBLOG
CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...)
	NOT-FOR-US: NicoFTP
CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
	NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
	- php4 <not-affected> (Windows specific)
	- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
	NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
	NOT-FOR-US: @Card ME PHP
CVE-2006-0092
	REJECTED
	NOT-FOR-US: SiteSuite CMS
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
	NOT-FOR-US: IDV Directory Viewer
CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...)
	NOT-FOR-US: ESRI ArcPad
CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...)
	NOT-FOR-US: inTouch
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...)
	NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...)
	NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...)
	NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...)
	NOT-FOR-US: raSMP
CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
	REJECTED
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
	NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
	NOT-FOR-US: Zina
CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...)
	NOT-FOR-US: ClientExec
CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...)
	NOT-FOR-US: SMBCMS
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...)
	NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
	NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
	NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
	NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...)
	NOT-FOR-US: PTnet ircd
CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...)
	NOT-FOR-US: eFileGo
CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...)
	NOT-FOR-US: eFileGo
CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...)
	NOT-FOR-US: vBulletin
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...)
	NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
	{DSA-930-2 DSA-930-1}
	- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
	{DSA-954-1 CVE-2005-4560}
	- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...)
	{DSA-1213}
	- imagemagick 6:6.2.4.5-0.6 (bug #345876)
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
	- b2evolution 0.9.1b-4 (bug #344000)
CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics ...)
	NOT-FOR-US: Intel
CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...)
	NOT-FOR-US: vBulletin
CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...)
	NOT-FOR-US: ScozNet
CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...)
	NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
	NOT-FOR-US: File::ExtAttr
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
	NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...)
	NOT-FOR-US: phpBook
CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...)
	NOT-FOR-US: PHPenpals
CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
	NOT-FOR-US: DiscusWare Discus
CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...)
	NOT-FOR-US: SCO Openserver
CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...)
	- pinentry <not-affected> (Gentoo-specific packaging flaw)
CVE-2006-0070 (** DISPUTED ** ...)
	- drupal <not-affected> (According to upstream advisory is junk, behaviour intentional)
	NOTE: This will probably be REJECTED anyway
CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...)
	NOT-FOR-US: Primo Cart
CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...)
	NOT-FOR-US: VEGO Links Builder
CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...)
	NOT-FOR-US: PHPjournaler
CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
	NOT-FOR-US: VEGO Web Forum
CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
	NOT-FOR-US: CubeCart
CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...)
	- phpbb2 2.0.21-1 (unimportant)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
	NOTE: (Upstream fix was in 2.0.20.)
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
	NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...)
	NOT-FOR-US: iSupport
CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...)
	NOT-FOR-US: DapperDesk
CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...)
	NOT-FOR-US: digiSHOP
CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...)
	NOT-FOR-US: Free ClickBank
CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...)
	- dopewars <not-affected> (According to upstream Windows-specific)
CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...)
	NOT-FOR-US: BugPort
CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...)
	NOT-FOR-US: BugPort
CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
	NOT-FOR-US: BugPort
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
	NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1
	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
	- xshisen 1.51-1-1.2 (bug #291613)
CVE-2006-0062 [Potential xlockmore bypass]
	RESERVED
	- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 [xlock segfaults when using libpam-opensc]
	RESERVED
	- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
	[sarge] - xlockmore <no-dsa> (Minor issue)
CVE-2006-0060
	RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)
	NOT-FOR-US: LiveData
CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...)
	{DSA-1015-1}
	- sendmail 8.13.6-1 (bug #358440; high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2006-0056 (Double-free vulnerability in the authentication and authentication ...)
	- pam-mysql 0.6.2-1 (bug #353589; medium)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...)
	- ee 1:1.4.2-5 (bug #348322)
CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ...)
	NOT-FOR-US: FreeBSD
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...)
	- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4600 (tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote ...)
	TODO: check wordpress
	NOTE: pinged maintainer
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moodle <not-affected> (has newer version)
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
	TODO: check wordpress, moodle
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...)
	NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
	NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...)
	NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView ...)
	NOT-FOR-US: NView and XnView, different from nview from nvi
CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers ...)
	NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...)
	NOT-FOR-US: phpDocumentor
CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote ...)
	NOT-FOR-US: Koobi
CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...)
	NOT-FOR-US: Juniper
CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 ...)
	NOT-FOR-US: PHPSurveyor
CVE-2005-XXXX [snort: DoS in verbose mode]
	- snort 2.3.3-2 (bug #328134; low)
	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers ...)
	{DSA-957-2}
	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
	NOTE: Exploitable through Gnus and Thunderbird.
	- graphicsmagick 1.1.7-1
CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before 5.0-1 ...)
	{DSA-1028-1}
	- libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...)
	{DSA-1027-1}
	- mailman 2.1.6-1 (bug #358892)
CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...)
	{DSA-1023-1}
	- kaffeine 0.8-1
CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...)
	{DSA-1013-1}
	- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
	{DSA-993-2}
	- gnupg 1.4.2.2-1 (bug #356125; medium)
	[sarge] - gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a ...)
	- tcpick 0.2.1-3 (bug #360571; low)
	[sarge] - tcpick <no-dsa> (Minor issue)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
	{DSA-994-1}
	- freeciv 2.0.8-1 (medium; bug #355211)
CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...)
	{DSA-966-1}
	- adzapper 20060115-1
CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...)
	{DSA-949-1}
	- crawl 1:4.0.0beta26-7 (medium)
CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...)
	{DSA-942-1}
	- albatross 1.33-1
CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...)
	- ethereal 0.10.14-1 (bug #345243; low)
	NOTE: This affects Woody and Sarge
CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...)
	- bzflag 2.0.6.20060412-1 (bug #345245; low)
	[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...)
	NOT-FOR-US: VMWare
CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: Even an authenticated server might serve unwanted content, so
	NOTE: this can't be considered a real vulnerability.
CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...)
	NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Fatwire Update Engine
CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote ...)
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin ...)
	{DSA-1201-1}
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in ...)
	NOT-FOR-US: Plogger
CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in ...)
	NOT-FOR-US: FortiOS
CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology ...)
	NOT-FOR-US: FTGate
CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...)
	NOT-FOR-US: FTGate
CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate ...)
	NOT-FOR-US: FTGate
CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
	NOT-FOR-US: NetVanta
CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 ...)
	NOT-FOR-US: NetVanta
CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...)
	NOT-FOR-US: NetVanta
CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...)
	NOT-FOR-US: Enterprise Heart Enterprise Connector
CVE-2005-4562
	REJECTED
CVE-2005-4561
	REJECTED
CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...)
	{CVE-2006-0106}
	NOT-FOR-US: Microsoft
CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...)
	NOT-FOR-US: Sun Solaris PC NetLink
CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl ...)
	NOT-FOR-US: codegrrl SimpBook
CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion ...)
	NOT-FOR-US: Oracle
CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2005-4548 (SQL injection vulnerability in the &quot;user area&quot; in RWS Statistics ...)
	NOT-FOR-US: RWS Statistics Counter
CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...)
	NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...)
	NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
	RESERVED
CVE-2005-4543
	RESERVED
CVE-2005-4542
	RESERVED
CVE-2005-4541
	RESERVED
CVE-2005-4540
	RESERVED
CVE-2005-4539
	RESERVED
CVE-2005-4538
	RESERVED
CVE-2005-4537
	RESERVED
CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is ...)
	{DSA-960-3}
	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
	RESERVED
CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4531
	REJECTED
CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: EPay Enterprise
CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...)
	NOT-FOR-US: Direct News
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...)
	NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...)
	NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle &quot;Make note private&quot; when a ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4520 (Unspecified &quot;port injection&quot; vulnerabilities in filters in Mantis ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4515 (** DISPUTED ** ...)
	NOT-FOR-US: WebDB
CVE-2005-4514 (** DISPUTED ** ...)
	NOT-FOR-US: Webwasher
CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...)
	NOT-FOR-US: WANDSOFT e-SEARCH
CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...)
	NOT-FOR-US: WAXTRAPP
CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...)
	NOT-FOR-US: TN3270 Resource Gateway
CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...)
	NOT-FOR-US: Netpublish Server
CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...)
	NOT-FOR-US: pTools
CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...)
	NOT-FOR-US: McAfee
CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...)
	- kdelibs <not-affected>
	NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...)
	NOT-FOR-US: httprint
CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...)
	NOT-FOR-US: httprint
CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded &quot;internal placeholder ...)
	- mediawiki 1.4.13-1 (bug #345280)
CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
	NOT-FOR-US: MusicBox
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...)
	NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...)
	NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...)
	NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...)
	NOT-FOR-US: Syntax CMS
CVE-2005-4495 (** DISPUTED ** ...)
	NOT-FOR-US: SpireMedia
CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...)
	- spip <removed> (medium; bug #352078)
CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier ...)
	NOT-FOR-US: SpearTek
CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 ...)
	NOT-FOR-US: Starphire SiteSage
CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...)
	NOT-FOR-US: Sitekit CMS
CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and ...)
	NOT-FOR-US: SCOOP!
CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier ...)
	NOT-FOR-US: Scoop
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in ...)
	NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...)
	NOT-FOR-US: RAMSite
CVE-2005-4486 (** DISPUTED ** ...)
	NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...)
	NOT-FOR-US: ProjectApp
CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...)
	NOT-FOR-US: IntranetApp
CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable ...)
	NOT-FOR-US: SiteEnable
CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...)
	NOT-FOR-US: PortalApp
CVE-2005-4481 (** DISPUTED ** ...)
	NOT-FOR-US: Polypoly
CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and ...)
	NOT-FOR-US: Plexcor CMS
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and ...)
	NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and ...)
	NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...)
	NOT-FOR-US: OpenEdit
CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...)
	NOT-FOR-US: OpenCms
CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...)
	{DSA-1208-1}
	- bugzilla 2.18 (bug #329387; low)
	NOTE: The vulnerable script has been removed in the 2.18 upstream release
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
	- libjpeg6b 6b-11 (bug #340079; low)
	[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
	[sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable)
CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...)
	{DSA-975-1}
	- nfs-user-server 2.2beta47-22 (high; bug #350020)
	NOTE: nfs-utils (kernel NFS server) is not affected
	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...)
	{DSA-1000-2}
	- libapreq2 2.07-1
CVE-2006-0041
	RESERVED
CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
	- evolution 2.10.1 (bug #398064; low)
	[etch] - evolution <no-dsa> (Minor issue)
	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 ...)
	- linux-2.6 2.6.15-3
CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...)
	{DSA-948-1}
	- kdelibs 4:3.5.1-1 (medium)
CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot; command in WinRAR 3.51 allows ...)
	NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...)
	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
	{DSA-1039-1 DTSA-29-1}
	- blender 2.40-1 (bug #344398; medium)
	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...)
	NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...)
	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...)
	- wordpress 1.5.2-1 (unimportant)
	NOTE: Only path disclosure
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...)
	NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...)
	NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
	NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...)
	NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...)
	NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...)
	NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...)
	NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...)
	NOT-FOR-US: ASPBite
CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...)
	- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...)
	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...)
	TODO: check, whether this has ramifications on the kernel's VLAN implementation
	TODO: or whether it's a generic unfixable protocol flaw
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...)
	TODO: check, whether this has ramifications on the kernel's VLAN implementation
	TODO: or whether it's a generic unfixable protocol flaw
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...)
	NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...)
	NOT-FOR-US: IOS
CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
	NOT-FOR-US: IOS
CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
	NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...)
	NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...)
	NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...)
	NOT-FOR-US: PlaySMS
CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...)
	NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
	NOT-FOR-US: LogicBill
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...)
	NOT-FOR-US: CS-Cart
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...)
	NOT-FOR-US: YaBB
CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...)
	NOT-FOR-US: PHPKIT
CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows ...)
	NOT-FOR-US: PHPFM
CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
	NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...)
	NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...)
	NOT-FOR-US: TML CMS
CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 ...)
	NOT-FOR-US: TML CMS
CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown ...)
	NOT-FOR-US: Teamwork 3
CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...)
	NOT-FOR-US: Websphere
CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user ...)
	NOT-FOR-US: Citrix
CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...)
	NOT-FOR-US: NQcontent
CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier ...)
	NOT-FOR-US: MMBase
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...)
	NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...)
	NOT-FOR-US: Media2 CMS
CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...)
	NOT-FOR-US: Marwel
CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...)
	NOT-FOR-US: Lutece
CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...)
	NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...)
	NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398 (** DISPUTED ** ...)
	NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...)
	NOT-FOR-US: iCMS
CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...)
	NOT-FOR-US: iCMS
CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...)
	NOT-FOR-US: FarCry
CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...)
	NOT-FOR-US: EPiX
CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...)
	NOT-FOR-US: damoon
CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...)
	NOT-FOR-US: ContentServ
CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: CONTENS
CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...)
	NOT-FOR-US: CONTENS
CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
	NOT-FOR-US: contenite
CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...)
	NOT-FOR-US: Colony CMS
CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...)
	NOT-FOR-US: Cofax
CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
	NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...)
	NOT-FOR-US: Amaxus
CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...)
	NOT-FOR-US: Amaxus
CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...)
	NOT-FOR-US: Allinta
CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
	NOT-FOR-US: Acidcat
CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...)
	NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
	NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
	NOT-FOR-US: roundcube webmail
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
	NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...)
	NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
	NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
	NOT-FOR-US: ODFaq
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
	- phpbb2 2.0.21-1 (bug #344674; low)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
	NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
	NOT-FOR-US: UStore
CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
	NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...)
	- linux-2.6 2.6.18-3
CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
	- linux-2.6 2.6.18-3
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
	NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
	- phpmyadmin <unfixed> (unimportant)
	NOTE: Only for authenticated used, will possibly be rejected
CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
	NOT-FOR-US: IOS
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
	{DSA-939-1}
	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1
CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1 (bug #329090; medium)
	- kernel-patch-vserver 2.3 (bug #329087; medium)
	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...)
	NOT-FOR-US: phpBB Blog
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4340
	REJECTED
CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...)
	NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...)
	NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
	NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...)
	NOT-FOR-US: paFileDB
CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
	NOT-FOR-US: WebGlimpse
CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...)
	NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...)
	NOT-FOR-US: APC hardware issue
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...)
	NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...)
	NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...)
	NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...)
	NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...)
	NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...)
	NOT-FOR-US: DCForum
CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
	NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
	NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...)
	- trac 0.9.3-1 (bug #344006)
	[sarge] - trac <unfixed> (medium)
	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
	NOTE: invasive set of patches to backport.  basically most instances
	NOTE: of input being escape()'d are no longer done so, and instead a
	NOTE: Markup() function replaces them, and special checks are done
	NOTE: on rendered HTML output to prevent XSS code from being displayed.
CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...)
	NOT-FOR-US: pgpXplorer
CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...)
	NOT-FOR-US: libremail
CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
	NOT-FOR-US: Atlant Pro
CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...)
	NOT-FOR-US: AtlantForum
CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...)
	NOT-FOR-US: bbBoard
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
	NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
	NOT-FOR-US: ClickCartPro
CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...)
	NOT-FOR-US: CommerceSQL
CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...)
	NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
	NOT-FOR-US: ECW-Cart
CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
	NOT-FOR-US: eDatCat
CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...)
	NOT-FOR-US: PhpLogCon
CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...)
	NOT-FOR-US: Dick Copits PDEstore
CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...)
	NOT-FOR-US: StaticStore Search Engine
CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...)
	NOT-FOR-US: The CITY Shop
CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...)
	NOT-FOR-US: Zaygo DomainCart
CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...)
	NOT-FOR-US: Zaygo HostingCart
CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
	- cmake <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...)
	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...)
	- perl <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Westell Versalink
CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...)
	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...)
	NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...)
	NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...)
	NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
	- cpio 2.6-10 (bug #344134; medium)
	[sarge] - cpio <unfixed> (medium)
	[woody] - cpio <unfixed> (medium)
CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote ...)
	NOT-FOR-US: Qualcomm WorldMail
CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...)
	- snort 2.3.0-1
CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...)
	NOT-FOR-US: YaCy
CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...)
	NOT-FOR-US: NetBSD
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
	NOTE: not reproducible
	- rageircd <not-affected> (bug #343543; medium)
CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
	NOT-FOR-US: PHP Support Tickets
CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
	NOT-FOR-US: Envolution
CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in ...)
	NOT-FOR-US: Envolution
CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ ...)
	NOT-FOR-US: CP+
CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...)
	NOT-FOR-US: ASPBB
CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...)
	NOT-FOR-US: ASP-DEV XM Forum
CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels ...)
	NOT-FOR-US: DreamLevels DreamPoll
CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential ...)
	NOT-FOR-US: Torrential
CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...)
	NOT-FOR-US: ADP Forum
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...)
	NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...)
	NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...)
	NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...)
	NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...)
	NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...)
	NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)
	NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...)
	NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2005-4232 (** DISPUTED ** ...)
	NOT-FOR-US: Jamit Job Board
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
	NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...)
	NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple &quot;potential&quot; SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple &quot;potential&quot; SQL injection vulnerabilities in phpWebThings 1.4 ...)
	NOT-FOR-US: pgpWebThings
CVE-2005-4225 (Multiple &quot;potential&quot; SQL injection vulnerabilities in myBloggie 2.1.3 ...)
	NOT-FOR-US: myBloggie
CVE-2005-4224 (Multiple &quot;potential&quot; SQL injection vulnerabilities in e107 0.7 might ...)
	NOT-FOR-US: e107
CVE-2005-4223 (Multiple &quot;potential&quot; SQL injection vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...)
	NOT-FOR-US: Lars Ellingsen Guestserver
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
	NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...)
	NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...)
	NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...)
	NOT-FOR-US: PHPWebThings
CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
	- perl <not-affected> (MacOS specific vulnerability)
CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...)
	NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
	NOT-FOR-US: Motorola hardware
CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...)
	NOT-FOR-US: Opera
CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...)
	NOT-FOR-US: Flatnuke
CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...)
	NOT-FOR-US: BTGrup Admin WebController Script
CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...)
	NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
	NOT-FOR-US: LocazoList
CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
	NOT-FOR-US: My Album Online
CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...)
	NOT-FOR-US: Netref
CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...)
	NOT-FOR-US: Nortel SSL VPN
CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...)
	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...)
	NOT-FOR-US: UseBB
CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...)
	- turba2 2.0.5-1 (bug #342946; medium)
CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- mnemo2 2.0.3-1 (bug #342944; medium)
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	{DSA-1033-1}
	- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	{DSA-970-1}
	- kronolith2 2.0.6-1 (bug #342943; medium)
	- kronolith <removed> (bug #349261; medium)
CVE-2005-4188
	RESERVED
CVE-2005-4187
	RESERVED
CVE-2005-4186
	RESERVED
CVE-2005-4185
	RESERVED
CVE-2005-4184
	RESERVED
CVE-2005-4183
	RESERVED
CVE-2005-4182
	RESERVED
CVE-2005-4181
	RESERVED
CVE-2005-4180
	RESERVED
CVE-2005-4179
	RESERVED
CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...)
	NOT-FOR-US: Magic Book Personal and Professional
CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...)
	NOT-FOR-US: AWARD BIOS
CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...)
	NOT-FOR-US: Insyde BIOS
CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...)
	NOT-FOR-US: eFiction
CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4171 (The &quot;Upload new image&quot; command in the &quot;Manage Images&quot; eFiction 1.1, ...)
	NOT-FOR-US: eFiction
CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
	NOT-FOR-US: eFiction
CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...)
	NOT-FOR-US: eFiction
CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...)
	NOT-FOR-US: eFiction
CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...)
	NOT-FOR-US: eFiction
CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...)
	NOT-FOR-US: DUportal
CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...)
	NOT-FOR-US: ASP-DEV ASP Resources Forum
CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...)
	{DSA-923-1}
	- dropbear 0.47-1 (high)
CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...)
	NOT-FOR-US: PHP-addressbook
CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...)
	NOT-FOR-US: Captcha
CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...)
	NOT-FOR-US: ACME PerlCal
CVE-2005-4161 (** DISPUTED ** ...)
	NOT-FOR-US: MilliScripts
CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...)
	NOT-FOR-US: Torrential
CVE-2005-4159 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...)
	NOT-FOR-US: Mambo
CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...)
	NOT-FOR-US: ATutor
CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...)
	- php5 5.1.1-1
	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...)
	{DSA-955-1}
	- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
	NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...)
	NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...)
	NOT-FOR-US: CA Clever Path
CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
	NOT-FOR-US: ASPMForum
CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...)
	NOT-FOR-US: Website Baker
CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 ...)
	NOT-FOR-US: ThWboard
CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...)
	NOT-FOR-US: ThWboard
CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
	- mozilla 2:1.7.13-0.1 (unimportant)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
	NOTE: Not exploitable beyond a sluggish browser startup, see
	NOTE: http://www.mozilla.org/security/history-title.html
CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...)
	NOT-FOR-US: Solaris
CVE-2005-4132 (Unspecified &quot;security leak&quot; vulnerability in Contenido before 4.6.4, ...)
	NOT-FOR-US: Contenido
CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Excel
CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...)
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4129
	REJECTED
CVE-2005-4128
	REJECTED
	NOT-FOR-US: Apple Quicktime
CVE-2005-4127
	REJECTED
	NOT-FOR-US: iTunes
CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
	RESERVED
CVE-2005-4124
	RESERVED
CVE-2005-4123
	RESERVED
CVE-2005-4122
	RESERVED
CVE-2005-4121
	RESERVED
CVE-2005-4120
	RESERVED
CVE-2005-4119
	RESERVED
CVE-2005-4118
	RESERVED
CVE-2005-4117
	RESERVED
CVE-2005-4116
	RESERVED
CVE-2005-4115
	RESERVED
CVE-2005-4114
	RESERVED
CVE-2005-4113
	RESERVED
CVE-2005-4112
	RESERVED
CVE-2005-4111
	RESERVED
CVE-2005-4110
	RESERVED
CVE-2005-4109
	RESERVED
CVE-2005-4108
	RESERVED
CVE-2005-4107
	RESERVED
CVE-2005-4106
	RESERVED
CVE-2005-4105
	RESERVED
CVE-2005-4104
	RESERVED
CVE-2005-4103
	RESERVED
CVE-2005-4102
	RESERVED
CVE-2005-4101
	RESERVED
CVE-2005-4100
	RESERVED
CVE-2005-4099
	RESERVED
CVE-2005-4098
	RESERVED
CVE-2005-4097
	RESERVED
CVE-2005-4096
	RESERVED
CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...)
	NOT-FOR-US: Apache James
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...)
	NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
	NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...)
	NOT-FOR-US: HP-UX
CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
	NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...)
	NOT-FOR-US: SugarCRM
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
	NOT-FOR-US: SugarCRM
CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...)
	NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...)
	NOT-FOR-US: QNX
CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
	NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
	- imp4 <unfixed> (bug #342654; unimportant)
	NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though
CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
	- phpmyadmin <not-affected> (Affects only 2.7.0)
CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
	NOT-FOR-US: Ideal BB.NET
CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...)
	NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...)
	NOT-FOR-US: Magic List Pro
CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
	REJECTED
CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...)
	NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified &quot;absolute path vulnerability&quot; in umountall in IBM AIX 5.1 ...)
	NOT-FOR-US: AIX
CVE-2005-4067
	REJECTED
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
	NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
	{DSA-951-2}
	- trac 0.9.2-1 (bug #342232; medium)
	[sarge] - trac 0.8.1-3sarge4
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...)
	NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...)
	NOT-FOR-US: NetAuctionHelp
CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
	NOT-FOR-US: XcClassified
CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
	NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction ...)
	NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...)
	NOT-FOR-US: LocazoList
CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote ...)
	NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and ...)
	NOT-FOR-US: Cars Portal
CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...)
	NOT-FOR-US: PluggedOut Bot
CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...)
	NOT-FOR-US: coWiki
CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web ...)
	NOT-FOR-US: e107
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...)
	NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...)
	NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
	NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
	{DSA-1005-1 DSA-1004-1 DSA-992-1}
	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
	- xine-lib 1.0.1-1.5 (bug #342208; medium)
	- mplayer <not-affected> (Fixed before initial upload)
	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
	- vlc 0.8.4.debian-2 (medium)
	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
	NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...)
	NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...)
	NOT-FOR-US: Amazon Search Directory
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...)
	NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...)
	NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...)
	NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...)
	NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...)
	NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...)
	NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce ...)
	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating ...)
	NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...)
	NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...)
	NOT-FOR-US: Easy Search System
CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
	- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...)
	NOT-FOR-US: WebEOC
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...)
	NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before ...)
	NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
	NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...)
	NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the &quot;Add Image From Web&quot; ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...)
	- gallery2 2.0.2-1 (low)
CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
	NOT-FOR-US: Widget Imprint
CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
	NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...)
	NOT-FOR-US: Widget Property
CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...)
	NOT-FOR-US: Widget Property
CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...)
	NOT-FOR-US: Kbase Express
CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
	NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...)
	{DSA-919-2}
	- curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...)
	NOT-FOR-US: MyTemplateSite
CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...)
	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...)
	NOT-FOR-US: WebEOC
CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...)
	NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...)
	NOT-FOR-US: SiteBeater News System
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...)
	NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...)
	NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...)
	NOT-FOR-US: Sobexsrv
	NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
	REJECTED
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
	NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
	NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...)
	NOT-FOR-US: phpMyChat
CVE-2005-3990
	REJECTED
	NOTE: duplicate of CVE-2006-3619
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
	NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...)
	NOT-FOR-US: Tradesoft CMS
CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...)
	NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981 (** DISPUTED ** ...)
	NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...)
	- trac 0.9.1-1 (bug #341697; medium)
	[sarge] - trac <not-affected>
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
	NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (low)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
	NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
	NOT-FOR-US: MXChange
CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...)
	NOT-FOR-US: MXChange
CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...)
	NOT-FOR-US: PHPX
CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...)
	NOT-FOR-US: Java Search Engine
CVE-2005-3965
	REJECTED
CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...)
	- openmotif 2.2.3-1.4 (bug #342092; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...)
	NOT-FOR-US: DotClear
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...)
	NOT-FOR-US: Eudora
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
	NOT-FOR-US: FreezeX
CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
	NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...)
	NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
	NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...)
	NOT-FOR-US: LinuxStat
CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...)
	NOT-FOR-US: Journalness
CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...)
	NOT-FOR-US: osCommerce
CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
	NOT-FOR-US: Zyxel hardware
CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
	NOT-FOR-US: TinyWeb
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...)
	NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...)
	NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...)
	NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2630 (The MIME transformation system ...)
	- phpmyadmin 2:2.6.0-pl2-1
CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Click to Meet express
CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...)
	- thttpd <not-affected> (Windows-specific vulnerabilities)
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
	NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...)
	NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...)
	NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in &quot;TextSearch&quot; in WackoWiki ...)
	NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...)
	NOT-FOR-US: Rippy the Aggregator
CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...)
	NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...)
	NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...)
	NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
	NOT-FOR-US: ActivePost Standard
CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...)
	NOT-FOR-US: Cutenews
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MyWeb
CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
	- kernel-patch-ctx 1:1.28-1 (bug #262903; medium)
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...)
	NOT-FOR-US: BNC
CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...)
	NOT-FOR-US: Sophster suite
CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...)
	NOT-FOR-US: mntd
CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...)
	NOT-FOR-US: Symantec PowerQuest DeployCenter
CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the &quot;news ...)
	NOT-FOR-US: SmartWebby Smart Guest Book
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...)
	- kernel-patch-ctx 1:1.29-1
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
	{DSA-943-1}
	- perl 5.8.7-9 (bug #341542; medium)
CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...)
	NOT-FOR-US: Microsoft
CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 ...)
	- flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly ...)
	NOT-FOR-US: Microsoft
CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-0018
	REJECTED
CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kadu
CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...)
	NOT-FOR-US: FreeWebStat
CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...)
	NOT-FOR-US: Entergal MX
CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...)
	NOT-FOR-US: DMANews
CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...)
	NOT-FOR-US: MagpieRSS
CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...)
	NOT-FOR-US: blogBuddies
CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...)
	NOT-FOR-US: Bedeng PSP
CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...)
	NOT-FOR-US: PHP Labs Top Auction
CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...)
	NOT-FOR-US: PHP Labs Survey Wizard
CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...)
	- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...)
	NOT-FOR-US: PHPAlbum
CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...)
	NOT-FOR-US: PHP Upload Center
CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...)
	NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...)
	NOT-FOR-US: Orca Blog
CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...)
	NOT-FOR-US: Orca Ringmaker
CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
	NOT-FOR-US: WSN Knowledge Base
CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...)
	NOT-FOR-US: Softbiz FAQ
CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...)
	NOT-FOR-US: Softbiz B2B
CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...)
	NOT-FOR-US: SocketKB
CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...)
	NOT-FOR-US: SocketKB
CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...)
	NOT-FOR-US: 88Script's Event Calendar
CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...)
	NOT-FOR-US: O-Kiraku Nikki
CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...)
	NOT-FOR-US: ASP-Rider
CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...)
	NOT-FOR-US: N-13 News
CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
	NOT-FOR-US: Xaraya
	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users ...)
	NOT-FOR-US: QNX
CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...)
	NOT-FOR-US: GuppY
CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
	NOT-FOR-US: GuppY
CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...)
	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...)
	NOT-FOR-US: Randshop
CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NetObjects Fusion
CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...)
	NOT-FOR-US: IOS
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...)
	NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...)
	NOT-FOR-US: PBLang
CVE-2005-3918 (** DISPUTED ** ...)
	NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...)
	NOT-FOR-US: CommidityRentals
CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
	NOT-FOR-US: WSN Forum
CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
	NOT-FOR-US: Clavister Web Client
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...)
	NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
	{DSA-1199-1}
	- webmin <not-affected> (Fixed through corrected Perl)
	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
	NOT-FOR-US: BosDates
CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: GhostScripter Amazon Shop
CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...)
	NOT-FOR-US: Sun Java
CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK ...)
	NOT-FOR-US: Sun Java
CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE ...)
	NOT-FOR-US: Sun Java
CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...)
	NOT-FOR-US: Sun Java
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...)
	NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
	NOT-FOR-US: Google Talk
CVE-2005-3898
	REJECTED
CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Safari
	NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
	NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
	- mozilla <unfixed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
	NOT-FOR-US: Cisco
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
	{DSA-916-1}
	- inkscape 0.42-1 (bug #321501; low)
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...)
	NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)
	- php4 4:4.4.2-1 (bug #341726; medium)
	- php5 5.1.1-1 (bug #341368; medium)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
	NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...)
	NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...)
	NOT-FOR-US: Omnistar KBase
CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...)
	NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
	NOT-FOR-US: PHP Doc System
CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...)
	NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...)
	NOT-FOR-US: Enterprise Connector
CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...)
	NOT-FOR-US: Netzbrett
CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...)
	NOT-FOR-US: ShockBoard
CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...)
	NOT-FOR-US: Ugroup
CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...)
	NOT-FOR-US: JBB
CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
	NOT-FOR-US: edmoBBS
CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...)
	NOT-FOR-US: Google API
CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...)
	NOT-FOR-US: K-Search
CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
	NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...)
	NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...)
	NOT-FOR-US: AllWeb search
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
	NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
	- centericq 4.21.0-6 (bug #340959; medium)
	- orpheus 1.5-5 (bug #368402; medium)
	- motor 2:3.4.0-6 (bug #368400; medium)
	NOTE: DTSA is for centericq only
	NOTE: This affects Sarge and Woody centericq
	NOTE: This affects Sarge and Woody motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...)
	{DSA-959-1}
	- unalz 0.55-1 (bug #340842; medium)
CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...)
	NOT-FOR-US: phpGreetz
CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...)
	NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
	NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
	- krusader 1.70.0-1 (bug #336169; low)
	[sarge] - krusader <not-affected>
	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
	NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)
	NOT-FOR-US: EasyPageCMS
CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...)
	NOT-FOR-US: sNews
CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...)
	NOT-FOR-US: Online Work Order Suite
CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
	NOT-FOR-US: Online Attendance System
CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
	NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...)
	NOT-FOR-US: Fantastic News
CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...)
	NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...)
	NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...)
	NOT-FOR-US: Nicecode iDesk
CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...)
	NOT-FOR-US: pdjk-support suite
CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
	NOT-FOR-US: kPlaylist
CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
	NOT-FOR-US: Omnistar Live
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...)
	NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...)
	NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
	NOT-FOR-US: DeskLance
CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...)
	NOT-FOR-US: DeskLance
CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...)
	NOT-FOR-US: Tunez
CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...)
	NOT-FOR-US: Tunez
CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...)
	NOT-FOR-US: AgileBill
CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
	NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
	NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...)
	NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...)
	NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...)
	NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...)
	NOT-FOR-US: SmartPPC Pro
CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
	NOT-FOR-US: Cisco
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
	NOT-FOR-US: Belkin hardware
CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...)
	NOT-FOR-US: PasswordSafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...)
	NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Not a real security problem, error messages might disclose the installation
	NOTE: which is known for the Debian package anyway
CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...)
	NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
	NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
	NOT-FOR-US: Cisco
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
	NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the &quot;Name and ...)
	NOT-FOR-US: Apple
CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...)
	- astats <removed> (bug #287604)
CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...)
	NOT-FOR-US: PHProxy
CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...)
	NOT-FOR-US: Intel hardware
CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
	NOTE: There is a big note in the quake2 package stating that it is not secure.
	NOTE: Otherwise severity would be high.
CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <unfixed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...)
	NOT-FOR-US: ButtUglySoftware CleanCache
CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...)
	NOT-FOR-US: meindlSOFT Cute PHP Library
CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...)
	- gaim 0.82-1 (medium)
CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...)
	NOT-FOR-US: XMB
CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...)
	NOT-FOR-US: iChain
CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...)
	NOT-FOR-US: iChain
CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...)
	NOT-FOR-US: iChain
CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...)
	NOT-FOR-US: iChain
CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...)
	- phpgroupware 0.9.16.002-1
CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...)
	- phpgroupware 0.9.14-0.RC3.1
CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...)
	- phpgroupware 0.9.16.000.1.cvs.20040620-1
CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...)
	- phpgroupware 0.9.14.007
CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...)
	- phpgroupware 0.9.14.007
CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...)
	- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
	- pmwiki <itp> (bug #330117)
CVE-2003-XXXX [Insecure tempfile in x-face-el]
	- x-face-el 1.3.6.23-1
	NOTE: DSA-340
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
	NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
	NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...)
	NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
	NOT-FOR-US: Joomla
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
	NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
	NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
	NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...)
	NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
	NOTE: is well documented and can be switched off. Let's hope that all users
	NOTE: of saxon are aware of this. A warning has been added to the readme.
	NOTE: Current rdependencies:
	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
	TODO: check zope-zms (stef-guest: pinged maintainers)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified &quot;absolute path vulnerabilities&quot; in the diagela command ...)
	NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...)
	- jetty 5.1.8-1 (bug #340582; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...)
	NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...)
	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...)
	NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
	NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
	NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
	NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...)
	{DSA-916-1 DTSA-24-1}
	- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the &quot;add content&quot; page in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...)
	NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
	{DSA-965-1}
	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...)
	NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...)
	- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...)
	NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
	NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
	NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...)
	NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
	NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...)
	NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...)
	NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...)
	NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
	NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...)
	NOT-FOR-US: Sambar
CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before ...)
	{DSA-909-1}
	- horde3 3.0.7-1 (bug #340323; medium)
CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...)
	{DSA-907-1}
	- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
	NOT-FOR-US: yaSSL
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...)
	NOT-FOR-US: ArticleLive NX
CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...)
	NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
	NOT-FOR-US: PHP Easy Download
CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...)
	NOT-FOR-US: Uresk Links Lite
CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...)
	NOT-FOR-US: Arki-DB
CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...)
	NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694 (centericq 4.20.0-r3 with &quot;Enable peer-to-peer communications&quot; set ...)
	{DSA-912-1}
	- centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...)
	NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...)
	NOT-FOR-US: XMB
CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
	NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...)
	- xoops <itp> (bug #207640)
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...)
	- xoops <itp> (bug #207640)
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...)
	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...)
	NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...)
	- helix-player <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...)
	TODO: check
CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
	NOT-FOR-US: libike from Solaris
CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...)
	NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
	NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
	- openswan 1:2.4.4-1 (bug #339082; low)
	[sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation)
	NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
	NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
	NOT-FOR-US: Cisco
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
	NOT-FOR-US: Tivoli
CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...)
	NOT-FOR-US: FoolProof Security
CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...)
	NOT-FOR-US: Novell Client Firewall
CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
	- xboard 4.2.7-3 (bug #343560; unimportant)
CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...)
	NOT-FOR-US: Layton HelpBox
CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...)
	NOT-FOR-US: Nortel hardware
CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
	- samba 3.0.6-1
CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...)
	NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
	{DSA-1064-1}
	- cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
	NOTE: Sarge and Woody are affected
CVE-2005-XXXX [unsafe file permissions in vpnc]
	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
	NOTE: Only an example file
CVE-2006-0017
	RESERVED
CVE-2006-0016
	RESERVED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0011
	RESERVED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...)
	NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
	NOT-FOR-US: Microsoft
CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
	NOT-FOR-US: Microsoft
CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...)
	NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...)
	NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...)
	NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3703
	REJECTED
CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...)
	NOT-FOR-US: Safari
CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...)
	NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
	- linux-2.6 <unfixed> (unimportant)
	NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
	NOTE: resource management systems can be deployed
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
	NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
	{DSA-935-1}
	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
	- libapache2-mod-auth-pgsql 2.0.2b1-7
	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
	NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various ...)
	NOT-FOR-US: IGateway
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...)
	NOT-FOR-US: Citrix
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...)
	{DSA-920-1}
	- ethereal 0.10.13-1.1 (bug #342911; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
	NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
	NOTE: only exploitable in certian configurations (non-default)
	NOTE: warning added..
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <not-affected> (Isn't explotable in sarge)
CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...)
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...)
	NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
	NOT-FOR-US: Informix
CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: Oracle
CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...)
	NOT-FOR-US: FTGate
CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...)
	NOT-FOR-US: Ekinboard
CVE-2005-3637
	REJECTED
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
	- udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...)
	NOTE: current sudo cleans the environment, so we are not affected
	- sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.3-2
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex 3.0-12
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- gpdf 2.10.0-2 (bug #342286)
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
	- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
	- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: VMWare ESX
CVE-2005-3617
	RESERVED
CVE-2005-3616
	RESERVED
CVE-2005-3615
	RESERVED
CVE-2005-3614
	RESERVED
CVE-2005-3613
	RESERVED
CVE-2005-3612
	RESERVED
CVE-2005-3611
	RESERVED
CVE-2005-3610
	RESERVED
CVE-2005-3609
	RESERVED
CVE-2005-3608
	RESERVED
CVE-2005-3607
	RESERVED
CVE-2005-3606
	RESERVED
CVE-2005-3605
	RESERVED
CVE-2005-3604
	RESERVED
CVE-2005-3603
	RESERVED
CVE-2005-3602
	RESERVED
CVE-2005-3601
	RESERVED
CVE-2005-3600
	RESERVED
CVE-2005-3599
	RESERVED
CVE-2005-3598
	RESERVED
CVE-2005-3597
	REJECTED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...)
	NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...)
	NOT-FOR-US: Windows XP
CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...)
	NOT-FOR-US: e107
CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CuteNews
CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...)
	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...)
	NOT-FOR-US: FileZilla
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-947-1}
	- clamav 0.87.1-1 (medium)
	NOTE: sarge is affected (not in oldstable)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
	NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...)
	NOT-FOR-US: Sun Java
CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...)
	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...)
	- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...)
	- qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...)
	NOT-FOR-US: Cyphor
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
	NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
	{DSA-955-1}
	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
	NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
	NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before ...)
	{DSA-914-1}
	- horde2 2.2.9-1 (bug #338983; unknown)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...)
	NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...)
	NOT-FOR-US: DB2
CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 ...)
	NOT-FOR-US: Tivoli
CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...)
	NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...)
	NOT-FOR-US: HP-UX
CVE-2005-3563
	REJECTED
CVE-2005-3562
	REJECTED
CVE-2005-3561 ( ...)
	NOT-FOR-US: ATutor
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
	NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
	NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...)
	NOT-FOR-US: PHPList
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...)
	NOT-FOR-US: PHPList
CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...)
	NOT-FOR-US: PHPList
CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...)
	NOT-FOR-US: ibProArcade
CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...)
	NOT-FOR-US: XMB
CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
	NOT-FOR-US: Phorum
CVE-2005-3542
	REJECTED
	NOT-FOR-US: Tonio Gallery
CVE-2005-3541
	RESERVED
CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
	{DSA-929-1}
	- petris 1.0.1-5
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...)
	{DSA-933-1}
	- hylafax 2:4.2.4-2 (bug #347298)
	NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...)
	- hylafax 2:4.2.4-1
	[sarge] - hylafax <not-affected> (Affected only 4.2.3)
	[woody] - hylafax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A &quot;missing request validation&quot; error in phpBB 2 before 2.0.18 allows ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary ...)
	{DSA-926-1}
	- ketm 0.0.6-17sarge1 (low)
CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ...)
	{DSA-924-1}
	- nbd 1:2.8.3-1
CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...)
	{DSA-918-1}
	- osh 1.7-15
CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...)
	{DSA-917-1}
	- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
	{DTSA-27-1}
	- fuse 2.4.1-0.1 (bug #340398; low)
	[sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
	NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...)
	- linux-2.6 2.6.14-1 (low)
	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer ...)
	NOT-FOR-US: Adobe
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
	NOT-FOR-US: e107
CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...)
	NOT-FOR-US: MySource
CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...)
	NOT-FOR-US: MySource
CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...)
	NOT-FOR-US: PunBB
CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...)
	NOT-FOR-US: Chipmunk Scripts Guestbook
CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Directory
CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...)
	NOT-FOR-US: Chipmunk Forum
CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...)
	NOT-FOR-US: VUBB
CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...)
	NOT-FOR-US: VUBB
CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...)
	NOT-FOR-US: Spymac Web OS
CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...)
	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...)
	NOT-FOR-US: JPortal
CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...)
	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...)
	NOT-FOR-US: Entropy Chat Script
CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...)
	NOT-FOR-US: AIX
CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...)
	NOT-FOR-US: SuSE fork of passwd
CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...)
	NOT-FOR-US: WebSphere
CVE-2005-3497 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Battle Carry
CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...)
	NOT-FOR-US: Glider Collect'n kill
CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...)
	NOT-FOR-US: NeroNET
CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
	NOT-FOR-US: GO-Global
CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...)
	NOT-FOR-US: Proprietary Java
CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...)
	NOT-FOR-US: Kazaa
CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: IBM Net.Data
CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: cgihtml
CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote ...)
	NOT-FOR-US: cgihtml
CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and ...)
	NOT-FOR-US: S-PLUS
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...)
	NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...)
	NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...)
	NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Pocket Internet Explorer
CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Winamp
CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Winamp
CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...)
	NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...)
	NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...)
	NOT-FOR-US: Ancient Mozilla issue
CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, ...)
	NOT-FOR-US: Longshine hardware
CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: iCal
CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and ...)
	- libhttpfetcher 1.1.0-1
CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain ...)
	NOT-FOR-US: E-theni
CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute ...)
	NOT-FOR-US: E-theni
CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows ...)
	NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...)
	NOT-FOR-US: N/X 2000
CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 ...)
	NOT-FOR-US: Efficient Networks hardware issue
CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which ...)
	NOT-FOR-US: WebIntelligence
CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WebShell
CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote ...)
	NOT-FOR-US: WebShell
CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...)
	NOT-FOR-US: Mambo
CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...)
	- phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3)
CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...)
	NOT-FOR-US: Sage
CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...)
	NOT-FOR-US: Sage
CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...)
	NOT-FOR-US: MyGuestbook
CVE-2003-1240 (CuteNews 0.88 allows remote attackers to execute arbitrary PHP code by ...)
	NOT-FOR-US: CuteNews
CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...)
	NOT-FOR-US: WihPhoto
CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and ...)
	NOT-FOR-US: WWWBoard
CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in ...)
	NOT-FOR-US: Tanne
CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...)
	NOT-FOR-US: BRW WebWeaver
CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...)
	NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port
CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...)
	- ssldump 0.9b3
CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...)
	NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...)
	NOTE: verified with rpm 4.4.1, but this can hardly affect debian at
	NOTE: all since it requires rpm be configured to trust some key,
	NOTE: which in debian requires a manual and non-documented
	NOTE: initialization of the rpm database which is not configured in
	NOTE: the package
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...)
	NOT-FOR-US: Outlook Express
CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...)
	- webmin 1.000 (high)
CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...)
	NOTE: not-for-us (Benjamin Lefevre Dobermann FORUM)
CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...)
	NOTE: freebsd misconfiguration
CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...)
	- zmailer 2.99.56-1 (high)
	NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian.
CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2002-2196 (Samba 2.2.5 and earlier does not properly terminate the ...)
	- samba 2.2.5 (high)
CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...)
	NOT-FOR-US: Winamp
CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service (kernel ...)
	NOT-FOR-US: Solaris
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
	NOT-FOR-US: Mojo Mail
CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...)
	NOT-FOR-US: (Lotus Domino
CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...)
	NOT-FOR-US: ArtsCore Studios CuteCast Forum
CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...)
	NOT-FOR-US: ActiveXperts Software ActiveWebserver
CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2187 (Unknown &quot;file disclosure&quot; vulnerability in Macromedia JRun 3.0, 3.1, ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...)
	NOTE: fixed in IRIX..
CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...)
	NOT-FOR-US: DigiChat
CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...)
	NOT-FOR-US: phpShare
CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...)
	NOT-FOR-US: MSN666
CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...)
	NOT-FOR-US: SonicWall
CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...)
	NOT-FOR-US: ClearPath MCP
CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...)
	NOT-FOR-US: phpWebSite
CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...)
	NOT-FOR-US: BEA
CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...)
	NOT-FOR-US: Gender MOD
CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...)
	NOT-FOR-US: phpSquidPass
CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...)
	NOT-FOR-US: Informed Designer, Informed Filler
CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...)
	NOT-FOR-US: acWEB
CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...)
	NOT-FOR-US: AIM
CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...)
	NOT-FOR-US: FuseTalk
CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...)
	NOT-FOR-US: IMHO Webmail for Roxen
CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...)
	NOT-FOR-US: KvPoll
CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not restrict ...)
	NOT-FOR-US: MidiCart
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
	NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
	NOT-FOR-US: zenTrack
CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier allows ...)
	NOT-FOR-US: vBulletin
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...)
	NOT-FOR-US: Monkey HTTP Daemon
CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...)
	NOT-FOR-US: Oracle Application Server
CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...)
	NOT-FOR-US: Software602
CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
	NOT-FOR-US: Search97
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
	NOTE: SYN floods etc generally filed as issues in linux specifically
	NOTE: if it is affected
CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...)
	NOT-FOR-US: Lucent Access Point
CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...)
	NOT-FOR-US: Lucent MAX Router
CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...)
	NOT-FOR-US: BearShare
CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...)
	NOT-FOR-US: MySimple News
CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...)
	NOT-FOR-US: BEA
CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...)
	NOT-FOR-US: BEA
CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...)
	NOT-FOR-US: Cisco
CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...)
	NOT-FOR-US: Cisco
CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...)
	NOT-FOR-US: HP Advanced Server
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...)
	NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
	NOT-FOR-US: SUNW*
CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20 through ...)
	NOT-FOR-US: HP-UX
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: PEEL
CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
	NOT-FOR-US: Telindus 1100 ASDL router
CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...)
	NOT-FOR-US: Windows
CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...)
	NOT-FOR-US: Perl-HTTPd
CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...)
	- gallery 1.3.3 (high)
CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...)
	NOT-FOR-US: w-Agora
CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...)
	NOT-FOR-US: w-Agora
CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...)
	NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
	{DSA-896-1}
	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
	- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
	- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
	- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...)
	{DSA-891-1}
	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
	- note 1.3.1-3 (bug #337492; unimportant)
	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
	NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library (mspack) ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
	NOT-FOR-US: Cisco
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
	NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials ...)
	NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
	NOT-FOR-US: OpenVMS
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
	NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...)
	NOT-FOR-US: News2Net
CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: F-Secure
CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
	NOT-FOR-US: Oracle
CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
	NOT-FOR-US: Oracle
CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...)
	NOT-FOR-US: Oracle
CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...)
	NOT-FOR-US: Oracle
CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...)
	NOT-FOR-US: Oracle
CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...)
	NOT-FOR-US: Oracle
CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...)
	NOT-FOR-US: Nuked-Klan
CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...)
	NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
	NOT-FOR-US: MiniGal2
CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
	NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
	NOT-FOR-US: Cisco
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1
CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...)
	{DSA-877-1}
	- gnump3d 2.9.5-1 (low)
CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...)
	NOT-FOR-US: Subdreamer
CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...)
	NOT-FOR-US: ASP Fast Forum
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
	NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
	NOTE: http://www.hardened-php.net/advisory_172005.75.html
	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
	NOTE: Remote code execution may be possible, especially in conjunction
	NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
	NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
	NOT-FOR-US: eyeOS
CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
	NOT-FOR-US: Elite Forum
CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2005-3410
	RESERVED
CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #337334; low)
CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...)
	NOT-FOR-US: gCards
CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...)
	NOT-FOR-US: phpESP
CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...)
	NOT-FOR-US: phpESP
CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...)
	NOT-FOR-US: ATutor
CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...)
	NOT-FOR-US: ATutor
CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...)
	NOT-FOR-US: ATutor
CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
	- thunderbird <unfixed> (bug #363714; unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (bug #363714; unimportant)
	NOTE: That's a non-issue; only a feature request for an improvement in a corner case.
	NOTE: If someone wants to use security-sensitive communication a TLS-secured server
	NOTE: should be used.
CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...)
	NOT-FOR-US: TheHacker
CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
	NOT-FOR-US: Solaris Management Console
CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
	NOT-FOR-US: Comersus BackOffice
CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...)
	NOT-FOR-US: AIX
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
	NOT-FOR-US: oaboard
CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: According to CVE, this is a safe mode violation,
	NOTE: therefore low impact.  (According to SuSE, it's an
	NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
	NOTE: http://www.hardened-php.net/advisory_202005.79.html
	NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
	NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
	{CVE-2002-1954}
	- php4 4:4.4.2-1 (bug #336645; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (not worth an update)
	NOTE: http://www.hardened-php.net/advisory_182005.77.html
	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...)
	- ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...)
	NOT-FOR-US: Sophos
CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...)
	NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...)
	NOT-FOR-US: Panda Titanium
CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...)
	NOT-FOR-US: Trend Micro
CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...)
	NOT-FOR-US: Norman
CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...)
	NOT-FOR-US: McAfee
CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...)
	NOT-FOR-US: Kaspersky
CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...)
	NOT-FOR-US: Ikarus
CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...)
	NOT-FOR-US: F-Prot
CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...)
	NOT-FOR-US: Dr. Web
CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...)
	NOT-FOR-US: eTrust
CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...)
	NOT-FOR-US: AVG
CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...)
	NOT-FOR-US: SparkleBlog
CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...)
	NOT-FOR-US: PHP iCalendar
CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...)
	NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...)
	NOT-FOR-US: saphp Lesson
CVE-2005-3362
	REJECTED
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
	NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
	{DSA-1103}
	- linux-2.6 2.6.14
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
	- apache2 2.0.55-4 (bug #351246)
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...)
	{DSA-908-1 DSA-906-1}
	- sylpheed 2.0.4-1 (bug #338434; medium)
	- sylpheed-gtk1 1.0.6-1 (medium)
	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
	{DSA-1206-1}
	- php4 4:4.4.2-1 (bug #339577; medium)
	- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...)
	{DSA-1167-1}
	- apache 1.3.34-2 (bug #343466; low)
	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
	NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
	- spamassassin 3.1.0a-1 (bug #339526; low)
	[sarge] - spamassassin <no-dsa> (DoS affects only a single message)
	[woody] - spamassassin <no-dsa> (DoS affects only a single message)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; high)
	- giflib 4.1.4-1 (bug #395382)
CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3346 (Buffer overflow in the environment variable substitution code in ...)
	{DSA-918-1}
	- osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium)
CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access ...)
	- rssh 2.3.0-1 (bug #344395; bug #344424)
	[sarge] - rssh 2.2.3-1.sarge.1
	NOTE: Update was introduced through s-p-u, not a DSA
CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative ...)
	{DSA-884-1}
	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...)
	{DSA-927-1}
	- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary ...)
	{DSA-968-1}
	- noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...)
	{DSA-941-1}
	- tuxpaint 1:0.9.15b-1 (low)
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
	NOT-FOR-US: nylon
CVE-2005-XXXX [ntop format string vulnerability]
	- ntop <unfixed> (bug #335996; unimportant)
	NOTE: Not exploitable
CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users ...)
	{DSA-928-1}
	- dhis-tools-dns 5.0-5
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; unknown)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...)
	NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second
	NOTE: issue). This will be rejected.
CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (high)
CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...)
	{DSA-953-1}
	- flyspray 0.9.8-4 (bug #335997; low)
	NOTE: Sarge is confirmed vulnerable
CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
	NOT-FOR-US: eBASEweb
CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
	- mgdiff 1.0-28 (bug #335188; unimportant)
CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...)
	- wordpress <not-affected> (bug #335817; unimportant)
	NOTE: Upstream claims the modified Snoopy class is secure
CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...)
	NOT-FOR-US: PunBB
CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...)
	NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Analysis Console ...)
	{DSA-893-1}
	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
	NOTE: the fix from 1.2-2 did not address the problem fully
	- acidlab 0.9.6b20-13
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
	NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
	{DSA-910-1}
	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
	- squid <not-affected>
	NOTE: see bug #334882 for details
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
	NOT-FOR-US: SuSE-specific tool
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
	NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
	- php5 5.1.1-1 (bug #336005; low)
	[sarge] - php4 <not-affected>
	NOTE: can't reproduce, error may not be present in 4.3.
	NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
	{DSA-886-1}
	- chmlib 0.37-1 (bug #335931; medium)
CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...)
	NOT-FOR-US: ZipGenius
CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
	NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...)
	NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
	- ethereal 0.10.14-1 (medium)
CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
	NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
	NOT-FOR-US: Zomplog
CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)
	NOT-FOR-US: Zomplog
CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...)
	NOT-FOR-US: Nuked Klan
CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (high)
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
	NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
	NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
	NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
	NOT-FOR-US: NETFile Server
CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...)
	- gnutls11 1.0.16-8 (bug #336006; low)
	- gnutls12 <not-affected> (fixed before upload)
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
	TODO: Check, whether vulnerable code is shared with ekg
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the &quot;image send&quot; option by ...)
	NOT-FOR-US: Gadu-Gadu
	TODO: Check, whether vulnerable code is shared with ekg
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...)
	NOT-FOR-US: Webcam Watchdog
CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...)
	NOT-FOR-US: OpenFTPD
CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
	NOT-FOR-US: Gattaca
CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
	NOT-FOR-US: Gattaca
CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...)
	NOT-FOR-US: Gattaca
CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Gattaca
CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Gattaca
CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: myServer
CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...)
	NOT-FOR-US: myServer
CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
	NOT-FOR-US: VMWare Workstation
CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PowerPortal
CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...)
	NOT-FOR-US: WIKINDX
CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Inweb Mail Server
CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...)
	- im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected)
CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
	NOT-FOR-US: MailEnable Professional
CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...)
	- ilohamail 0.8.14-0rc1
CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...)
	NOT-FOR-US: OpenText FirstClass
CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...)
	NOT-FOR-US: Opera
CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...)
	- dropbear 0.43-2
CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a &quot;major ...)
	NOT-FOR-US: PHP Live!
CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
	- linux-2.6 2.6.12-2
	[sarge] - kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected>
	NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
	- thttpd 2.23beta1-4 (low)
	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...)
	NOT-FOR-US: HP-UX
CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
	NOT-FOR-US: HP-UX
CVE-2005-3294 (Typsoft FTP Server 1.11, with &quot;Sub Directory Include&quot; enabled, allows ...)
	NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...)
	NOT-FOR-US: Xerver
CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...)
	NOT-FOR-US: Xeobook
CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...)
	- spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...)
	NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
	NOT-FOR-US: AIX
CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...)
	NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the &quot;sa&quot; account in the ...)
	NOT-FOR-US: Paros
CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
	- bmv 1.2-18 (bug #335497; unimportant)
	NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
	{DSA-981-1}
	- bmv 1.2-18 (bug #335497; medium)
	NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...)
	NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
	- adduser 3.77 (bug #331720; low)
	[sarge] - adduser <no-dsa> (Very minimal security ramifications, admin's reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
	- pavuk 0.9.33-1 (bug #264684; high)
	NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...)
	{DSA-934-1}
	- pound 1.9.4-1 (low)
	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-2
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.13-1 (low)
	- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
	{DSA-922-1}
	- linux-2.6 2.6.13-1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
	- yiff 2.14.2-8 (bug #334616; low)
	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...)
	NOT-FOR-US: Skype
CVE-2005-3266
	REJECTED
CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows ...)
	NOT-FOR-US: Skype
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...)
	NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...)
	NOT-FOR-US: WinRAR
CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...)
	NOT-FOR-US: WinRAR
CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...)
	- squid <not-affected> (bug #334882; medium)
	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
	NOTE: this patch was never applied to the Debian package.
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
	{DSA-889-1}
	- enigmail 2:0.93-1 (bug #335731; medium)
CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to ...)
	NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
	- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
	- gallery2 2.0.1-1 (medium)
CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...)
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
	NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
	NOT-FOR-US: Cyphor
CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...)
	NOT-FOR-US: Cyphor
CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...)
	NOT-FOR-US: Proland Protector Plus
CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...)
	NOT-FOR-US: Grisoft AVG Antivirus
CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...)
	NOT-FOR-US: Trustix Antivirus
CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...)
	NOT-FOR-US: TheHacker
CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...)
	NOT-FOR-US: CAT Quick Heal
CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
	- clamav <unfixed> (unimportant)
	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
	NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
	NOT-FOR-US: UNA Antivirus
CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...)
	NOT-FOR-US: AntiVir
CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...)
	NOT-FOR-US: Rising Antivirus
CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...)
	NOT-FOR-US: VBA32 Antivirus
CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...)
	NOT-FOR-US: Norman Antivirus
CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...)
	NOT-FOR-US: Avira Antivirus
CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...)
	NOT-FOR-US: Dr. Web Antivirus
CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...)
	NOT-FOR-US: McAfee Antivirus
CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...)
	NOT-FOR-US: Avast Antovirus
CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...)
	NOT-FOR-US: NOD32 Antivirus
CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...)
	NOT-FOR-US: Oracle
CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...)
	NOT-FOR-US: Oracle
CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...)
	NOT-FOR-US: Oracle
CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...)
	NOT-FOR-US: Oracle
CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...)
	NOT-FOR-US: Oracle
CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
	NOT-FOR-US: aspReady
CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...)
	NOT-FOR-US: Planet Technology switch
CVE-2005-3195
	REJECTED
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
	NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
	{DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice <not-affected> (Vulnerable xpdf code not contained)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.3-2 (bug #342288; medium)
	NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- pdfkit.framework 0.8-4
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
	NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
	NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
	NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
	{DSA-913-1 DSA-911-1}
	- gtk+2.0 2.6.10-2 (bug #339431; medium)
	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...)
	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...)
	- w3c-libwww 5.4.0-11 (bug #334443; low)
	[sarge] - w3c-libwww <no-dsa> (Minor DoS)
CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...)
	NOT-FOR-US: GFI MailSecurity
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
	- xscreensaver 4.23-2 (bug #334193; low)
	[sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
	{DSA-919-2}
	- wget 1.10.2-1 (medium)
	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
	[woody] - wget <not-affected> (Does not contain NTML authentication code)
	- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
	- php5 5.0.5-2 (low)
	- php4 4:4.4.0-3 (low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
	- linux-2.6 2.6.13-2 (low)
	- kernel-source-2.4.27 <not-affected>
	NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...)
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...)
	{DSA-859-1 DSA-858-1}
	- xloadimage 4.1-15 (bug #332524; medium)
	- xli 1.17.0-20 (medium)
	NOTE: xli couldn't load the provided test images when I checked?
CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...)
	{DSA-1039-1}
	- blender 2.37a-1 (bug #330895; medium)
	[woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...)
	NOT-FOR-US: Microsoft
CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...)
	NOT-FOR-US: Microsoft
CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...)
	NOT-FOR-US: Microsoft
CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...)
	NOT-FOR-US: Microsoft
CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
	NOT-FOR-US: Microsoft
CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...)
	NOT-FOR-US: Microsoft
CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the &quot;audit ...)
	NOT-FOR-US: Microsoft
CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
	- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166 (Unspecified vulnerability in &quot;edit submission handling&quot; for MediaWiki ...)
	- mediawiki 1.4.11-1 (bug #332408; unknown)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
	- mediawiki 1.4.9
CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle when a ...)
	NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
	- polipo 0.9.9-1 (bug #332411; low)
	[sarge] - polipo <no-dsa> (Minor issue)
CVE-2005-3162
	REJECTED
CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...)
	NOT-FOR-US: EasyGuppy
CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
	NOT-FOR-US: Bitdefender Antivirus
CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...)
	NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
	NOT-FOR-US: CubeCart
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
	- blender <unfixed> (bug #332413; unimportant)
	NOTE: To exploit this an attacker would need to trick a user into opening a file
	NOTE: with a very suspicious file, no automatic processing of Blender files
	NOTE: This might even be fixed in 2.42
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
	{DSA-855-1}
	- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
	{DSA-895-1 DTSA-22-1}
	- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434)
CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434; medium)
CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ...)
	{DSA-1022-1}
	- storebackup 1.19-2 (bug #332434; medium)
	NOTE: The upstream fix only mitigated the issue, but didn't fix it
CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...)
	NOT-FOR-US: Mailbox Server for 4D WebStar
CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
	NOT-FOR-US: Procom NetFORCE
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...)
	NOT-FOR-US: Citrix
CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...)
	- serendipity 1.0-1
CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...)
	NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) ...)
	{DSA-945-1}
	- antiword 0.35-2 (low)
CVE-2005-3125
	RESERVED
CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...)
	{DSA-883-1}
	- thttpd 2.23beta1-4
CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
	REJECTED
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
	{DSA-867-1}
	- module-assistant 0.9.10
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
	{DSA-1085-1 DSA-876-1 DSA-874-1}
	- lynx 2.8.5-2sarge1 (bug #335033; high)
	- lynx-cur 2.8.6-16 (bug #334423; high)
	- lynx-ssl <removed>
CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...)
	{DSA-845-1}
	- mason 1.0.0-3
CVE-2005-3117
	REJECTED
CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...)
	NOT-FOR-US: VERITAS Backup
CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
	NOT-FOR-US: mpeg-tools
CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3112 (The &quot;reset password&quot; feature in Macromedia Breeze 5.0 stores passwords ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
	{DSA-922-1}
	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
	NOTE: Montecito CPUs are not available on the market yet
	- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
	- openldap <unfixed> (bug #253838; low)
	TODO: Check, whether openldap2.2 is affected as well
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
	- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
	- coreutils 5.93-1 (bug #306076; low)
	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
	- tar <unfixed> (bug #290435; unimportant)
	[sarge] - tar <no-dsa> (Hardly exploitable)
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
	- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
	- libnss-ldap 199-1 (bug #169793)
CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
	- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
	- barrendero 1.1-1 (bug #279163)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
	- hdup 2.0.14-2 (bug #302790; low)
	NOTE: Minor issue, workaround and patch documented since version above
	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
	- crypt++el 2.91-2.1 (bug #105562; low)
CVE-2004-XXXX [Two vulnerabilities in sredird]
	- sredird 2.2.1-1.1 (bug #267098)
CVE-2003-XXXX [fuzz: Insecure temp file usage]
	- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
	- findutils 4.2.22-1 (bug #313081)
	[woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
	[sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...)
	{DSA-847-1}
	- dia 0.94.0-15 (bug #330890; medium)
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
	- sanitizer 1.76-1 (bug #149799; medium)
	[sarge] - sanitizer <not-affected> (Sarge version already fixed)
	NOTE: This was fixed earlier in fact, but it's unknown when
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
	- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
	- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-XXXX [fprobe-ng: Insecure default hash]
	- fprobe-ng <unfixed> (bug #322699; low)
	[sarge] - fprobe-ng <no-dsa> (Hardly exploitable)
CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
	NOT-FOR-US: Movable Type
CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
	NOT-FOR-US: Movable Type
CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
	NOT-FOR-US: Movable Type
CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
	NOT-FOR-US: Movable Type
CVE-2005-3100 (Unspecified &quot;PPTP Remote DoS Vulnerability&quot; in Astaro Security Linux ...)
	NOT-FOR-US: Astato Security Linux
CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
	NOT-FOR-US: Solaris
CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
	- qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary)
CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
	NOT-FOR-US: Nokia cell phones
CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
	NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
	- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
	- mozilla-firefox 1.0.7-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 ...)
	{DSA-900-3}
	- fetchmail 6.2.5.4-1 (bug #336096; low)
CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...)
	{DSA-827-1}
	- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
	- microcode.ctl <unfixed> (bug #282583; unimportant)
	NOTE: The validity of the microcode is ensure inside the CPU
CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
	- gnupg 1.0.7-1 (bug #107374)
CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
	NOT-FOR-US: SecureW2 TLS
CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
	NOT-FOR-US: contentSrv
CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...)
	NOT-FOR-US: Riverdark Studios RSS Syndicator
CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...)
	NOT-FOR-US: Sony PSP
CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...)
	NOT-FOR-US: SEO-Board
CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...)
	{DSA-1006-1}
	- wzdftpd 0.5.5-1 (high)
CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
	NOT-FOR-US: GeSHi
CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform &quot;code inclusion&quot; ...)
	NOT-FOR-US: PunBB
CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...)
	NOT-FOR-US: Simplog
CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...)
	NOT-FOR-US: Zengaia
CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...)
	NOT-FOR-US: RSyslog
CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
	- interchange 5.2.1-1 (bug #329705; unknown)
CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...)
	- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
	NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...)
	- hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
	NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
	{DSA-865-1}
	- hylafax 1:4.2.2+rc1 (bug #329384; low)
CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...)
	{DSA-869-1}
	- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
	NOT-FOR-US: MailGust
CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
	NOT-FOR-US: PowerArchiver
CVE-2003-XXXX [Insecure temp files in lilo]
	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
	- distcc 2.18.3-3 (bug #298929; low)
	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
	- phpwiki 1.3.12p2-1 (bug #282565; medium)
CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
	- gnumach 1:20050801-3 (bug #46709)
	NOTE: Nearly six years old :-)
CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
	NOT-FOR-US: Opera
CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...)
	NOT-FOR-US: FortiGate
CVE-2005-3057 (Unspecified vulnerability in the FTP component in FortiGate 2.8, ...)
	NOT-FOR-US: FortiGate
CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
	RESERVED
	- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
	{DSA-1017-1}
	- linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
	- php5 5.0.5-2 (bug #353585; medium)
	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
	NOT-FOR-US: jportal
CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for ...)
	NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...)
	NOT-FOR-US: My Little Forum
CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...)
	- emacs21 21.3-1 (bug #286183; medium)
	TODO: check xemacs21
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
	- mailleds 0.93-11.1 (bug #329365; low)
	[sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
	- kdebase <unfixed> (bug #325369; unimportant)
	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
	NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...)
	- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
	- webmin 1.230-1 (high; bug #329741)
	[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
	- usermin 1.160-1 (high; bug #329742)
	NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
CVE-2005-3041 (Unspecified &quot;drag-and-drop vulnerability&quot; in Opera Web Browser before ...)
	NOT-FOR-US: Opera
CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
	NOT-FOR-US: TAC Vista
CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
	NOT-FOR-US: Handy Address Book Server
CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
	NOT-FOR-US: File Transfer Anywhere
CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
	NOT-FOR-US: vxWeb - WinCE software
CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3028
	REJECTED
CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
	NOT-FOR-US: Sybari Antigen anti spam solution
CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
	NOT-FOR-US: Epay Pro
CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
	NOT-FOR-US: vBulletin
CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
	NOT-FOR-US: vBulletin
CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
	NOT-FOR-US: vBulletin
CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
	NOT-FOR-US: vBulletin
CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Safari
CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
	NOT-FOR-US: Content2Web
CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
	NOT-FOR-US: Ensim webppliance
CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...)
	NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
	NOT-FOR-US: SimpleCDR-X
CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier ...)
	{DSA-1219}
	- texinfo 4.8-1 (bug #328365; low)
	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
	NOT-FOR-US: CuteNews
CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
	NOT-FOR-US: Tofu
CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
	NOT-FOR-US: Opera
CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
	NOT-FOR-US: Opera
CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
	NOT-FOR-US: Helpdesk Software Hesk
CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
	NOT-FOR-US: Interakt MX Shop
CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
	NOT-FOR-US: NooTopList
CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
	NOT-FOR-US: Multi-Computer Control System
CVE-2005-3001 (Unspecified vulnerability in the &quot;tl&quot; driver in Solaris 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
	NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
	- bacula 1.38.9-1 (bug #329271; low)
	NOTE: Sarge affected, didn't exist in Woody
CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
	NOT-FOR-US: HP Tru64
CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
	- ncompress <not-affected> (bug #329052; unimportant)
	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
	{DSA-843-1}
	- arc 5.21m-1 (low)
CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
	NOT-FOR-US: LineControl Java Client
CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
	NOT-FOR-US: DeluxeBB
CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
	NOT-FOR-US: HP printers
CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
	NOT-FOR-US: Digital Scribe
CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
	NOT-FOR-US: AhnLab antivirus and related products
CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
	NOT-FOR-US: aeDating script
CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
	NOT-FOR-US: Avocent hardware issue
CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
	NOT-FOR-US: Oracle
CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
	NOT-FOR-US: CompaqHTTPServer
CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
	NOT-FOR-US: Orion
CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...)
	{DSA-878-1}
	- netpbm-free 2:10.0-10
CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...)
	- pam <unfixed> (bug #336344; low)
	[sarge] - pam <not-affected> (Does not contain SELinux support)
	[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
	- gtk+2.0 2.6.10-2
CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
	- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; unimportant)
	- giflib 4.1.4-1 (bug #395382; unimportant)
	NOTE: Just a bug, hardly security implications
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
	{DSA-894-1}
	- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
	{DSA-872-1}
	- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
	- apache2 2.0.55-1 (bug #340337; low)
	NOTE: this occurs in the binary package apache2-mpm-worker
	NOTE: Sarge is affected, apache2 was not in oldstable
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
	- openssl 0.9.8-3 (bug #333500; low)
	- openssl097 0.9.7g-5 (bug #333500; low)
	- openssl094 <removed>
	- openssl095 <removed>
	- openssl096 <removed>
CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
	{DSA-868-1}
	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
	{DSA-863-1}
	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
CVE-2005-2965
	REJECTED
CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
	{DSA-894-1}
	- abiword 2.2.10-1 (bug #329839; medium)
CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...)
	{DSA-844-1}
	- mod-auth-shadow 1.4-2 (bug #323789; medium)
CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...)
	{DSA-830-1}
	- ntlmaps 0.9.9-4
CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...)
	{DSA-834-1}
	NOTE: prozilla is not in sarge or etch
CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...)
	{DSA-870-1}
	- sudo 1.6.8p9-3 (medium)
CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...)
	{DSA-871-1}
	- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
	NOT-FOR-US: AVIRA Desktop
CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat ...)
	NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
	NOT-FOR-US: ATutor
CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
	NOT-FOR-US: MIVA Merchant
CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
	NOT-FOR-US: Subscribe Me Pro
CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
	NOT-FOR-US: AzDGDating lite
CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
	NOT-FOR-US: Sawmill
CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
	NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
	NOT-FOR-US: KillProcess
CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...)
	NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
	- openssl 0.9.8-1 (bug #314465; unimportant)
	NOTE: MD5 is still good enough for most applications, second preimage attacks
	NOTE: haven't been presented yet
CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
	NOT-FOR-US: GNOME Workstation Command Center
CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...)
	{DSA-902-1}
	- xmail 1.22-1 (bug #333863; medium)
CVE-2005-2942
	REJECTED
CVE-2005-2941
	RESERVED
CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware ...)
	NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...)
	NOT-FOR-US: VMWare
CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in ...)
	NOT-FOR-US: iTunes
CVE-2005-2937
	REJECTED
CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer ...)
	NOT-FOR-US: Real Player
CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware ...)
	NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 ...)
	NOT-FOR-US: SCO
CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...)
	{DSA-861-1}
	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
	- pine 4.64-1 (medium; bug #348407)
	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932
	RESERVED
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)
	- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
	RESERVED
CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
	NOT-FOR-US: IRIX
CVE-2005-2924
	RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...)
	- helix-player 1.0.7-1 (bug #358754; medium)
CVE-2005-2921
	RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2913
	REJECTED
CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2911
	RESERVED
CVE-2005-2910
	RESERVED
CVE-2005-2909
	RESERVED
CVE-2005-2908
	RESERVED
CVE-2005-2907
	RESERVED
CVE-2005-2906
	RESERVED
CVE-2005-2905
	RESERVED
CVE-2005-2904 (Zebedee 2.4.1, when &quot;allowed redirection port&quot; is not set, allows ...)
	NOT-FOR-US: Zebedee
CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
	NOT-FOR-US: NOD32 Anti virus
CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
	NOT-FOR-US: class-1 Forum
CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
	NOT-FOR-US: CjWeb2Mail
CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
	NOT-FOR-US: CjLinkOut
CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
	NOT-FOR-US: CjTagBoard
CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...)
	NOT-FOR-US: Filezilla
CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
	NOT-FOR-US: PBLang
CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
	NOT-FOR-US: PBLang
CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
	NOT-FOR-US: PBLang
CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
	NOT-FOR-US: PBLang
CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
	NOT-FOR-US: WebArchiveX
CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
	NOT-FOR-US: SecureOL
CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
	NOT-FOR-US: Check Point
CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2883
	REJECTED
	NOT-FOR-US: Unclassified News Board
CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
	{DSA-843-1}
	- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...)
	{DSA-828-1}
	- squid 2.5.10-7 (unknown)
	NOTE: Patch was added to -6, but not listed in dpatch's list of patches
CVE-2005-XXXX [user password file created by gajim is world-redable]
	- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
	[sarge] - wine <no-dsa> (Minor issue)
CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; medium)
CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
	{DSA-822-1}
	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (medium)
	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
	NOTE: proactively fixed by the robustness patch
	- twiki 20040902-2
CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
	{DSA-825-1 DSA-823-1}
	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
	- loop-aes-utils 2.12p-9 (bug #328626; medium)
CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...)
	{DSA-856-1}
	- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
	- cupsys 1.1.23-1 (unknown)
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
	{DSA-868-1 DSA-866-1 DSA-837-1}
	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
	- mozilla 2:1.7.12-1 (bug #327455; medium)
	- mozilla-thunderbird 1.0.7-1
	NOTE: epiphany-browser is apparently fixed fix the mozilla
	NOTE: upload; see bug #327366
CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in ...)
	{DSA-886-1}
	- chmlib 0.36-1 (bug #327431; medium)
CVE-2005-2802
	REJECTED
CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
	{DSA-841-1 DTSA-20-1}
	- mailutils 1:0.6.90-3 (bug #327424; high)
CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
	NOT-FOR-US: ZipTorrent
CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
	NOT-FOR-US: BlueWhaleCRM
CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: Mercora IMRadio
CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
	NOT-FOR-US: aMember Pro
CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: URBAN
CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
	NOT-FOR-US: OpenWebmail
CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
	NOT-FOR-US: ADSL hardware
CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
	NOT-FOR-US: N-Stealth
CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
	- nikto 1.35-1.1 (bug #327339; medium)
CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
	NOT-FOR-US: Rediff BOL)
CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
	NOT-FOR-US: Free SMTP Server
CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party ...)
	NOT-FOR-US: ALZip
CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
	NOT-FOR-US: thesitewizard.com chfeedback.pl
CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
	NOT-FOR-US: GuppY
CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
	NOT-FOR-US: Novell Netware
CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
	{DTSA-25-1}
	- smb4k 0.6.4-1 (bug #337471; medium)
	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SlimFTPD
CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
	NOT-FOR-US: Ariba Spend Management System
CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
	NOT-FOR-US: Indiatimes Messenger
CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
	NOT-FOR-US: Hesk
CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
	NOT-FOR-US: DameWare Mini
CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
	NOT-FOR-US: IOS
CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
	NOT-FOR-US: MAXdev
CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXdev
CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
	NOT-FOR-US: myBloggie
CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
	- webgui <itp> (bug #139749)
CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
	NOT-FOR-US: Phorum
CVE-2005-2835
	RESERVED
CVE-2005-2834
	RESERVED
CVE-2005-2833
	RESERVED
CVE-2005-2832
	RESERVED
CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2828
	RESERVED
CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...)
	NOT-FOR-US: Windows NT
CVE-2005-2826
	RESERVED
CVE-2005-2825
	RESERVED
CVE-2005-2824
	RESERVED
CVE-2005-2823
	RESERVED
CVE-2005-2822
	RESERVED
CVE-2005-2821
	RESERVED
CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327181; medium)
CVE-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
	NOT-FOR-US: DownFile
CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
	NOT-FOR-US: DownFile
CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
	NOT-FOR-US: Greymatter
CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
	NOT-FOR-US: man2web
CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
	NOT-FOR-US: urban game
CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
	NOT-FOR-US: silc daemon
CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
	- frox 0.7.18-1 (medium)
CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
	- frox <not-affected> (does not run setuid root in the Debian package)
CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
	NOT-FOR-US: BNBT EasyTracker
CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
	NOT-FOR-US: e107
CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...)
	NOT-FOR-US: GroupWise
CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-6 (low)
	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: Not enabled in the binary build, see #326065
	- openssh-krb5 <removed> (bug #327233; medium)
	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
	{DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2795
	RESERVED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
	{DSA-809-3 DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2784 (SQL injection vulnerability in the login function for the ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
	NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
	{DSA-1063-1}
	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
	[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
	NOTE: Sarge affected, woody isn't
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
	NOT-FOR-US: iTAN
CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
	NOT-FOR-US: Litium Quake mod
CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
	NOT-FOR-US: HP OpenView
CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
	{DSA-832-1}
	- gopher 3.0.11 (bug #327722; high)
CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327727; medium)
CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
	NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
	NOT-FOR-US: LeapFTP
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
	- linux-2.6 2.6.12-6 (low)
CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...)
	NOT-FOR-US: VPNRemote
CVE-2005-2760
	RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2740
	RESERVED
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
	NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
	NOT-FOR-US: YaPig
CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
	NOT-FOR-US: phpGraphy
CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5-2 (bug #325285; medium)
	TODO: check gallery2
CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
	NOTE: path disclosure, so not very important on debian systems
	NOTE: unreproducible according to bug #327729
CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
	NOT-FOR-US: Astato specific
CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
	NOT-FOR-US: Astato specific
CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
	NOT-FOR-US: Astato specific
CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
	{DSA-805-1}
	NOTE: The CVE description is wrong, this has been merged for 2.0.55
	- apache2 2.0.54-5 (bug #326435; medium)
CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
	NOT-FOR-US: QNX
CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
	NOT-FOR-US: PaFileDB
CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
	NOT-FOR-US: HAURI Antivirus
CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Ventrilo
CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
	NOT-FOR-US: MPlayer
CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
	{DSA-799-1}
	- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715 (Format string vulnerability in the Java user interface service ...)
	NOT-FOR-US: VERITAS NetBackup Data and Business Center
CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
	NOT-FOR-US: IBM
CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...)
	NOT-FOR-US: ISS
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
	{DSA-826-1}
	NOTE: see  http://www.open-security.org/advisories/13
	- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (bug #329778; medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
	{DSA-807-1 DSA-805-1}
	- libapache-mod-ssl 2.8.24-1 (medium)
	- apache2 2.0.54-5 (bug #327210; medium)
CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit ...)
	NOT-FOR-US: PHPKit
CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
	NOT-FOR-US: Nephp Publisher Enterprise
CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
	NOT-FOR-US: Notes
CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
	NOT-FOR-US: Cisco
CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
	NOT-FOR-US: WinAce
CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
	NOT-FOR-US: SunOS
CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
	NOT-FOR-US: Solaris
CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
	NOT-FOR-US: SunOS
CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
	{DSA-793-1}
	- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
	- linux-2.6 2.6.18-1 (bug #332381; low)
	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
	NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
	- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
	{DSA-798-1}
	- phpgroupware 0.9.16.008-1 (unknown)
CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
	{DSA-796-1}
	- affix 2.1.2-3 (bug #325444; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
	- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
	{DSA-806-1 DSA-802-1}
	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
	- cvs 1:1.11.5-4 (bug #325106; low)
	- gcvs 1.0final-8 (bug #324969; low)
CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
	NOT-FOR-US: RunCMS
CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
	NOT-FOR-US: RunCMS
CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-XXXX [Insecure temp files in firehol]
	- firehol 1.231-4 (unimportant)
	NOTE: Only exploitable inside modified binary installation
CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
	NOT-FOR-US: Virtual Edge Netquery
CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)
	NOT-FOR-US: PHPKit
CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
	NOT-FOR-US: DTLink AreaEdit
CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
	NOT-FOR-US: Cisco
CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
	NOT-FOR-US: Sysinternals Process Explorer
CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
	NOT-FOR-US: MSIE
CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...)
	NOT-FOR-US: ACNews
CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
	NOT-FOR-US: Coppermine
CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
	NOT-FOR-US: Burning Board
CVE-2005-2671
	REJECTED
CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
	NOT-FOR-US: HAURI
CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
	- openssh 1:4.0p1-1 (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
	NOT-FOR-US: elm-me+ is no longer in unstable or testing
CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
	NOT-FOR-US: Whisper
CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (low; bug #329307)
CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (high; bug #329307)
CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...)
	{DSA-852-1}
	- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
	{DSA-839-1}
	- apachetop 0.12.5-3 (unknown)
CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...)
	{DSA-886-1}
	- chmlib 0.37-2 (medium)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
	{DSA-812-1}
	- turqstat 2.2.4-1 (medium)
CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
	{DSA-811-2}
	- common-lisp-controller 4.18 (bug #328633; medium)
CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
	{DSA-794-1}
	NOTE: Fix in -8 had problems
	- polygen 1.0.6-9 (bug #325468; low)
CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
	{DSA-791-1 DTSA-11-1}
	- maildrop 2.0.2-7 (bug #325135; medium)
CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
	{DSA-790-1}
	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
	- cplay 1.49-8 (bug #324913; low)
	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
	[sarge] - cplay <no-dsa> (Hardly exploitable)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
	{DSA-814-1 DTSA-17-1}
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...)
	NOT-FOR-US: BBCaffe
CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
	NOT-FOR-US: Zorum
CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...)
	NOT-FOR-US: Zorum
CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
	NOT-FOR-US: ATutor
CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...)
	NOT-FOR-US: W-Agora
CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...)
	NOT-FOR-US: JaguarControl
CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
	- tor 0.1.0.14-1 (bug #323786; medium)
CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
	- mutt <not-affected> (bug #323956; high)
	NOTE: Status is not clear; upstream is unresponsive.
	NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
	{DSA-785-1}
	- libpam-ldap 178-1sarge1 (bug #324899; unknown)
CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
	NOT-FOR-US: Outlook
CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...)
	NOT-FOR-US: MyProxy
CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...)
	NOTE: could not reproduce this with squid 2.5, neither could the redhat guys
	NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522
	- squid 2.5
CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...)
	- squid 2.5.8
CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM ...)
	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...)
	NOT-FOR-US: DiamondCS
CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
	NOT-FOR-US: Juniper
CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
	NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
	- phpadsnew <itp> (bug #226636)
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
	- phpadsnew <itp> (bug #226636)
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the &quot;Log to Screen&quot; feature ...)
	NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
	NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
	- mediabox404 <itp> (bug #294397)
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
	NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...)
	- helix-player <not-affected> (Only Windows version of Real are affected)
CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...)
	{DSA-915-1}
	- helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...)
	- flashplugin-nonfree 7.0.61-1.1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
	NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
	NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
	- wmfrog <itp> (bug #294352)
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
	NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
	NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
	NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
	- cplay 1.49-3 (medium)
CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
	NOT-FOR-US: Open WebMail
CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
	NOT-FOR-US: miniBB
CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
	NOT-FOR-US: Tutti Nova
CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
	NOT-FOR-US: Hitachi Cosminexus Portal Framework
CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
	NOT-FOR-US: S-Mart Shopping Cart or RediCart
CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
	NOT-FOR-US: Jaws
CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
	NOT-FOR-US: Jaws
CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
	NOT-FOR-US: Jaws
CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
	NOT-FOR-US: Kerio
CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
	NOT-FOR-US: proxytunnel
CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
	NOT-FOR-US: HP printers
CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
	NOT-FOR-US: Computer Associates Unicenter Common Services
CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
	NOT-FOR-US: Novell GroupWise
CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
	NOT-FOR-US: Autonomy
CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
	NOT-FOR-US: Autonomy
CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
	NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
	NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
	NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
	NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...)
	NOT-FOR-US: BEA
CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...)
	NOT-FOR-US: Keene Digital Media Server
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
	NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
	NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
	NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...)
	- samhain 2.0.2
CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...)
	- samhain 2.0.2
CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...)
	- kernel-patch-vserver 1.9.2
CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...)
	- phpgroupware 0.9.14.002
CVE-2004-2406 (Unknown &quot;overflow&quot; in the phpgw_config table for phpGroupWare before ...)
	- phpgroupware 0.9.14.002
CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2404
	REJECTED
	NOT-FOR-US: Leif Wright Web Blog
CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
	NOT-FOR-US: YaBB
CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
	NOT-FOR-US: YaBB
CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...)
	NOT-FOR-US: WinFTP Server
CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
	NOT-FOR-US: Sidewinder
CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe
CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...)
	NOT-FOR-US: Blue Coat
CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...)
	NOT-FOR-US: Sun JSSE
CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
	NOT-FOR-US: libuser
CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
	NOT-FOR-US: ECW-Shop
CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
	NOT-FOR-US: (FreeBSD)
	NOTE: old freebsd, before it was introduced in Debian
CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
	NOT-FOR-US: Sun JSSE and JRE
CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
	{DTSA-16-1}
	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html, amd64 specific DOS
	- linux-2.6 2.6.12-6
CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
	NOT-FOR-US: ezUpload
CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
	NOT-FOR-US: EQdkp
CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
	NOT-FOR-US: Discuz
CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
	NOT-FOR-US: CPAINT Ajax
CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
	- wordpress 1.5.2-1 (bug #323040; high)
CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
	NOT-FOR-US: SafeHTML
CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
	NOT-FOR-US: PHPSimplicity
CVE-2005-2606 (Unknown vulnerability in the &quot;frontend authentication&quot; in PHlyMail ...)
	NOT-FOR-US: PHlyMail
CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
	NOT-FOR-US: Lasso Professional Server
CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
	NOT-FOR-US: MidiCart
CVE-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as used in other products ...)
	{DSA-899-1 DSA-798-1}
	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
	NOT-FOR-US: Hummingbird FTP for Connectivity
CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and ...)
	NOT-FOR-US: Dokeos
CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
	NOT-FOR-US: AOL Client
CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
	{DSA-879-1}
	- gallery 1.5-2 (medium)
CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
	NOT-FOR-US: Dada Mail
CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
	NOT-FOR-US: Apple Safari
CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
	NOT-FOR-US: MindAlign
CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
	NOT-FOR-US: MindAlign
CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
	NOT-FOR-US: MindAlign
CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
	NOT-FOR-US: MindAlign
CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
	NOT-FOR-US: WRT54GS wireless router
CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
	NOT-FOR-US: DVBBS
CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
	NOT-FOR-US: PHPTB Topic Boards
CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
	NOT-FOR-US: Kaspersky
CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
	NOT-FOR-US: Grandstream BudgeTone
CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
	NOT-FOR-US: Contivity
CVE-2005-2578
	REJECTED
CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
	NOT-FOR-US: Wyse Winterm
CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
	NOT-FOR-US: CaLogic
CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...)
	NOT-FOR-US: SysCP
CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...)
	NOT-FOR-US: SysCP
CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...)
	NOT-FOR-US: MYFAQ
CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...)
	NOT-FOR-US: CFBB
CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...)
	NOT-FOR-US: e107 portal
CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
	{DSA-831-1 DSA-829-1}
	- mysql-dfsg-4.1 4.1.13 (medium)
	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (low)
CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-6 (medium)
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
	NOT-FOR-US: rexecd
CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
	NOT-FOR-US: sercd
CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...)
	NOT-FOR-US: sercd
CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Winamp
CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...)
	- jetty 4.2.19-1 (medium)
CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...)
	NOT-FOR-US: @Mail
CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...)
	NOT-FOR-US: @Mail
CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...)
	NOT-FOR-US: Alcatel OmniSwitch
CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
	NOT-FOR-US: 1st Class Mail Server
CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...)
	NOT-FOR-US: BadBlue
CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
	NOT-FOR-US: AIM
CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...)
	- bochs 2.1.1-1
CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...)
	NOT-FOR-US: Red Storm Games
CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...)
	NOT-FOR-US: Opt-X
CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...)
	NOT-FOR-US: WFTPD
CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...)
	NOT-FOR-US: GlobalScape Secure FTP Server
CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Targem Battle Mages
CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
	- phpbb2 2.0.6c (low)
CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
	NOT-FOR-US: roofpoint Protection Server
CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...)
	NOT-FOR-US: Fizmez
CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
	NOT-FOR-US: 4nGuestbook
CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
	NOT-FOR-US: BugPort
CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
	NOT-FOR-US: GBook
CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
	NOT-FOR-US: GBook
CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
	- phpbb2 2.0.8 (low)
CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
	NOT-FOR-US: Tunez
CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...)
	NOT-FOR-US: Sybari AntiGen for Domino
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
	NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
	NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
	NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
	NOT-FOR-US: VocalTec
CVE-2004-2343 (** DISPUTED ** ...)
	NOTE: apache disputes this and I agree -- joeyh
CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ChatterBox
CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
	NOT-FOR-US: iSearch
CVE-2004-2340 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: PunkBuster Screenshot Database
CVE-2004-2339 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
	NOT-FOR-US: inlook
CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
	NOT-FOR-US: Novel Groupwise
CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
	NOT-FOR-US: Bodington
CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
	NOT-FOR-US: WWW::Form
CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
	NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
	NOT-FOR-US: IP3 Networks NetAccess
CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...)
	NOT-FOR-US: IBM Informatik Dynamic Server
CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...)
	NOT-FOR-US: SurgeFTP Server
CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
	NOT-FOR-US: Novell iChain Server
CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
	- courier <unfixed> (unimportant)
	NOTE: This is a lack of a security feature, but not a direct vulnerability
CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
	NOT-FOR-US: AIX only
CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...)
	NOT-FOR-US: Crob FTP Server
CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...)
	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...)
	NOT-FOR-US: MS IE
CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...)
	NOT-FOR-US: Solaris
CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...)
	NOT-FOR-US: Computer Associates
CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
	- mtools 3.9.9
CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
	- mathopd 1.5b14
CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
	- gallery 1.4.1
CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
	NOT-FOR-US: BEA
CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...)
	NOT-FOR-US: BEA
CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...)
	NOT-FOR-US: BEA
CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...)
	NOT-FOR-US: BEA
CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...)
	NOT-FOR-US: BEA
CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...)
	NOT-FOR-US: BEA
CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...)
	NOT-FOR-US: BEA
CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...)
	- gallery 1.3.3
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
	- clamav 0.86.2-1 (low)
	[sarge] - clamav 0.84-2.sarge.2
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
	NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
	{DSA-782-1 DTSA-9-1}
	- bluez-utils 2.19-1 (bug #323365; medium)
CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Arab Portal
CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
	NOTE: This is intended behaviour, after all tar is an archiving tool and you
	NOTE: need to give -p as a command line flag
	- tar <unfixed> (bug #328228; unimportant)
CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2536 (pstotext before 1.8g does not properly use the &quot;-dSAFER&quot; option when ...)
	{DSA-792-1}
	- pstotext 1.9-2 (bug #319758; medium)
CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2533 (OpenVPN before 2.0.1, when running in &quot;dev tap&quot; Ethernet bridging ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2531 (OpenVPN before 2.0.1, when running with &quot;verb 0&quot; and without TLS ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2528
	RESERVED
CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
	NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
	NOT-FOR-US: MacOS X
CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to ...)
	NOT-FOR-US: MacOS X
CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
	NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
	- slocate <not-affected> (Uses secure glibc code, see #324951)
CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
	- drupal 4.5.5-1 (bug #323347; high)
	- phpgroupware 0.9.16.008-1 (bug #323349; high)
	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
	- phpwiki <unfixed> (unimportant)
	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
	- php4 4:4.3.10-16 (bug #323366; high)
	- php5 5.0.5-1 (high)
CVE-2005-2497
	REJECTED
CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
	{DSA-801-1}
	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
	- ntp 1:4.2.0a+stable-2sarge1 (medium)
	[etch] - ntp 1:4.2.0a+stable-2sarge1 (medium)
CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
	{DSA-816-1}
	- xorg-x11 6.8.2.dfsg.1-7 (medium)
CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
	{DSA-815-1}
	- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
	RESERVED
CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
	- pcre3 6.3-1 (bug #324531; medium)
	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
	- goffice 0.1.0-3 (bug #326898; unimportant)
	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
	- python2.1 2.1.3dfsg-3 (medium)
	- python2.2 2.2.3dfsg-4 (medium)
	- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Buffer overflow in Description parsing]
	- bidwatcher <removed> (bug #319489; low)
	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
	- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
	- gcjwebplugin 2:0.92-1 (bug #267040; bug #301134; high)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
	- dbmail-pgsql <unfixed> (bug #290833; medium)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
	{DSA-922-1 DTSA-16-1}
	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
	NOTE: 2.6.12-1 contained a partially broken fix
	- linux-2.6 2.6.12-6 (bug #309308; low)
CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
	NOT-FOR-US: Sun switches
CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
	NOT-FOR-US: Logicampus
CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
	NOT-FOR-US: Denora IRC stats
CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...)
	NOT-FOR-US: Karrigell
CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
	NOT-FOR-US: Metasploit Framework
CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Fusebox
CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
	NOT-FOR-US: Fusebox
CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
	NOT-FOR-US: Silvernews
CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
	{DSA-903-1}
	- unzip 5.52-4 (bug #321927; low)
CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
	NOT-FOR-US: BusinessMail
CVE-2005-2471 (pstopnm in netpbm does not properly use the &quot;-dSAFER&quot; option when ...)
	{DSA-1021-1}
	- netpbm-free 2:10.0-9 (bug #319757; low)
CVE-2005-2470 (Buffer overflow in a &quot;core application plug-in&quot; for Adobe Reader 5.1 ...)
	NOT-FOR-US: Adobe
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173; medium)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eudora
CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
	NOT-FOR-US: Omnicron
CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
	NOT-FOR-US: Novell Internet Messaging System
CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
	NOT-FOR-US: Pointsec
CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
	NOT-FOR-US: SurfControl
CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
	NOT-FOR-US: QNX
CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
	NOT-FOR-US: Novell eDirectory
CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
	NOT-FOR-US: Blue World Lasso Web Data Engine
CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
	NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
	NOT-FOR-US: Hyper NIKKI System (HNS) Lite
CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
	- netjuke 1.0b7
CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: HTMLsearch
CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
	NOT-FOR-US: RCA Digital Cable Modem
CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Fwmon
CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
	NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
	NOTE: debian's nms-formmail is a reimplementation of old formmail
CVE-2002-2108 (Unknown vulnerability in the &quot;VAIO Manual&quot; software in certain Sony ...)
	NOT-FOR-US: Sony VAIO
CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
	NOT-FOR-US: OpenKeyServer
CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
	NOT-FOR-US: Microsoft
CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
	NOT-FOR-US: Ganglia PHP RRD Web Client
	NOTE: not ganglia-monitor
CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
	- apache 1.3.24 (low)
CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
	- libjzlib-java 0.0.7 (low)
CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
	- ddd <not-affected> (ddd is not setuid/gid so not exploitable)
CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
	NOT-FOR-US: Axspawn-pam
CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
	- maradns 0.9.01 (low)
CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
	NOT-FOR-US: Netware
CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
	NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
	NOT-FOR-US: decfingerd
CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
	NOT-FOR-US: aucho Technology Resin server
CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
	NOT-FOR-US: Solaris
CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
	NOT-FOR-US: clump/os
CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
	NOT-FOR-US: ScriptEase
CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
	NOT-FOR-US: UnixWare/OpenUnix
CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
	NOT-FOR-US: SCO
CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
	NOT-FOR-US: CDE
CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
	NOTE: insufficient info to check, but not same code base
CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
	NOT-FOR-US: Apple
CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
	- wine 0.0.20050830-1 (bug #321470; unimportant)
	NOTE: Not shipped in binary package
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
	- metamail 2.7-48 (bug #321473; low)
	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
	- xfree86 <unfixed> (bug #321447; low)
	[woody] - xfree86 <no-dsa> (Hardly exploitable)
	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
	- xorg-x11 <unfixed> (bug #321447; low)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
	- gs-esp <unfixed> (bug #291452; unimportant)
	NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
	NOTE: binary not shipped
	- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
	- fftw3 3.0.1-12 (low; bug #321566)
	[sarge] - fftw3 <no-dsa> (Minor issue)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
	- clamav-getfiles 0.5-1 (bug #321446; medium)
	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316881; low)
	[sarge] - cgiwrap <no-dsa> (Minor impact)
CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316901; low)
	[sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs)
CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
	- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
	- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
	- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-2 (bug #321401; medium)
	- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
	NOT-FOR-US: Greasemonkey
CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
	- tiff 3.7.0-1
CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
	NOT-FOR-US: IOS
CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
	{DSA-776-1 DTSA-3-1}
	- clamav 0.86.2-1 (medium)
CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
	NOT-FOR-US: sandbox
CVE-2005-2448 (Multiple &quot;endianness errors&quot; in libgadu in ekg before 1.6rc2 allow ...)
	{DSA-813-1 DTSA-2-1 DTSA-4-1}
	- ekg 1:1.5+20050718+1.6rc3-1 (low)
	- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
	REJECTED
CVE-2005-2446
	REJECTED
CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
	NOT-FOR-US: Product Cart
CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
	NOT-FOR-US: KShout
CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
	NOT-FOR-US: SPI Dynamics Web Inspect
CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
	NOT-FOR-US: VBzoom
CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
	NOT-FOR-US: Thomson Web Skill Vantage Manager
CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
	NOT-FOR-US: UseBB
CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
	NOT-FOR-US: UseBB
CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
	NOT-FOR-US: Website Baker
CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
	NOT-FOR-US: Website Baker
CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: PhpList
CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
	NOT-FOR-US: PhpList
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
	- gforge 4.5.14-2 (bug #328224; unimportant)
	NOTE: Direct flooding is possible as well in most circumstances.
	NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
	{DSA-1094-1}
	- gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all fields&quot; ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
	NOT-FOR-US: FTPshell Server
CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
	NOT-FOR-US: Ares FileShare
CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
	NOT-FOR-US: Siemens hardware
CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Beehive
CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
	NOT-FOR-US: Beehive
CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
	NOT-FOR-US: Beehive
CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
	NOT-FOR-US: FtpLocate
CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
	NOT-FOR-US: hardware issue
CVE-2005-2418
	REJECTED
	NOT-FOR-US: Realchat
CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Contrexx
CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
	NOT-FOR-US: Contrexx
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
	NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
	- firefox 1.5.dfsg-1 (unimportant)
	- mozilla-firefox <unfixed> (bug #327549; unimportant)
	- mozilla <unfixed> (bug #327550; unimportant)
	- iceweasel <not-affected>
	NOTE: The turned out to be non-exploitable
CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
	NOT-FOR-US: First Post
CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
	{DSA-808-1}
	- tdiary 2.0.2-1 (bug #319315; medium)
CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
	NOT-FOR-US: Network Manager
CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
	NOT-FOR-US: nbsmtp
CVE-2005-2408
	RESERVED
CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...)
	NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
	NOT-FOR-US: Opera
CVE-2005-2405 (Opera 8.01, when the &quot;Arial Unicode MS&quot; font (ARIALUNI.TTF) is ...)
	NOT-FOR-US: Opera
CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
	NOT-FOR-US: Light Web File Manager
CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
	NOT-FOR-US: ActivePerl
CVE-2004-2285
	REJECTED
	NOT-FOR-US: Perl on Windows
CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
	NOT-FOR-US: osCommerce
CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
	NOT-FOR-US: Sendcard
CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
	NOT-FOR-US: RealChat
CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: PHPSiteSearch
CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
	NOT-FOR-US: PHPFinance
CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
	NOT-FOR-US: phpBook
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
	- firefox <removed> (bug #320539; unimportant)
	- iceweasel <unfixed> (bug #320539; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
	- mozilla <unfixed> (bug #320538; unimportant)
	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
	NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit
	NOTE: This also seems like a rare setup.
CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
	NOT-FOR-US: CuteNews
CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
	NOT-FOR-US: CMSimple
CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
	{DSA-795-2}
	- proftpd 1.2.10-20 (low)
	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
	NOT-FOR-US: some windows USB driver
CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...)
	NOT-FOR-US: GoodTech SMTP server
CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...)
	NOT-FOR-US: Oray PeanutHull
CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
	NOT-FOR-US: Race Driver
CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...)
	NOT-FOR-US: Race Driver
CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...)
	NOT-FOR-US: Belkin 54g wireless routers
CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...)
	NOT-FOR-US: SlimFTPd
CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
	NOT-FOR-US: Oracle Forms
CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu, as used in ekg before ...)
	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
	- gaim 1:1.4.0-5 (low)
	- centericq 4.20.0-9 (bug #323185; low)
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
	{DSA-813-1 DTSA-2-1}
	- centericq 4.20.0-9 (bug #323185; medium)
	- gaim 1:1.5.0-1 (bug #350071; medium)
	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
	[sarge] - ekg <not-affected>
	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
	{DTSA-12-1}
	- vim 1:6.3-085+1 (bug #320017; medium)
	[sarge] - vim 1:6.3-071+1sarge1
	NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security
CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
	- ethereal 0.10.12-1 (bug #320183; low)
	NOTE: This affects partially Woody and Sarge
CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
	- kfreebsd-5 5.3-1 (medium)
CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
	REJECTED
	NOTE: see CVE-2005-2356
CVE-2005-2347
	RESERVED
CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2005-2345
	RESERVED
CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
	NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
	- xoops <itp> (bug #207640)
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
	{DSA-864-1 DSA-862-1 DSA-860-1}
	- ruby <removed>
	- ruby1.6 1.6.8-13 (medium)
	- ruby1.8 1.8.3-1 (bug #332742; medium)
	- ruby1.9 1.9.0+20050921-1 (medium)
CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.2-1
CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
	NOT-FOR-US: Y.SAK
CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
	NOT-FOR-US: smilies_popup.php
CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...)
	NOT-FOR-US: PHPPageProtect
CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
	NOT-FOR-US: MooseGallery
CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...)
	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...)
	NOT-FOR-US: Laffer
CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...)
	NOT-FOR-US: e107
CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
	NOT-FOR-US: CaLogic
CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...)
	NOT-FOR-US: Yawp
CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
	NOT-FOR-US: DVBBS
CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
	{DSA-849-1}
	- shorewall 2.4.1-2 (bug #318946; medium)
CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...)
	NOT-FOR-US: dnrd
CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 ...)
	NOT-FOR-US: dnrd
CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
	NOT-FOR-US: PHPsFTPd
CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
	NOT-FOR-US: Realnode Emilda
CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
	- sms-pl <unfixed> (bug #320540; unimportant)
	NOTE: vulnerable contrib file only in source package
CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...)
	NOT-FOR-US: Winamp
CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Opera
CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
	NOT-FOR-US: MSIE
CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
	NOT-FOR-US: DG Remote Control Server
CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-2303
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Skype
CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
	NOT-FOR-US: Simple Message Board
CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
	NOT-FOR-US: Sybase EAServer
CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: YabbSE
CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
	- netpanzer 0.8+svn20060319-1 (bug #318329; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
	NOT-FOR-US: Oracle
CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
	NOT-FOR-US: Oracle
CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
	NOT-FOR-US: Oracle
CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
	NOT-FOR-US: Oracle
CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
	NOT-FOR-US: WPS
CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: SoftiaCom wMailServer
CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
	NOT-FOR-US: WebEOC
CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
	NOT-FOR-US: WebEOC
CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
	NOT-FOR-US: WebEOC
CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
	NOT-FOR-US: WebEOC
CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
	NOT-FOR-US: Cisco
CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318328; medium)
CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
	NOT-FOR-US: Novell Groupwise WebAccess
CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
	NOT-FOR-US: OpenWebmail
CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
	- dansguardian 2.6.1-13 (medium)
CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
	- dansguardian 2.7.7-2
CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
	NOT-FOR-US: vHost
CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
	NOT-FOR-US: aGSM Half-Life
CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
	NOT-FOR-US: I-Mall Commerce
CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
	NOT-FOR-US: w3m Jigsaw
CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: efFingerD
CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
	NOT-FOR-US: efFingerD
CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
	NOT-FOR-US: IBM Parallel Environment
CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
	- pads 1.1.1 (high)
CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: PimenGest2
CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
	NOT-FOR-US: Ansel
CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
	NOT-FOR-US: Ansel
CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
	- uudeview 0.5.20-2.1 (bug #320541; low)
	[sarge] - uudeview <no-dsa> (Hardly exploitable)
	NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500)
CVE-2004-2264 (** DISPUTED ** ...)
	- less <not-affected> (less is not suid, explotability unlikely)
CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
	NOT-FOR-US: PlaySMS
CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
	NOT-FOR-US: e107
CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...)
	NOT-FOR-US: e107
CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...)
	NOT-FOR-US: Opera
CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...)
	- vsftpd 2.0.1-1 (low)
CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...)
	NOT-FOR-US: Hummingbird Exceed
CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2250 (Unknown vulnerability in the &quot;access code&quot; in RemoteEditor before ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2249 (Unknown vulnerability in the &quot;access code&quot; in SecureEditor before ...)
	NOT-FOR-US: SecureEditor
CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2247 (Unknown vulnerability in the &quot;admin of paypal email addresses&quot; in ...)
	NOT-FOR-US: AudienceConnect
CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...)
	NOT-FOR-US: Goollery
CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...)
	NOT-FOR-US: Goollery
CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...)
	NOT-FOR-US: Phorum
CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...)
	NOT-FOR-US: Phorum
CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
	- vpopmail <unfixed> (bug #320608; low)
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
	NOTE: maintainer says does not apply to debian, see #320608
CVE-2004-2238 (** DISPUTED ** ...)
	NOTE: format string vuln in vpopmail doesn't seem to be real
CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...)
	- moodle 1.4-1
CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...)
	- moodle 1.3.3-1
CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...)
	- moodle 1.2.1-1
CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...)
	- moodle 1.2.1-1
CVE-2004-2233 (Unknown &quot;front page vulnerability with Moodle servers&quot; for Moodle ...)
	- moodle 1.3.2-1
CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...)
	- moodle 1.4.2-1
CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
	NOT-FOR-US: InstallAnywhere
CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...)
	NOT-FOR-US: Oracle
CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...)
	- mozilla-firefox 1.0-1
CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...)
	- mozilla-thunderbird 1.0-3
CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...)
	- mozilla-firefox 0.99+1.0RC1-1
CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
	NOT-FOR-US: Message Foundry
CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...)
	NOT-FOR-US: SoftCart
CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...)
	NOT-FOR-US: Microsoft
CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...)
	NOT-FOR-US: PHPMyWebHosting
CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...)
	NOT-FOR-US: yChat
CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
	NOT-FOR-US: Sun Java
CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...)
	- rxvt-unicode 3.8-1
CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
CVE-2005-XXXX [xgalaga score file segfault]
	- xgalaga 2.0.34-31 (bug #319686; low)
	[sarge] - xgalaga <no-dsa> (Minor issue)
CVE-2005-XXXX [xemeraldia games file overwrite]
	- xemeraldia 0.4-1 (bug #319661; low)
	[sarge] - xemeraldia <no-dsa> (Very minor issue)
CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
	{DSA-774-1}
	NOTE: previous fix in -15 was broken
	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
	{DSA-766-1}
	- webcalendar 0.9.45-7 (bug #315671; medium)
CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
	NOT-FOR-US: Website Baker
CVE-2005-2275
	RESERVED
CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
	NOT-FOR-US: MSIE
CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
	NOT-FOR-US: Opera
CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...)
	NOT-FOR-US: Sfari
CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
	NOT-FOR-US: iCab
CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
	- mozilla-thunderbird 1.0.6-1 (high)
CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (low; bug #318728)
CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
	NOT-FOR-US: magicHTML
CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...)
	NOT-FOR-US: WWWeBBB forum
CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
	NOT-FOR-US: Portix
CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...)
	NOT-FOR-US: Novell Netware
CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...)
	NOT-FOR-US: FTGate
CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FTGate
CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
	- kernel-patch-openmosix <removed> (bug #319621; low)
CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
	NOT-FOR-US: FTGate
CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
	NOT-FOR-US: Microsoft
CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...)
	NOT-FOR-US: Lil' HTTP server
CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...)
	NOT-FOR-US: ICQ
CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...)
	NOT-FOR-US: Mailidx
CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...)
	NOT-FOR-US: Microsoft
CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...)
	NOT-FOR-US: Sun Java
CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Tru64
CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...)
	NOT-FOR-US: SecureClean
CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Eraser
CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...)
	NOT-FOR-US: Eraser
CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...)
	NOT-FOR-US: BCWipe
CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...)
	NOT-FOR-US: WebCalender
CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...)
	NOT-FOR-US: PhpWebGallery
CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...)
	NOT-FOR-US: AtGuard
CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...)
	NOTE: fixed in upstream 1.0.1
	NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
	- mozilla 2:1.1-1 (low)
CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
	- links2 <not-affected> (Fixed before upload into archiv; 2.0pre5)
CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
	NOT-FOR-US: Intel motherboards
CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
	NOT-FOR-US: TeeKai
CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
	NOT-FOR-US: TeeKai
CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...)
	NOT-FOR-US: TeeKai
CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...)
	NOT-FOR-US: TeeKai
CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...)
	NOT-FOR-US: TeeKai
CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...)
	NOT-FOR-US: Cisco
CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
	NOT-FOR-US: Cisco
CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
	NOTE: one day upstream webserver compromise
CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
	NOT-FOR-US: PFinger
CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
	- sketch 0.6.13-1 (low)
CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
	NOT-FOR-US: X-News
CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: x-stat
CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
	NOT-FOR-US: x-stat
CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
	NOTE: old patch
CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
	NOT-FOR-US: QNX
CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
	NOT-FOR-US: QNX
CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...)
	NOT-FOR-US: QNX
CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...)
	NOT-FOR-US: QNX
CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...)
	NOT-FOR-US: NGPT
	NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
	NOTE: NPTL does not have this problem.
CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...)
	NOT-FOR-US: Cisco
CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
	NOT-FOR-US: Sun
CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...)
	NOT-FOR-US: RealityScape
CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...)
	NOT-FOR-US: Email Sanitizer
CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
	NOT-FOR-US: FAQManager
CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...)
	NOT-FOR-US: PHPNuke
CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
	NOT-FOR-US: Microsoft
CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...)
	NOT-FOR-US: PHP, Mircrosoft
CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...)
	NOT-FOR-US: Microsoft
CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...)
	NOT-FOR-US: DOOW
CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...)
	NOT-FOR-US: BrowseFTP
CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
	- imp 3:2.2.6-5 (high)
CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
	NOT-FOR-US: We use the OTHER beep program :P
CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...)
	NOTE: only affects old-stable
CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...)
	NOT-FOR-US: wbboard
CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...)
	NOT-FOR-US: osCommerce
CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
	- user-mode-linux 2.4.17-9 (high)
CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
	NOT-FOR-US: PostNuke
CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
	NOT-FOR-US: Apache
CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
	NOT-FOR-US: faqomatic
CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
	NOT-FOR-US: Tomcat
CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
	NOT-FOR-US: Tomcat
CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...)
	NOT-FOR-US: Tomcat
CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...)
	NOT-FOR-US: Tomcat
CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...)
	NOT-FOR-US: Sun
CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...)
	NOT-FOR-US: Compaq
CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...)
	NOT-FOR-US: Compaq
CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
	NOT-FOR-US: Compaq
CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
	NOT-FOR-US: jmcce
CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...)
	NOT-FOR-US: VVOS
CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...)
	NOT-FOR-US: UnixWare
CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...)
	NOT-FOR-US: Postnuke
CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
	NOT-FOR-US: Postnuke
CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
	NOT-FOR-US: Windows
CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: WebBBS
CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...)
	NOT-FOR-US: Windows
CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...)
	NOT-FOR-US: osCommerce
CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...)
	NOT-FOR-US: Resin
CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Resin
CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Resin
CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...)
	NOT-FOR-US: Resin
CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
	NOTE: presumably fixed in linux 2.4.12
CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
	NOT-FOR-US: Microsoft
CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
	NOT-FOR-US: Openwave WAP gateway
CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
	NOT-FOR-US: CMG WAP gateway
CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
	- vanessa-logger 0.0.2
CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
	NOT-FOR-US: MacOS
CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
	NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
	- nvi 1.79-16a.1
	NOTE: was DSA 085
CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...)
	NOTE: DSA 082
	- xvt 2.1-13
CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
	NOT-FOR-US: OpenBSD
CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
	- snort 1.8.3
CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
	NOT-FOR-US: AIX
CVE-2001-1556 (The log files in Apache web server contain information directly ...)
	NOTE: documented issue in apache, unlikely to be changed
	NOTE: see http://httpd.apache.org/docs/logs.html
CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
	NOT-FOR-US: Solaris
CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
	NOT-FOR-US: AIX
CVE-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...)
	- setiathome <not-affected> (not suid in debian)
CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
	NOTE: no info in CVE db about fix
CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
	NOT-FOR-US: Centra
CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1547 (Outlook Express 6.0, with &quot;Do not allow attachments to be saved or ...)
	NOT-FOR-US: Outlook
CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
	NOT-FOR-US: Pathways Homecare
CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
	NOT-FOR-US: Axis network camera
CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
	NOT-FOR-US: NAI WebShield SMTP
CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
	NOT-FOR-US: BSDI UUCP
CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...)
	NOT-FOR-US: IPRoute router software
	NOTE: This is not for iproute/iproute2.
	NOTE: From Chris Gragsone's message on BUGTRAQ:
	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
	NOTE: "for networks running the Internet Protocol (IP)."
CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
	NOT-FOR-US: MSIE
CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
	NOT-FOR-US: SpeedXess HA-120 DSL router
CVE-2001-1537 (The default &quot;basic&quot; security setting' in config.php for TWIG webmail ...)
	NOTE: current twig package seems to have secure cookies enabled
	NOTE: still uses "basic" security setting.
CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...)
	NOT-FOR-US: Autogalaxy
CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
	- slash 2.2.6-8 (bug #328927; low)
	[sarge] - slash <no-dsa> (Lack of a security feature, minor security problem)
CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
	- apache <unfixed> (bug #328919; unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: Cookies are only used for invading user privacy,
	NOTE: not for authentication, so apache and apache2 should be fine.
CVE-2001-1533 (** DISPUTED * ...)
	NOT-FOR-US: Microsoft
CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...)
	NOT-FOR-US: WebX
CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...)
	NOT-FOR-US: Claris Emailer
CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...)
	NOTE: verified current webmin is ok
CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...)
	NOT-FOR-US: AIX
CVE-2001-1528 (AmTote International homebet program returns different error messages ...)
	NOT-FOR-US: AmTote International homebet
CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...)
	NOT-FOR-US: easynews
CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
	NOT-FOR-US: easynews
CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...)
	NOT-FOR-US: easynews
CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...)
	NOT-FOR-US: Xircom REX
CVE-2001-1519 (** DISPUTED ** ...)
	NOT-FOR-US: RunAs
CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
	NOT-FOR-US: RunAs
CVE-2001-1517 (** DISPUTED ** ...)
	NOT-FOR-US: RunAs
CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...)
	NOT-FOR-US: phpReview
CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...)
	NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...)
	NOT-FOR-US: JRun
CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...)
	NOT-FOR-US: JRun
CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...)
	NOT-FOR-US: JRun
CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...)
	NOT-FOR-US: JRun
CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
	NOT-FOR-US: HP-UX
CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
	- lprng <not-affected> (Not suid in Debian)
	- cupsys <not-affected> (Not suid in Debian)
CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
	- openssh 1:3.0.1
CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
	NOT-FOR-US: FTGate
CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...)
	NOT-FOR-US: Oracle
CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...)
	NOT-FOR-US: Oracle
CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
	NOT-FOR-US: Phorum
CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...)
	NOT-FOR-US: Phorum
CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Phorum
CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...)
	NOT-FOR-US: Phorum
CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
	NOT-FOR-US: Phorum
CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
	NOT-FOR-US: USANet
CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
	NOT-FOR-US: Squito Gallery
CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
	NOT-FOR-US: PhpSlash
CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
	{DSA-759-1}
	- phppgadmin 3.5.4-1 (bug #318284; medium)
CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
	NOT-FOR-US: PHPSecurePages (phpSP)
CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
	- jinzora <itp> (bug #289487)
CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
	NOT-FOR-US: DownloadProtect
CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
	NOTE: no details available
	- moodle 1.5.1-1
CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
	NOT-FOR-US: iPhotoAlbum
CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
	NOT-FOR-US: BIG-IP
CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
	NOT-FOR-US: Cisco
CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
	NOT-FOR-US: Cisco
CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
	{DSA-1003-1}
	- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
	- oftpd 20040304-1 (bug #318286; medium)
	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
	NOT-FOR-US: AIX
CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
	NOT-FOR-US: AIX
CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
	NOT-FOR-US: AIX
CVE-2005-2233 (Buffer overflow in multiple &quot;p&quot; commands in IBM AIX 5.1, 5.2 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
	NOT-FOR-US: AIX
CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
	{DSA-761-2}
	- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
	- elmo 1.3.0-1.1 (bug #318291; low)
	[sarge] - elmo <no-dsa> (Minor issue)
CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
	NOT-FOR-US: Blog Torrent
CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
	NOT-FOR-US: Softiacom wMailserver
CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
	NOT-FOR-US: Outlook
CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
	NOT-FOR-US: MailEnable
CVE-2005-2221 (** DISPUTED ** ...)
	NOT-FOR-US: Dragonfly
CVE-2005-2220 (** DISPUTED ** ...)
	NOT-FOR-US: Dragonfly
CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...)
	- kfreebsd5-source 5.3-17 (medium)
CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
	NOT-FOR-US: PhotoGal
CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
	- mediawiki 1.4.9
CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
	- apt-setup <unfixed> (bug #305142; unimportant)
	NOTE: That's by design. We want to provide non-root users access to the source code,
	NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive
	NOTE: as it'll be sent non-encrypted over the wire.
CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
	NOT-FOR-US: MMS Ripper
CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
	NOTE: duplicate of CVE-2005-1856
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
	NOTE: duplicate of CVE-2005-1855
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
	NOT-FOR-US: Internet Download Manager
CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
	NOT-FOR-US: ScanShare
CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: PrivaShare
CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
	NOT-FOR-US: kaiseki.cgi
CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
	NOT-FOR-US: SiteMinder
CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
	NOT-FOR-US: phpWishlist
CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
	NOT-FOR-US: Xerox Hardware issue
CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
	NOT-FOR-US: PPA web photo gallery
CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
	NOT-FOR-US: SPiD
CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
	NOT-FOR-US: Id Board
CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...)
	NOT-FOR-US: Apple Airport
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 ...)
	NOT-FOR-US: Apple
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
	NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
	NOT-FOR-US: SimplePHPBlog
CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
	NOT-FOR-US: Comersus
CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
	NOT-FOR-US: Comersus
CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
	NOT-FOR-US: Lantronix SecureLinx
CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
	NOT-FOR-US: eRoom
CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
	NOT-FOR-US: eRoom
CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
	NOT-FOR-US: SIP phone hardware issue
CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
	- gnats 4.0 (bug #318481; high)
CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
	NOT-FOR-US: Jaws
CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
	NOTE: the affected probe.cgi
CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...)
	{DSA-873-1}
	- net-snmp 5.2.1.2-1 (bug #318420; low)
	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
	[sarge] - ucd-snmp <no-dsa> (Minor issue)
CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
	NOT-FOR-US: Notes
CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2172
	RESERVED
CVE-2005-2171
	RESERVED
CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
	NOT-FOR-US: Tivoli
CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
	NOT-FOR-US: AliveSites
CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
	NOT-FOR-US: AliveSites
CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
	NOT-FOR-US: Express-Web
CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
	NOT-FOR-US: IdealBB
CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
	NOT-FOR-US: IdealBB
CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
	NOT-FOR-US: IdealBB
CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
	NOT-FOR-US: NatterChat
CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
	NOT-FOR-US: Veritas
CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
	NOT-FOR-US: Cold Fusion
CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
	NOT-FOR-US: Ansel
CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...)
	NOT-FOR-US: DUclassified
CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
	NOT-FOR-US: DUforum
CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
	NOT-FOR-US: DUforum
CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
	NOT-FOR-US: DUclassified
CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
	NOT-FOR-US: DUclassmate
CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
	NOT-FOR-US: kdocker
CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
	NOT-FOR-US: Zanfi
CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
	NOT-FOR-US: Zanfi
CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
	NOT-FOR-US: MailEnable
CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
	NOT-FOR-US: CJOverkill
CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
	- unzoo 4.4-3 (bug #306164)
CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
	NOT-FOR-US: DMXReady
CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
	NOT-FOR-US: DMXReady
CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
	NOT-FOR-US: Digicraft Yak!
CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
	NOT-FOR-US: WeHelpBUS
CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
	NOT-FOR-US: Macromedia JRun
CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
	NOT-FOR-US: Microsoft
CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
	NOT-FOR-US: Microsoft
CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
	NOT-FOR-US: ReviewPost
CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
	- cherokee 0.4.8
CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
	NOT-FOR-US: Caravan
CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BaSoMail
CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
	- latex2rtf 1.9.16
CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
	NOT-FOR-US: Canon ImageRUNNER
CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
	NOT-FOR-US: Lords of the Realm
CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
	NOT-FOR-US: VP-ASP
CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
	- serendipity 1.0-1
CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
	NOT-FOR-US: Online Recruitment Agency
CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
	NOT-FOR-US: Online-bookmarks
CVE-2005-2348
	RESERVED
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
	NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
	NOT-FOR-US: Plague
CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...)
	NOT-FOR-US: Plague
CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
	NOT-FOR-US: Plague
CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...)
	NOT-FOR-US: GlobalNoteScript
CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...)
	NOT-FOR-US: Covide
CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
	NOT-FOR-US: AutoIndex PHP Script
CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
	NOT-FOR-US: MyGuestbook
CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
	{DSA-768-1}
	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
	NOT-FOR-US: IMail
CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
	NOT-FOR-US: PlanetDNS
CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...)
	NOT-FOR-US: JBoss
CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
	NOT-FOR-US: nabopoll
CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...)
	NOT-FOR-US: osTicket
CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
	NOT-FOR-US: osTicket
CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
	NOT-FOR-US: Geeklog
CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
	{DSA-784-1}
	- courier 0.47-6 (bug #320290; low)
CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
	NOT-FOR-US: Microsoft
CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
	{DSA-739-1}
	- trac 0.8.4-1
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: TCP Chat
CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
	NOT-FOR-US: FSboard
CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
	NOT-FOR-US: Pavsta
CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...)
	NOT-FOR-US: Raritan Dominion SX
CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
	NOT-FOR-US: EtoShop
CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
	NOT-FOR-US: NetBSD
CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-1915.  Reason: ...)
	NOT-FOR-US: log4sh
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
	NOT-FOR-US: SCO UnixWare
CVE-2005-2131
	RESERVED
CVE-2005-2130
	RESERVED
CVE-2005-2129
	RESERVED
CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...)
	NOT-FOR-US: Windows
CVE-2005-2125
	RESERVED
CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...)
	NOT-FOR-US: Windows
CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...)
	NOT-FOR-US: Windows
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
	NOT-FOR-US: Windows
CVE-2005-2121
	RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
	NOT-FOR-US: Windows
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
	NOT-FOR-US: Microsoft
CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
	NOT-FOR-US: Windows
CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Windows
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
	- cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116
	REJECTED
CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
	NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits
	[sarge] - mozilla <not-affected> (Unreproducible)
	- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
	- xoops <itp> (bug #207640)
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
	- xoops <itp> (bug #207640)
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
	NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
	{DSA-745-1}
	- drupal 4.5.4-1 (bug #316362)
CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
	NOT-FOR-US: IOS
CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...)
	NOT-FOR-US: sysreport
CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (high; bug #323706)
CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (medium; bug #323706)
CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
	{DSA-818-1}
	- kdeedu 4:3.4.2-1 (low)
CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...)
	- linux-2.6 <not-affected> (Red Hat specific according to Horms)
	- kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms)
CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table in PDF files, ...)
	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
	- kdegraphics 4:3.4.2-1 (bug #322458; low)
	- xpdf 3.00-15 (bug #322462; low)
	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
	- tetex-bin 3.0-12
	NOTE: tetex links to poppler since 3.0-12
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- gpdf 2.10.0-4 (bug #334454; low)
	NOTE: Cups switched to xpdf-utils
	- cupsys 1.1.22-7 (bug #324464)
	[woody] - cupsys <not-affected> (Vulnerable code not present)
	- poppler 0.4.0-1 (low)
	- libextractor 0.5.8-1 (medium)
CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1}
	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
	NOTE: Florian Weimer is doing a comprehensive audit using clamav
	NOTE: to search for static zlib signatures in binaries in Debian
	NOTE: Not all of the listed packages have been checked for actual
	NOTE: exploitability using this hole.
	NOTE: oldstable (woody) had zlib 1.1, which is not affected
	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
	- dpkg 1.13.11 (bug #317967; unimportant)
	NOTE: You need to trust debs anyway, when installing them
	- zsync 0.4.0-2 (bug #317968; medium)
	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
	- dump 0.4b40-1 (bug #317966; low)
	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
	- aide 0.10-6.1.1 (bug #317523; unimportant)
	NOTE: aide only uses zlib to compress/decompress internal data
	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- amd64-libs 1.3 (bug #317970; medium)
	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- ia32-libs 1.6 (bug #317971; medium)
	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
	- bacula 1.36.3-2 (bug #318014; medium)
	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
	- sash 3.7-6 (bug #318246; bug #318069; medium)
	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- libphysfs 1.0.0-5 (bug #318091; unimportant)
	- oops 1.5.23.cvs-3 (bug #318097; medium)
	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
	- rpm 4.0.4-31.1 (bug #318099; unimportant)
	NOTE: You need to trust rpms anyway, when installing them
	- rageircd 2.0.0-3sid1 (bug #309196; medium)
	- systemimager-ssh <not-affected> (bug #318101; unimportant)
	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- texmacs 1:1.0.5-3 (bug #318100; medium)
	[sarge] - texmacs <no-dsa> (Hardly exploitable)
	- zlib 1:1.2.2-7 (bug #317133; medium)
	- pvpgn 1.7.8-2 (bug #332236; unknown)
	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
	NOTE: as the included version was never affected, despite claiming them so.
CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
	NOT-FOR-US: Sun
CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
	NOT-FOR-US: Websphere
CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
	- tomcat4 4.1.28-1
	NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
	NOT-FOR-US: Microsoft
CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...)
	{DSA-805-1 DSA-803-1}
	- apache 1.3.33-8 (bug #322607; medium)
	- apache2 2.0.54-5 (bug #316173; medium)
CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating ...)
	NOT-FOR-US: Microsoft
CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
	NOT-FOR-US: Inframail
CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
	NOT-FOR-US: Community Forum
CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
	NOT-FOR-US: IA eMailServer
CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: imTRSET
CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
	- asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant)
	NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands
CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
	NOT-FOR-US: Lpanel
CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GoodTech SMTP Server
CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
	NOT-FOR-US: Real Estate Management Software
CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Chatman
CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
	NOT-FOR-US: INTELLIPEER Email Server
CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
	- mysql-dfsg-4.1 4.1.5-1
CVE-2004-2148 (Unknown local vulnerability in the &quot;change user&quot; feature of Slava ...)
	- fprobe-ng 1.1-1
	TODO: Check, whether fprobe is affected as well
CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Baal Smart Forms
CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...)
	NOT-FOR-US: Mambo Portal
CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
	- sdd 1.52-1
CVE-2004-2141
	REJECTED
CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
	NOT-FOR-US: YaBB
CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
	NOT-FOR-US: YaBB
CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
	NOT-FOR-US: MySQLGuest
CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: BisonFTP Server
CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
	NOT-FOR-US: DB2
CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...)
	NOT-FOR-US: Solaris
CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #318755; medium)
CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
	{DSA-785-1}
	- openldap2.2 2.2.26-3 (bug #316674; medium)
	- openldap2 2.1.30-11 (medium)
	- libpam-ldap 178-1sarge1 (bug #316972; medium)
	- libnss-ldap 238-1.1 (bug #316973; medium)
CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
	- kfreebsd-source <unfixed>
CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
	NOT-FOR-US: Affected only Real Player, not Helix Player
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: iSMTP
CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...)
	NOT-FOR-US: Microsoft
CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
	NOT-FOR-US: QNX
CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...)
	NOTE: verified current version is not vulnerable to exploit
CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...)
	NOT-FOR-US: Solaris
CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
	NOT-FOR-US: Watchguard SOHO
CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...)
	NOT-FOR-US: IPFilter
CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
	- net-tools <unfixed> (unimportant)
	NOTE: This seems to be a misunderstanding of what the PROMISC flag
	NOTE: is about.  ifconfig reports properly when it is set using
	NOTE: "ifconfig promisc".
CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of &quot;A0&quot; to encrypt ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...)
	NOT-FOR-US: Microsoft
CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
	NOT-FOR-US: pp_powerSwitch
CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
	NOT-FOR-US: Sourcecraft Networking Utils
CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...)
	NOT-FOR-US: SnortCenter
CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
	NOT-FOR-US: Magic Notebook
CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...)
	NOT-FOR-US: Com21 hardware
CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...)
	NOT-FOR-US: XiRCON
CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...)
	NOT-FOR-US: My Postcards Platinum
CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...)
	NOT-FOR-US: Imatix Xitami
CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)
	NOT-FOR-US: phpEventCalender
CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...)
	NOTE: No kernels in Sarge or sid affected
CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
	NOT-FOR-US: Cybozu Share
CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...)
	NOT-FOR-US: kmMail
CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
	- pen <not-affected> (pen was introduced after this old vulnerability)
CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...)
	- rox 1.3.0-1
CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
	NOT-FOR-US: Iomega hardware issue
CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
	NOTE: php function that displays the PHP logo and version information. In the bug
	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
	NOTE: function.
	NOTE: can not reproduce in any versions of php4 in the archive.
	- php4 <not-affected> (bug #349260; low)
	- php5 5.1.1-1 (bug #336654; low)
CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
	NOT-FOR-US: AIM
CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
	NOT-FOR-US: phpRank
CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
	NOT-FOR-US: phpRank
CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...)
	- gringotts <not-affected> (fixed before Gringotts was in Debian)
CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...)
	- webmin 1.000-2
CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...)
	NOT-FOR-US: VNSL
CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...)
	NOT-FOR-US: SmailMail
CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola Surfboard
CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...)
	NOT-FOR-US: SafeTP
CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...)
	NOT-FOR-US: Imatix
CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...)
	NOT-FOR-US: RadioBird
CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...)
	NOT-FOR-US: LCC-Win32
CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...)
	NOT-FOR-US: FlashFXP
CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Virgil CGI Scanner
CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...)
	NOT-FOR-US: Symantex Appliance
CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...)
	NOT-FOR-US: UTStarcom
CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...)
	NOT-FOR-US: Microsoft
CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...)
	NOT-FOR-US: AN HTTPd
CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2002-1924 (PowerChute plus 5.0.2 creates a &quot;Pwrchute&quot; directory during ...)
	NOT-FOR-US: Powerchute
CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: FtpXQ
CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...)
	NOT-FOR-US: VS-ASP
CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...)
	NOT-FOR-US: Microsoft ADO
CVE-2002-1917 (CRLF injection vulnerability in the &quot;User Profile: Send Email&quot; feature ...)
	NOT-FOR-US: Geeklog
CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...)
	NOT-FOR-US: Pirch
CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...)
	NOT-FOR-US: tip
CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...)
	- dump 0.4b31-1
CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...)
	NOT-FOR-US: myPHPNuke
CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...)
	NOT-FOR-US: SkyStream
CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...)
	NOT-FOR-US: TelCondex
CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...)
	NOT-FOR-US: ghttpd
CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...)
	- pine 4.62-1 (low)
	NOTE: checked listed version, and it didn't have the problem
	NOTE: non-free
CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: CGIForum
CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...)
	NOT-FOR-US: BBGallery
CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...)
	NOT-FOR-US: Pinboard
CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: MyWebserver
CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
	- alsaplayer 0.99.72-1
CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...)
	- tomcat4 <not-affected> (Windows-specific Tomcat problems)
CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...)
	- phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295)
CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...)
	NOT-FOR-US: IRCIT
CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...)
	NOT-FOR-US: RedHat specific
CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
	NOT-FOR-US: Logsurfer
CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...)
	NOT-FOR-US: CommonName Toolbar
CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...)
	NOT-FOR-US: TightAuction
CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for ...)
	NOT-FOR-US: PPhlogger
CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...)
	NOT-FOR-US: Py-Membres
CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...)
	- qt-x11-free 2:3.0.4-1
CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...)
	NOT-FOR-US: w-Agora
CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...)
	NOT-FOR-US: Entercept Agent
CVE-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...)
	NOT-FOR-US: Astrocam
CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...)
	NOT-FOR-US: Microsoft
CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...)
	NOT-FOR-US: Solaris
CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...)
	NOT-FOR-US: Heysoft EventSave
CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...)
	NOT-FOR-US: Dispair
CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...)
	NOT-FOR-US: Embedded HTTP server
CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SmartMail Server
CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...)
	NOT-FOR-US: Sybase ASE
CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: Pramati
CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...)
	NOT-FOR-US: Orion
CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...)
	NOT-FOR-US: Oracle
CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: jo! jo Webserver
CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...)
	NOT-FOR-US: HP Application Server
CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...)
	NOTE: not-for-us
CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...)
	NOTE: not-for-us
CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
	NOTE: not-for-us
CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...)
	NOTE: not-for-us
CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...)
	- apache2 2.0.42-1
CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...)
	NOTE: not-for-us
CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...)
	NOTE: not-for-us
CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...)
	NOTE: not-for-us
CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...)
	NOTE: not-for-us
CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...)
	NOTE: not-for-us
CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...)
	NOTE: not-for-us
CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...)
	NOTE: not-for-us
CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...)
	NOTE: not-for-us
CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...)
	NOTE: not-for-us
CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...)
	NOTE: not-for-us
CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...)
	NOTE: not-for-us
CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...)
	NOTE: not-for-us
CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...)
	NOTE: not-for-us
CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOTE: not-for-us
CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOTE: not-for-us
CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOTE: not-for-us
CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...)
	NOTE: not-for-us
CVE-2002-1832 (Unknown vulnerability in the &quot;ipopts decode&quot; functionality in ...)
	NOTE: not-for-us
CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...)
	NOTE: not-for-us
CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...)
	NOTE: not-for-us
CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...)
	NOTE: not-for-us
CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...)
	NOTE: not-for-us
CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...)
	- sendmail 8.12-4
CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...)
	- kernel-patch-2.4-grsecurity 1.9.6-1
CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...)
	NOT-FOR-US: WASD
CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
	NOT-FOR-US: MSIE
CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...)
	NOT-FOR-US: Zeroo
CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...)
	NOT-FOR-US: IBM HTTP Server on AS/400
CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...)
	NOT-FOR-US: TinyHTTPD
CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...)
	NOT-FOR-US: httpbench
CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
	NOT-FOR-US: Veritas
CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
	NOT-FOR-US: ATPhttpd
CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
	NOT-FOR-US: Aquonics
CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...)
	- bonobo <not-affected> (efstool not suid on Debian)
CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...)
	NOT-FOR-US: AIM
CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...)
	NOT-FOR-US: gdam123
CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...)
	NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...)
	NOT-FOR-US: D-Link DWL-900AP+ Access Point
CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...)
	NOT-FOR-US: MySQL windows binary
CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...)
	NOT-FOR-US: Meunity
CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
	NOT-FOR-US: Drupal
CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
	- dacode <removed> (bug #322605; low)
	[sarge] - dacode <no-dsa> (Minor issue; attacker would need to bypass moderator review/approval)
	NOTE: Sarge is affected (has same version as testing/unstable)
CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
	NOT-FOR-US: NPDS
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
	- xoops <itp> (bug #207640)
CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
	NOT-FOR-US: phpRank
CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
	NOT-FOR-US: phpRank
CVE-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...)
	NOT-FOR-US: MidiCart
CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...)
	NOT-FOR-US: HP ldapux-pamauthz
CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
	NOT-FOR-US: HP Virtualvault OS
CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
	NOT-FOR-US: Fake Identd
CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...)
	NOT-FOR-US: microsoft
CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...)
	- newsx 1.4pl6.0-2
CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...)
	- nn 6.6.4-1
CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
	NOT-FOR-US: Zeus Administration Server
CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...)
	- php4 4:4.3.10-15
CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
	NOT-FOR-US: microsoft
CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
	NOT-FOR-US: JAF CMS
CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
	NOT-FOR-US: BEWAC
CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
	- tor 0.0.9.10-1 (medium)
CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
	NOT-FOR-US: Duware
CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...)
	NOT-FOR-US: Duware
CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
	NOT-FOR-US: Duware
CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
	NOT-FOR-US: Duware
CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
	NOT-FOR-US: Duware
CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
	NOT-FOR-US: ATutor
CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
	NOT-FOR-US: XAMPP
CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
	NOT-FOR-US: ajax-spell
CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
	NOT-FOR-US: ViRobot
CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
	{DSA-758-1}
	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CVE-2005-2039 (Unknown vulnerability in &quot;various plugins&quot; for NanoBlogger 3.2.1 and ...)
	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Caf&#233;) Chat 1.2.1 allows remote ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf&#233;) ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
	NOT-FOR-US: iGallery
CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...)
	NOT-FOR-US: iGallery
CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
	NOT-FOR-US: socialMPN
CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
	NOT-FOR-US: external script that allow interaction between amarok and a browser
CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
	{DSA-738-1}
	NOTE: varying and apparently innacurate info about what versions fix it
	- razor 2.720-1 (low)
CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
	- gnupg2 1.9.15-1
CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
	NOT-FOR-US: iPlanet
CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
	NOT-FOR-US: cPanel
CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...)
	NOT-FOR-US: 3com Network Supervisor
CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
	NOT-FOR-US: FreeBSD ipfw
CVE-2005-2018
	RESERVED
CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2016
	RESERVED
CVE-2005-2015
	RESERVED
CVE-2005-2014 (The &quot;upload a language pack&quot; feature in paFAQ 1.0 Beta 4 allows remote ...)
	NOT-FOR-US: paFAQ
CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFAQ
CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
	NOT-FOR-US: paFAQ
CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
	NOT-FOR-US: paFAQ
CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
	- yaws 1.56-1 (low)
CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
	- trac 0.8.4-1 (bug #315145)
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: JBOSS
CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
	NOT-FOR-US: Mambo
CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
	NOT-FOR-US: paFileDB
CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
	NOT-FOR-US: paFileDB
CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
	NOT-FOR-US: McGallery
CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
	NOT-FOR-US: McGallery
CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
	{DSA-735-2 DSA-735-1}
	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
	{DSA-748-1}
	- ruby1.8 1.8.2-8 (bug #315064; medium)
	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CVE-2005-1991
	RESERVED
CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MSIE
CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in ...)
	NOT-FOR-US: Microsoft
CVE-2005-1986
	RESERVED
CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
	NOT-FOR-US: Spoolsv.exe
CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
	NOT-FOR-US: Microsoft
CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1978 (COM+ in Microsoft Windows does not properly &quot;create and use memory ...)
	NOT-FOR-US: Microsoft
CVE-2005-1977
	RESERVED
CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...)
	NOT-FOR-US: Novell NetMail
CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
	- uw-imap <unfixed> (bug #315499; unimportant)
	NOTE: This only applies to very exotic setups. It's also documented in the FAQ
	NOTE: and if someone has such a setup she will have to recompile the package with
	NOTE: the security features enabled.
CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
	NOT-FOR-US: DeleGate
CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
	NOT-FOR-US: BPM Studio Pro
CVE-2002-1779 (The &quot;block fragmented IP Packets&quot; option in Symantec Norton Personal ...)
	NOT-FOR-US: Norton
CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
	NOT-FOR-US: Norton
CVE-2002-1777 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1776 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1775 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1774 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
	NOT-FOR-US: ICQ for MacOS X
CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain &quot;Domain ...)
	NOT-FOR-US: Novell Netware
CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
	NOT-FOR-US: FormMail
CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Eudora
CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
	NOT-FOR-US: Mirosoft
CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
	NOT-FOR-US: Oracle
CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
	NOT-FOR-US: Netscape
	NOTE: didn't check mozilla
CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
	- evolution 1.0.5
CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
	NOT-FOR-US: acrobat
CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the &quot;Shift&quot; ...)
	NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
	NOT-FOR-US: Microsoft
CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ACDSee
CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
	- tinc 1.0pre5
CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
	NOT-FOR-US: csNews
CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
	NOT-FOR-US: csChat-R-Box
CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
	NOT-FOR-US: csLiveSupport
CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
	NOT-FOR-US: csGuestbook
CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
	NOT-FOR-US: Windows 2000 Terminal Services
CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
	- slash 2.2.3
CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
	- vtun 2.5b2
CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
	- vtun 2.5b2
CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
	NOT-FOR-US: Microsoft
CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AOL ICQ
CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
	- libsoap-lite-perl 0.55
CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
	NOT-FOR-US: WorldClient
CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
	NOT-FOR-US: WorldClient
CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
	NOT-FOR-US: CGINews
CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
	NOT-FOR-US: dlogin
CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
	NOT-FOR-US: NewsPro
CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
	NOT-FOR-US: Prospero MessageBoards
CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
	NOT-FOR-US: Actinic Catalog
CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
	NOT-FOR-US: IBM AS/400
CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
	NOT-FOR-US: PhotoDB
CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
	NOT-FOR-US: Powerboards
CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
	NOT-FOR-US: microsoft
CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
	- altermime <not-affected> (fixed before the first Debian upload)
CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
	NOT-FOR-US: Spooky Login
CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
	NOT-FOR-US: Bavo
CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
	NOT-FOR-US: microsoft
CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
	NOT-FOR-US: microsoft
CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
	- openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.")
CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
	NOT-FOR-US: msec
CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: microsoft
CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
	NOT-FOR-US: BasiliX
CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
	NOT-FOR-US: BasiliX
CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
	NOT-FOR-US: BasiliX
CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
	NOT-FOR-US: BasiliX
CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when &quot;allow_url_fopen&quot; and ...)
	- phpbb2 2.0.6c-1
CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
	NOT-FOR-US: Cisco
CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1704 (Zeroboard 4.1, when the &quot;allow_url_fopen&quot; and &quot;register_globals&quot; ...)
	NOT-FOR-US: Zeroboard
CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
	NOT-FOR-US: NetAuction
CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
	NOT-FOR-US: ColdFusion
CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
	NOT-FOR-US: ASP Client Check
CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
	- vtun 2.6-1
CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
	NOT-FOR-US: Microsoft Outlook plugin
CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
	NOT-FOR-US: Norton
CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
	NOT-FOR-US: Microsoft
CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
	NOT-FOR-US: AIX
CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
	NOT-FOR-US: AIX
CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
	NOT-FOR-US: Microsoft
CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
	NOT-FOR-US: AIX
CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
	NOT-FOR-US: AIX
CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
	NOT-FOR-US: Deerfield D2Gfx
CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
	NOT-FOR-US: BadBlue Personal Edition
CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
	NOT-FOR-US: NewsReactor
CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
	- slash <not-affected> (Only present in intermediate CVS version, not released in Debian)
CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
	NOT-FOR-US: COWS
CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
	NOT-FOR-US: vBulletin
CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
	NOT-FOR-US: mrtgconfig
CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
	NOT-FOR-US: BindView NetInventory
CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
	NOT-FOR-US: Unreal IRCd
CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
	- webmin 0.93 (medium)
CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
	- webmin <not-affected> (packaging flaw of an unknown RPM based distro)
	NOTE: Permissions of Debian's webmin package look sane and FHS compliant
CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
	NOT-FOR-US: Microsoft
CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: HP-UX
CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
	NOT-FOR-US: Oracle
CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
	NOT-FOR-US: HP Secure OS layer
CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
	- tinc 1.0pre5-1
CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Lotus Notes
CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
	NOT-FOR-US: Sun
CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
	NOT-FOR-US: WebCart
CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
	NOTE: Fix went into proftpd CVS on 2002-12-12
	- proftpd 1.2.8-1
CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
	- proftpd 1.2.4-1
CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
	NOT-FOR-US: Check Point
CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
	NOT-FOR-US: mod_bf
CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
	- thttpd 2.21
CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
	NOT-FOR-US: Network Query Tool
CVE-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
	- util-linux 2.11n-1
CVE-2001-1492
	REJECTED
CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Opera
CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
	NOTE: mozilla is quite easily DOSable with all sorts of large html
	NOTE: files, probably not worth following up on.
CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
	NOT-FOR-US: Open Projects ircd
CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
	- qpopper <not-affected> (Vulnerable code verified not present)
CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
	- libpam-opie <unfixed> (bug #112279; unimportant)
	NOTE: This is documented and not really important. In contrast to passwords
	NOTE: used by humans
	[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
	NOT-FOR-US: Xitami
CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
	NOT-FOR-US: Sun Java
CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
	NOT-FOR-US: Sun
CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
	NOT-FOR-US: UnixWare
CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
	- snort 1.6.1-1
CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
	NOT-FOR-US: Xitami
CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
	NOT-FOR-US: Annuaire
CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...)
	NOT-FOR-US: Sun Java
CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with &quot;Launch with ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
	NOT-FOR-US: Pragma Telnetserver
CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
	NOT-FOR-US: e107
CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...)
	NOT-FOR-US: Broadpool Siteframe
CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia ...)
	NOT-FOR-US: Ovidentia Portal
CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
	NOT-FOR-US: C-JDBC
CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
	NOT-FOR-US: C.J. Steele Tattle
CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
	NOT-FOR-US: JamMail
CVE-2005-1958
	REJECTED
	NOTE: see CVE-2005-1855
CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: singapore
CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
	NOT-FOR-US: Pico Server
CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
	NOT-FOR-US: Pico Server
CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webhints
CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
	NOT-FOR-US: e107
CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
	NOT-FOR-US: xmysqladmin
CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
	NOT-FOR-US: Loki download manager
CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
	NOT-FOR-US: SilverCity
CVE-2005-1940
	RESERVED
CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
	REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.6-1 (medium)
	- mozilla 2:1.7.10-1 (medium)
	[woody] - mozilla <not-affected> (regression of a previous security fix)
CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
	NOT-FOR-US: Microsoft
CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
	NOT-FOR-US: Xerox hardware issue
CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
	NOT-FOR-US: Microsoft
CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1927
	RESERVED
CVE-2005-1926
	RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
	NOT-FOR-US: Tikiwiki
CVE-2005-1924
	RESERVED
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #316401; bug #316462; medium)
CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (low)
CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
	- serendipity 1.0-1
	- drupal 4.5.4-1 (high; bug #316362)
	- phpgroupware 0.9.16.006-1 (high)
	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
	- phpwiki 1.3.7-4 (bug #316714; high)
	- php4 4:4.3.10-16 (high; bug #316447)
	- horde3 <not-affected> (horde3 ships different XMLRPC code)
CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
	{DSA-804-2}
	- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
	REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability ...)
	- tar 1.14-2.2
	NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
	NOT-FOR-US: log4sh
CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
	{DSA-754-1 DTSA-2-1}
	- centericq 4.20.0-7 (medium)
CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
	{DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.6.11 2.6.11-6 (medium)
CVE-2005-1912
	REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
	- leafnode 1.11.3.rel-1 (bug #338886; low)
	[sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
	NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
	NOT-FOR-US: Perception LiteWeb
CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
	NOT-FOR-US: Microsoft
CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
	NOT-FOR-US: livingmailing
CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
	NOT-FOR-US: Kaspersky
CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
	NOT-FOR-US: JiRo's Upload Systems
CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
	NOT-FOR-US: Sawmill
CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Sawmill
CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
	NOT-FOR-US: RakNet
CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
	NOT-FOR-US: phpThumb
CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
	NOT-FOR-US: FlexCast
CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
	NOT-FOR-US: Mortiforo
CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
	NOT-FOR-US: Sun ONE
CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
	NOT-FOR-US: Solaris
CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
	NOT-FOR-US: YaPiG
CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
	NOT-FOR-US: YaPiG
CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
	NOT-FOR-US: YaPiG
CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
	NOT-FOR-US: YaPiG
CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG ...)
	NOT-FOR-US: YaPiG
CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
	NOT-FOR-US: YaPiG
CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: everybuddy
CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: LutelWall
CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
	NOT-FOR-US: GIPTables
CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
	NOT-FOR-US: Lpanel
CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
	NOT-FOR-US: CuteNews
CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
	NOT-FOR-US: Exhibit Engine
CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
	NOT-FOR-US: Dzip
CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
	NOT-FOR-US: Crob
CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
	- drupal 4.5.3-1
CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in ...)
	NOT-FOR-US: Popper
CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat ...)
	NOT-FOR-US: MWChat
CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: I-Man
CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
	NOT-FOR-US: Symantec
CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
	NOT-FOR-US: Calendarix
CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...)
	NOT-FOR-US: Calendarix
CVE-2003-1218
	RESERVED
CVE-2003-1217
	RESERVED
CVE-2005-1863
	RESERVED
CVE-2005-1862
	RESERVED
CVE-2005-1861
	RESERVED
CVE-2005-1860
	RESERVED
CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
	NOT-FOR-US: arshell
CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
	{DSA-786-1}
	- simpleproxy 3.2-4 (medium)
CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (bug #315582; low)
	NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (medium)
	NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to &quot;missing ...)
	{DSA-772-1}
	- apt-cacher 0.9.10 (high)
CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
	{DSA-770-1}
	- gopher 3.0.8 (low)
CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
	{DSA-767-1 DTSA-4-1}
	- kopete 4:3.3.2-5 (bug #319443; unimportant)
	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
	NOTE: no shared lib version is found. As the Debian package has a dependency on
	NOTE: it the maintainer does not intent to fix it, see # 319443
	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1}
	NOTE: This is only contrib code not built in the binary packages AFAIK
	- zlib 1:1.2.3-1 (low)
	- zsync 0.4.1-1 (low)
	NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.
CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
	{DSA-750-1}
	- dhcpcd 1:1.3.22pl4-22 (medium)
CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
	NOT-FOR-US: YaMT
CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
	NOT-FOR-US: YaMT
CVE-2005-1845
	RESERVED
CVE-2005-1844
	RESERVED
CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
	NOT-FOR-US: Windows
CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
	NOT-FOR-US: Windows
CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
	NOT-FOR-US: acroread
CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
	{DSA-744-1}
	- fuse 2.3.0-1
CVE-2005-2349 [Directory traversal in zoo]
	RESERVED
	- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 [Cross Site Scripting in websieve]
	RESERVED
	- websieve <removed> (bug #311838; low)
CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
	NOT-FOR-US: phpCMS
CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
	NOT-FOR-US: Liberum
CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...)
	NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1831 (** DISPUTED ** ...)
	- sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side)
CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...)
	NOT-FOR-US: SoftICE
CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...)
	NOT-FOR-US: HP Radia
CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...)
	NOT-FOR-US: HP Radia
CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...)
	- mailutils 1:0.6.1-2
CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in ...)
	NOT-FOR-US: PowerDownload
CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...)
	NOT-FOR-US: Zeroboard
CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...)
	NOT-FOR-US: NikoSoft WebMail
CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
	NOT-FOR-US: NewLife Blogger
CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...)
	NOT-FOR-US: PicoWebServer
CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
	- wordpress 1.5.1.2-1
CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sony hardware issue
CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Stronghold game
CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
	- libphp-phpmailer 1.73
CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
	NOT-FOR-US: PeerCast
CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
	NOT-FOR-US: Online Solutions for Educators
CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
	NOT-FOR-US: Nortel hardware
CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
	NOT-FOR-US: Nokia hardware
CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
	NOT-FOR-US: Jaws glossary gadget
CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
	NOT-FOR-US: ServersCheck
CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
	NOTE: Cryptographic attack on AES, cannot be fixed
CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
	{DSA-749-1}
	- ettercap 1:0.7.1-1.1 (bug #311615)
CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
	NOT-FOR-US: ClamAV on Mac OS X
CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
	NOT-FOR-US: Microsoft
CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
	NOT-FOR-US: Microsoft
CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...)
	{CVE-2005-3896}
	NOT-FOR-US: Microsoft
	NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896.
CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
	NOT-FOR-US: India Software Solution shopping cart
CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: phpStat
CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
	NOT-FOR-US: FunkyASP
CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
	NOT-FOR-US: ZonGG
CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
	NOT-FOR-US: BookReview
CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
	NOT-FOR-US: BookReview
CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
	NOT-FOR-US: MailEnable
CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
	NOT-FOR-US: Active News Manager
CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
	NOT-FOR-US: PostNuke
CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
	NOT-FOR-US: C'Nedra
CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
	NOT-FOR-US: Terminator game
CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
	- davfs2 0.2.4-1 (bug #310757; medium)
CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
	NOT-FOR-US: Listserv
CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
	NOT-FOR-US: Terminator game
CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
	NOT-FOR-US: HPUX
CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
	NOT-FOR-US: Avast
CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium)
CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 2.4.27-11
	NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic)
CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
	{DSA-826-1}
	- helix-player 1.0.5-1 (bug #316276; high)
	NOTE: Helix Player is affected according to:
	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
	{DSA-1018-1 DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
	NOT-FOR-US: sysreport
CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
	- shtool 2.0.1-2 (low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (unimportant)
	- php4 4:4.4.0-1 (unimportant)
CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
	NOT-FOR-US: Novell
CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
	NOT-FOR-US: Novell
CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
	NOT-FOR-US: Novell
CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
	{DSA-789-1 DTSA-15-1}
	- shtool 2.0.1-2 (bug #311206; low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
	- php4 4:4.3.10-16 (low)
CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
	TODO: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
	TODO: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
	NOT-FOR-US: Oracle
CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
	NOT-FOR-US: CVSup third party modules
CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
	NOT-FOR-US: PJ CGI Nero
CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
	- phpbb2 2.0.6d-2
CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SurfNOW
CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
	NOT-FOR-US: WebWeaver
CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
	NOT-FOR-US: Web Blog
CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
	NOT-FOR-US: BlackICE
CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
	NOT-FOR-US: BlackICE
CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
	- gallery 1.4.4-pl1-1
CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
	NOT-FOR-US: Nextplace
CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
	NOT-FOR-US: Intra Forum
CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
	NOT-FOR-US: Borland Web Server
CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Reptile Web Server
CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...)
	NOT-FOR-US: Oracle
CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...)
	NOT-FOR-US: ProxyNow!
CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...)
	NOT-FOR-US: BremsServer
CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...)
	NOT-FOR-US: BremsServer
CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...)
	NOT-FOR-US: Phorum
CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...)
	NOT-FOR-US: Freesco
CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...)
	NOT-FOR-US: Need for Speed game
CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
	NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
	- fvwm <not-affected> (Used mktemp)
	- x-base-clients <not-affected> (x11perfcomp uses mkdir atomically)
	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
	NOT-FOR-US: Mephistoles
CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
	- honeyd 0.8-1
CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...)
	NOT-FOR-US: WebcamXP
CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
	- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
	RESERVED
	- mutt <unfixed> (bug #311296; unimportant)
	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
	NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
	NOTE: no longer affected.
	- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
	- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
	- zile 2.0.4-2
CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
	NOT-FOR-US: ezwdc NewsletterEz
CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...)
	NOT-FOR-US: Halo
CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
	- net-snmp <not-affected> (fixproc not installed in Debian package)
CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...)
	NOT-FOR-US: Iron Bars Shell
CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow &quot;non-authorized ...)
	NOT-FOR-US: PROMS
CVE-2005-1736 (PROMS 0.11 does not properly handle &quot;certain combinations of rights,&quot; ...)
	NOT-FOR-US: PROMS
CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
	NOT-FOR-US: PROMS
CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
	NOT-FOR-US: PROMS
CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1731
	RESERVED
CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...)
	NOT-FOR-US: Novell iManager
CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Novell
CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
	NOT-FOR-US: Apple
CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
	NOT-FOR-US: Apple
CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
	NOT-FOR-US: Apple
CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
	NOT-FOR-US: Apple
CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
	NOT-FOR-US: Apple
CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
	NOT-FOR-US: Apple
CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
	NOT-FOR-US: avast! antivirus
CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
	NOT-FOR-US: War Times
CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
	NOT-FOR-US: Zyxel hardware
CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
	NOT-FOR-US: TOPo
CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
	NOT-FOR-US: TOPo
CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
	NOT-FOR-US: SurgeMail
CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
	NOT-FOR-US: Serendipity
CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
	NOT-FOR-US: Serendipity
CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
	NOT-FOR-US: Gibraltar Firewall
CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
	NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
	- mailscanner 4.42.9 (bug #310774; low)
	[sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
	- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
	- gdb 6.3-6
CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
	NOT-FOR-US: PortailPHP
CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
	NOT-FOR-US: PostNuke
CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
	NOT-FOR-US: PostNuke
CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
	NOT-FOR-US: PostNuke
CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
	NOT-FOR-US: PostNuke
CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
	NOT-FOR-US: PostNuke
CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
	NOT-FOR-US: CA Antivirus
CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...)
	- gxine 0.4.7-0.1 (bug #310712; medium)
CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
	NOT-FOR-US: SAP
CVE-2005-1690
	REJECTED
CVE-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
	- wordpress 1.5.1-1
CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
	- wordpress 1.5.1-1
CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
	{DSA-753-1}
	NOTE: Only exploitable under rare circumstances
	- gedit 2.10.3-1 (low)
CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
	NOT-FOR-US: episodex
CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
	NOT-FOR-US: episodex
CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
	NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21, ...)
	NOT-FOR-US: phpATM
CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
	- picasm 1.12c-1
CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
	NOT-FOR-US: Groove
CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
	NOT-FOR-US: Groove
CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
	NOT-FOR-US: Groove
CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
	NOT-FOR-US: Groove
CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
	NOT-FOR-US: Extreme BlackDiamond hardware
CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
	NOT-FOR-US: Opera
CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
	NOT-FOR-US: YusASP Web Asset Manager
CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
	NOT-FOR-US: DataTrac Activity Console
CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
	NOT-FOR-US: Orenosv
CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
	NOT-FOR-US: Microsoft
CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
	NOT-FOR-US: EZGuestbook
CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
	NOT-FOR-US: MyServer
CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
	NOT-FOR-US: MyServer
CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
	- rsync 2.6.1-1
CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
	NOT-FOR-US: InoculateIT
CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
	NOT-FOR-US: Microsoft
CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Matrix FTP Server
CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
	NOT-FOR-US: Sophos
CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
	NOT-FOR-US: Sambar
CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
	NOT-FOR-US: phpcodeCabinet
CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
	NOT-FOR-US: JShop
CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
	NOT-FOR-US: Opera
CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
	NOT-FOR-US: Nadeo
CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
	NOT-FOR-US: Jelsoft Bulletin
CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sophos
CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
	NOT-FOR-US: Dream FTP
CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
	- kernel-patch-vserver 1.9.4-1
CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
	NOT-FOR-US: Mambo
CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
	NOT-FOR-US: Macallan
CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
	NOT-FOR-US: VisualShapers
CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
	NOT-FOR-US: Monkey
CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
	NOT-FOR-US: Oracle
CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Crob
CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
	NOT-FOR-US: Crob
CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Crob
CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
	NOT-FOR-US: Monkey
CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
	NOT-FOR-US: Caucho Technology Resin
CVE-2005-XXXX [Two DoS condition in ekg]
	- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
	- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
	- lbreakout2 2.5.2-2
CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
	NOT-FOR-US: Woppoware
CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
	NOT-FOR-US: Woppoware
CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
	NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
	NOT-FOR-US: Woppoware
CVE-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
	NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
	NOT-FOR-US: GASoft
CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
	NOT-FOR-US: GASoft
CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
	NOT-FOR-US: Fastream NETFile
CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
	NOT-FOR-US: Keyvan1 Gallery
CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
	NOT-FOR-US: Livre d'Or
CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
	NOT-FOR-US: Zoidcom
CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
	NOT-FOR-US: Sigma
CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
	NOT-FOR-US: SafeHTML
CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
	NOT-FOR-US: NPDS
CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
	{DSA-783-1}
	- mysql-dfsg 4.0.12-2 (bug #319526; low)
	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
	- cheetah 0.9.16-1
CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
	NOT-FOR-US: Booby
CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
	NOT-FOR-US: phpbb attachment mod
CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
	NOT-FOR-US: Photopost
CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows ...)
	NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to &quot;a ...)
	- viewglob 2.0.1-1
	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
	NOT-FOR-US: Pico Server
CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-1624
	RESERVED
CVE-2005-1623
	RESERVED
CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
	NOT-FOR-US: MetaCart
CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
	NOT-FOR-US: Postnuke mod
CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
	NOT-FOR-US: Skull-Splitter Guestbook
CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: PHPMyChat
CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
	NOT-FOR-US: Willings WebCAM
CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
	NOT-FOR-US: OpenBB
CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
	NOT-FOR-US: OpenBB
CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
	NOT-FOR-US: Web Crossing
CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
	NOT-FOR-US: Tru-Zone NukeET
CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
	NOT-FOR-US: Sun StorEdge 6130 Arrays
CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
	NOT-FOR-US: Remote Cart
CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
	NOT-FOR-US: H-Sphere Winbox
CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
	NOT-FOR-US: guestbook for SiteStudio
CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
	NOT-FOR-US: phpATM
CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
	NOT-FOR-US:  NiteEnterprises Remote File Manager
CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
	NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
	NOT-FOR-US:  MRO Maximo Self Service
CVE-2005-1600 (A &quot;mathematical flaw&quot; in the implementation of the El Gamal signature ...)
	NOT-FOR-US: LibTomCrypt
CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
	NOT-FOR-US: Kryloff Technologies Subject Search Server
CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
	NOT-FOR-US: Fusion SBX
CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1592 (Multiple &quot;javascript vulerabilities in BB code&quot; in BirdBlog before ...)
	NOT-FOR-US: BirdBlog
CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
	NOT-FOR-US: LedForums
CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: HTTP Commander
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
	- clamav 0.85.1-1 (low)
	[sarge] - clamav 0.84-2.sarge.1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	[sarge] - kernel-source-2.6.8 <not-affected>
CVE-2005-1588 (** DISPUTED ** ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
	NOT-FOR-US: 1Two News
CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
	NOT-FOR-US: 1Two News
CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
	NOT-FOR-US: bug_list.php
CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
	NOT-FOR-US: BoastMachine
CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
	NOT-FOR-US: EnCase
CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
	NOT-FOR-US: APG Classmaster
CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
	NOT-FOR-US: Windows
CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
	NOT-FOR-US: ASP Virtual News Manager
CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ShowOff
CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
	NOT-FOR-US: ShowOff
CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
	NOTE: for-for-us (bttlxeForum)
CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
	NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18-7 (bug #308789; medium)
CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
	NOT-FOR-US: Nexusway
CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
	NOT-FOR-US: Nexusway
CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
	NOT-FOR-US: Nexusway
CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
	NOT-FOR-US: WebApp Guestbook PRO
CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
	NOT-FOR-US: Gamespy cd-key validation system
CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
	NOT-FOR-US: JRun
CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
	NOT-FOR-US: WowBB
CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
	NOT-FOR-US: easy message board
CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
	NOT-FOR-US: easy message board
CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
	NOT-FOR-US: Bakbone Netvault
CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...)
	{DSA-755-1}
	NOTE: CVE info about vulnerable version number is bogus
	- tiff 3.7.2-3 (bug #309739)
CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
	NOT-FOR-US: Novell Zenworks
CVE-2005-1542
	RESERVED
CVE-2005-1541
	RESERVED
CVE-2005-1540
	RESERVED
CVE-2005-1539
	RESERVED
CVE-2005-1538
	RESERVED
CVE-2005-1537
	RESERVED
CVE-2005-1536
	RESERVED
CVE-2005-1535
	RESERVED
CVE-2005-1534
	RESERVED
CVE-2005-1533
	RESERVED
CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with &quot;Scan inside archive files&quot; enabled, ...)
	NOT-FOR-US: Sophos
CVE-2005-1529
	RESERVED
CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...)
	NOT-FOR-US: QNX
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
	{DSA-892-1}
	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
	{DSA-751-1}
	- squid 2.5.9-9 (bug #309504)
CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
	NOT-FOR-US: Solaris
CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
	NOT-FOR-US: Cisco
CVE-2005-XXXX [Buffer overflow in libotr]
	- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
	- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
	- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
	NOTE: already fixed since 2.15-6
	- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
	- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
	NOTE: Source package has been renamed from unrar to unrar-free
	- unrar-free 1:0.0.1-2
CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
	NOT-FOR-US: WebSTAR
CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
	NOT-FOR-US: MacOS
CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MidiCart
CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
	NOT-FOR-US: myBloggie
CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
	NOT-FOR-US: myBloggie
CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
	NOT-FOR-US: myBloggie
CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: myBloggie
CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
	NOT-FOR-US: Oracle
CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
	NOT-FOR-US: Oracle
CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
	NOT-FOR-US: MegaBook
CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
	NOT-FOR-US: SimpleCam
CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
	NOT-FOR-US: Gossamer Threads Links
CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1487 (** DISPUTED ** ...)
	NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
	NOT-FOR-US: FishCart
CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
	NOT-FOR-US: RaidenFTPD
CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
	NOT-FOR-US: DMail
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
	NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
	- qmail-src 1.03-38
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
	- qmail-src 1.03-38
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
	- qmail-src 1.03-38
CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...)
	NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
	NOT-FOR-US: LinPHA
CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
	- dansguardian 2.5.2-0-0.1
CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier ...)
	NOT-FOR-US: lostBook
CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
	NOT-FOR-US: RiSearch
CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
	- phpbb2 2.0.10-1
CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
	- phpbb2 2.0.10-1
CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
	NOT-FOR-US: Easyins Stadtportal
CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
	NOT-FOR-US: no_package
CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
	NOT-FOR-US: no_package
CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
	NOT-FOR-US: no_package
CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
	NOT-FOR-US: no_package
CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
	NOT-FOR-US: no_package
CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
	{DSA-1014-1}
	- firebird2 1.5.3.4870-3 (bug #357580)
CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
	NOT-FOR-US: no_package
CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in ...)
	NOT-FOR-US: no_package
CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
	NOT-FOR-US: no_package
CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: no_package
CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
	NOT-FOR-US: no_package
CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
	NOT-FOR-US: no_package
CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: no_package
CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
	NOT-FOR-US: no_package
CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: no_package
CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
	NOT-FOR-US: no_package
CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
	NOT-FOR-US: no_package
CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
	NOT-FOR-US: no_package
CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
	NOT-FOR-US: no_package
CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
	NOT-FOR-US: no_package
CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
	- icecast2 2.0.1.debian-1
CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
	- pound 1.7-1
CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
	NOT-FOR-US: no_package
CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
	NOT-FOR-US: no_package
CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
	NOT-FOR-US: no_package
CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
	NOT-FOR-US: various perls on Windows
CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
	NOT-FOR-US: osCommerce
CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
	NOT-FOR-US: php-nuke
CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
	NOT-FOR-US: php-nuke
CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x ...)
	NOT-FOR-US: php-nuke
CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
	NOT-FOR-US: netchat
CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
	NOT-FOR-US: WebCT
CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
	- wget 1.9.1-12
CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
	NOT-FOR-US: NetBSD
CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...)
	NOT-FOR-US: phpShop
CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of &quot;Everyone ...)
	NOT-FOR-US: OfficeScan
CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
	NOT-FOR-US: Eudora
CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
	NOT-FOR-US: SUSE Live CD
CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
	NOT-FOR-US: DeleGate
CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
	NOT-FOR-US: IRIX
CVE-2004-2001 (ifconfig &quot;-arp&quot; in SGI IRIX 6.5 through 6.5.22m does not properly ...)
	NOT-FOR-US: IRIX
CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
	NOT-FOR-US: Php-Nuke
CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
	NOT-FOR-US: Windows
CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
	NOT-FOR-US: php-nuke
CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
	NOT-FOR-US: kolab
CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
	NOT-FOR-US: omail
CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
	NOT-FOR-US: aweb
CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: aweb
CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
	NOT-FOR-US: Coppermine
CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine
CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
	NOT-FOR-US: Coppermine
CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
	- kernel-patch-adamantix <not-affected> (Only affects PaX for kernel 2.6)
CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
	NOT-FOR-US: YaBB
CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
	NOT-FOR-US: Crystal Reports
CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
	NOT-FOR-US: PROPS
CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
	NOT-FOR-US: PROPS
CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
	- moodle 1.3
CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
	NOT-FOR-US: paFileDB
CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: paFileDB
CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: DiGi Web Server
CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
	NOT-FOR-US: OpenBB
CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
	NOT-FOR-US: OpenBB
CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
	NOT-FOR-US: OpenBB
CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
	NOT-FOR-US: Protector System
CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
	NOT-FOR-US: Protector System
CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
	NOT-FOR-US: Protector System
CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
	NOT-FOR-US: Protector System
CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
	NOT-FOR-US: Unreal engine
CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
	NOT-FOR-US: PostNuke
CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
	NOT-FOR-US: PostNuke
CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
	NOT-FOR-US: phProfession
CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
	NOT-FOR-US: phProfession
CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: phProfession
CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
	- xine-ui 0.99.1
CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
	- phpbb2 2.0.9
CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
	NOT-FOR-US: PostNuke
CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
	- ncftp 2:3.1.8-1 (low)
CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
	NOT-FOR-US: bitdefender
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
	- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
	NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...)
	NOT-FOR-US: phpbb as modified by przemo
CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
	NOT-FOR-US: Solaris
CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
	NOT-FOR-US: Fastream NETFile FTP/Web Server
CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
	- kphone 1:4.0.2
CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
	NOT-FOR-US: Zaep
CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
	NOT-FOR-US: Phorum
CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
	NOT-FOR-US: Nuked-KlaN
CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
	NOT-FOR-US: SCT Campus Pipeline
CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...)
	NOT-FOR-US: Gemitel
CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
	NOT-FOR-US: Citadel
CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
	NOT-FOR-US: MSIE
CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded &quot;1502&quot; ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
	NOT-FOR-US: Crackalaka
CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: rsniff
CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
	- lcdproc 0.4.5
CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
	- lcdproc 0.4.5
CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
	- lcdproc 0.4.5
CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
	NOT-FOR-US: phpnuke
CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
	NOT-FOR-US: phpnuke
CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
	NOT-FOR-US: phpnuke
CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
	NOT-FOR-US: AzDGDatingLite
CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
	NOT-FOR-US: Symantec
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
	- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
	NOT-FOR-US: blaxxun
CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
	NOT-FOR-US: Citrix MetaFrame Password Manager
CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: gentoo portage
CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
	NOT-FOR-US: IGI 2 Covert Strike server
CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
	- monit 1:4.2.1
CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
	- monit 1:4.2.1-1
CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
	- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
	NOT-FOR-US: no_package
CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ...)
	NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
	NOT-FOR-US: no_package
CVE-2004-1893 (Dreamweaver MX, when &quot;Using Driver On Testing Server&quot; or &quot;Using DSN on ...)
	NOT-FOR-US: no_package
CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...)
	NOT-FOR-US: no_package
CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 &quot;doesn't work with ...)
	NOT-FOR-US: no_package
CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
	NOT-FOR-US: no_package
CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
	NOT-FOR-US: no_package
CVE-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: no_package
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
	NOT-FOR-US: no_package
CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
	NOT-FOR-US: no_package
CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...)
	NOT-FOR-US: no_package
CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...)
	NOT-FOR-US: no_package
CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...)
	- openldap2 2.1.17-1
CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...)
	NOT-FOR-US: no_package
CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...)
	NOT-FOR-US: no_package
CVE-2004-1876 (The &quot;%f&quot; feature in the VirusEvent directive in Clam AntiVirus daemon ...)
	- clamav 0.70-1
CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...)
	NOT-FOR-US: no_package
CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...)
	NOT-FOR-US: no_package
CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
	NOT-FOR-US: no_package
CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: no_package
CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...)
	NOT-FOR-US: no_package
CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...)
	NOT-FOR-US: no_package
CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...)
	NOT-FOR-US: no_package
CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
	- nstx 1.1-beta4-1
CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...)
	NOT-FOR-US: no_package
CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
	NOT-FOR-US: no_package
CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka ...)
	NOT-FOR-US: no_package
CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
	NOT-FOR-US: no_package
CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
	NOT-FOR-US: no_package
CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
	NOT-FOR-US: no_package
CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
	NOT-FOR-US: no_package
CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...)
	NOT-FOR-US: no_package
CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
	NOT-FOR-US: no_package
CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...)
	NOT-FOR-US: no_package
CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...)
	NOT-FOR-US: no_package
CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...)
	NOT-FOR-US: no_package
CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
	NOT-FOR-US: no_package
CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
	NOT-FOR-US: no_package
CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: no_package
CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...)
	NOT-FOR-US: no_package
CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...)
	NOT-FOR-US: no_package
CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...)
	NOT-FOR-US: no_package
CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...)
	NOT-FOR-US: no_package
CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
	NOT-FOR-US: no_package
CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
	NOT-FOR-US: no_package
CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...)
	NOT-FOR-US: no_package
CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...)
	NOT-FOR-US: no_package
CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...)
	NOT-FOR-US: no_package
CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...)
	- apache2 2.0.53-1
CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
	NOT-FOR-US: no_package
CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...)
	NOT-FOR-US: no_package
CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...)
	NOT-FOR-US: no_package
CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...)
	NOT-FOR-US: no_package
CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...)
	NOT-FOR-US: no_package
CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...)
	NOT-FOR-US: no_package
CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...)
	NOT-FOR-US: no_package
CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
	NOT-FOR-US: no_package
CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
	NOT-FOR-US: no_package
CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
	NOT-FOR-US: no_package
CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
	NOT-FOR-US: no_package
CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in ...)
	NOT-FOR-US: no_package
CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...)
	NOT-FOR-US: no_package
CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...)
	NOT-FOR-US: no_package
CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...)
	NOT-FOR-US: no_package
CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
	NOT-FOR-US: no_package
CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
	NOT-FOR-US: no_package
CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...)
	NOT-FOR-US: no_package
CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...)
	NOT-FOR-US: no_package
CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...)
	NOT-FOR-US: no_package
CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...)
	NOT-FOR-US: no_package
CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
	NOT-FOR-US: no_package
CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...)
	- phpbb2 2.0.10-1
	NOTE: probably fixed in 2.0.6d-3
CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...)
	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
	NOTE: see bug #308875
CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...)
	NOT-FOR-US: no_package
CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...)
	NOT-FOR-US: no_package
CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...)
	NOT-FOR-US: no_package
CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...)
	NOT-FOR-US: no_package
CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: no_package
CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...)
	NOT-FOR-US: no_package
CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...)
	NOT-FOR-US: no_package
CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
	NOT-FOR-US: no_package
CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...)
	NOT-FOR-US: no_package
CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: ZyWALL
CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...)
	NOT-FOR-US: ASP-Nuke
CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...)
	NOT-FOR-US: PostCalendar
CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
	NOT-FOR-US: PortalApp
CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...)
	NOT-FOR-US: web server of Webcam Watchdog
CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...)
	NOT-FOR-US: Net2Soft Flash FTP Server
CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...)
	NOT-FOR-US: Athena Web Registration
CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...)
	NOT-FOR-US: omail webmail
CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...)
	- openldap2 2.1.17-1
CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...)
	NOT-FOR-US: MDaemon
CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...)
	NOT-FOR-US: MyProxy
CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...)
	- cherokee 0.4.21b01-1
CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...)
	NOT-FOR-US: VieBoard
CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...)
	NOT-FOR-US: VieBoard
CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...)
	NOT-FOR-US: Booby
CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...)
	NOT-FOR-US: Portal DB
CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...)
	NOT-FOR-US: IA WebMail Server
CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
	NOT-FOR-US: e107
CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...)
	NOT-FOR-US: Nokia IPSO
CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Unichat
CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...)
	NOT-FOR-US: TelCondex SimpleWebServer
CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...)
	NOT-FOR-US: ThWboard
CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...)
	NOT-FOR-US: ThWboard
CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...)
	NOT-FOR-US: MPM Guestbook
CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...)
	NOT-FOR-US: Sympoll
CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
	NOT-FOR-US: NullSoft Shoutcast Server
CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
	NOT-FOR-US: Centrinity FirstClass
CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...)
	NOT-FOR-US: Apache Software Foundation Cocoon
CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...)
	- libapache-mod-security 1.8.4-1
CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
	NOT-FOR-US: kpopup
CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
	NOT-FOR-US: DATEV Nutzungskontrolle
CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...)
	NOT-FOR-US: kpopup
CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...)
	NOT-FOR-US: HTTP Commander
CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...)
	- mldonkey 2.5.11-1
CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Ganglia gmond
CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
	- linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper)
CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
	NOT-FOR-US: FlexWATCH
CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun JRE/SDK
CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
	- xcdroast 0.98+0alpha15-1 (bug #310046)
CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...)
	NOT-FOR-US: MAILsweeper
CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
	NOT-FOR-US: byteHoard
CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
	NOT-FOR-US: WebTide
CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...)
	NOT-FOR-US: Fastream
CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...)
	NOT-FOR-US: Les Visiteurs
CVE-2003-1147
	REJECTED
CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
	NOT-FOR-US: Easy PHP Photo Album
CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
	NOT-FOR-US: OpenAutoClassifieds
CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...)
	NOT-FOR-US: Perception LiteServe
CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
	NOT-FOR-US: Croteam Serious Sam demo
CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...)
	- apache2 <not-affected> (Red Hat specific default config)
CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...)
	NOT-FOR-US: sh-httpd
CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...)
	NOT-FOR-US: Chi Kien Uong Guestbook
CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
	NOT-FOR-US: Sun JVM
CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
	NOT-FOR-US: The Bat!
CVE-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: vBulletin
CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
	NOT-FOR-US: PortalApp
CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
	NOT-FOR-US: Opera
CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
	NOT-FOR-US: Apple
CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
	NOT-FOR-US: Apple
CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...)
	NOT-FOR-US: Apple
CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
	NOT-FOR-US: RSA SecurID Web Agent
CVE-2005-XXXX [race condition with a buffered temp file]
	- pysvn 1.1.2-3
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
	- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
	- maradns 1.0.27-1
CVE-2005-2352 [Temp file races in gs-gpl addons scripts]
	RESERVED
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
CVE-2005-XXXX [Possible SQL injection in freeradius]
	- freeradius 1.0.2-4
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
	{DSA-1051-1 DSA-1046-1}
	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- firefox 1.5.dfsg+1.5.0.2-1
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
	- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
	- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
	- trackballs 1.1.1-1 (bug #302454; medium)
	[sarge] - trackballs <no-dsa> (Hardly exploitable)
	NOTE: CVE request sent to mitre (who sent this? any response?)
	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
	NOTE: stored in user's home directories instead.
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1458 (Multiple unknown &quot;other problems&quot; in the KINK dissector in Ethereal ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...)
	- freeradius 1.0.2-4
CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...)
	- freeradius 1.0.2-4
CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
	- leafnode 1.11.2.rel-1
CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
	- openssh 1:3.8p1
CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2005-XXXX [Missing input validation in xtradius]
	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
	- fai 2.8.2
CVE-2005-2354 [nvu uses old copy of mozilla xpcom]
	RESERVED
	NOTE: have not checked to see which security holes are in it exactly
	- nvu <unfixed> (bug #306822; medium)
CVE-2005-2356
	RESERVED
	NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
	- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
	- ipsec-tools 1:0.5.2-1
CVE-2005-1452 (Serendipity before 0.8 allows Chief users to &quot;hide plugins installed ...)
	- serendipity 1.0-1
CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2005-1450 (Unknown vulnerability in &quot;the function used to validate path-names for ...)
	- serendipity 1.0-1
CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
	- serendipity 1.0-1
CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
	- serendipity 1.0-1
CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
	NOT-FOR-US: SitePanel
CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
	NOT-FOR-US: SitePanel
CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
	NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...)
	NOT-FOR-US: osTicket
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
	NOT-FOR-US: osTicket
CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
	NOT-FOR-US: osTicket
CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
	- openwebmail <removed>
CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1432
	RESERVED
CVE-2005-1431 (The &quot;record packet parsing&quot; in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
	NOT-FOR-US: WWWguestbook
CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-1425 (Uapplication Uguestbook stores the database under the web document ...)
	NOT-FOR-US: Uapplication Uguestbook
CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
	NOT-FOR-US: GoText
CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
	NOT-FOR-US: 602 LAN SUITE
CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
	NOT-FOR-US: Ocean12 Mailing list manager
CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
	NOT-FOR-US: Netleaf
CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
	NOT-FOR-US: 04WebServer
CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
	NOT-FOR-US: FilePocket
CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
	NOT-FOR-US: enVivo
CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
	NOT-FOR-US: ECommPro
CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
	NOT-FOR-US: ICUII
CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
	- postgresql 7.4.7-6
CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
	- postgresql 7.4.7-6
CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Apple
CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
	NOT-FOR-US: Skype
CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
	NOT-FOR-US: JW Amazon Web Store
CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
	NOT-FOR-US: NeL libarary
CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
	NOT-FOR-US: Mtp-Target
CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
	- kfreebsd5-source 5.3-10
CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
	NOT-FOR-US: Skype
CVE-2004-1777 (A &quot;range check error&quot; in Skype for Windows before 0.98.0.28 allows ...)
	NOT-FOR-US: Skype
CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
	NOT-FOR-US: PHPCart
CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
	NOT-FOR-US: PHPCalender
CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
	{DSA-934-1}
	[sarge] - pound 1.8.2-1sarge1
	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
	REJECTED
CVE-2005-1389
	REJECTED
CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
	NOT-FOR-US: SURVIVOR
CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Safari
CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
	NOT-FOR-US: phpCoin
CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
	NOT-FOR-US: Oracle
CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
	NOT-FOR-US: Oracle
CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
	NOT-FOR-US: Oracle
CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
	- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
	NOT-FOR-US: phpbb mod
CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
	NOT-FOR-US: Claroline
CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...)
	NOT-FOR-US: Claroline
CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
	NOT-FOR-US: Koobi CMS
CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
	NOT-FOR-US: NetVault
CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
	NOT-FOR-US: NetVault
CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
	- kernel-source-2.4.27 <not-affected>
	- kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
	[sarge] - kernel-source-2.6.8 <not-affected>
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
	NOT-FOR-US: pServ
CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: pServ
CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: pServ
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
	- shadow 4.0.8
	[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
	[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
	NOT-FOR-US: MetaBid Auctions
CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
	NOT-FOR-US: MetaCart
CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
	NOT-FOR-US: MetaCart
CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
	NOT-FOR-US: MetaCart
CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 ...)
	NOT-FOR-US: GrayCMS
CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
	NOT-FOR-US: text.cgi
CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: text.cgi
CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
	NOT-FOR-US: text.cgi
CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: forum.pl
CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: forum.pl
CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
	{DSA-727-1}
	- libconvert-uulib-perl 1.0.5.1
CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
	NOT-FOR-US: MailEnable
CVE-2005-1347 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: acrobat
CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
	NOT-FOR-US: Symantec
CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
	{DSA-721-1}
	- squid 2.5.9-7
CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
	- apache2 2.0.54-3 (bug #322604)
CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
	NOT-FOR-US: vpnd for Mac OS X
CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
	- lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot)
CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1334
	REJECTED
CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
	NOT-FOR-US: VooDoo cIRCle BOTNET
CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
	NOT-FOR-US: NetTerm
CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
	- nag 1.1-3.1 (bug #307173)
CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
	- sork-vacation 2.2.2-1
CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
	- mnemo 1.1-2.1 (bug #307180)
	- nmeno2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
	- imp4 <not-affected>
	- imp3 3.2.8-1 (bug #328218; low)
CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
	- sork-forwards 2.2.2-1
CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
	NOT-FOR-US: Hord Chora module
CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
	- sork-accounts 2.1.2-1
CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
	TODO: Maintainer wanted to check whether turba2 needs fixing as well, re-check with him
	- turba 1.2.5-1
CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
	- kronolith 1.1.4-1
CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
	- sork-passwd 2.2.2-1
CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
	NOT-FOR-US: bBlog
CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
	NOT-FOR-US: bBlog
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
	- courier <unfixed> (bug #307575; unimportant)
CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...)
	NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
	NOT-FOR-US: Adobe Reader 7
CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: hyper.cgi
CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
	NOT-FOR-US: Confixx
CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
	NOT-FOR-US: nProtect:Netizen
CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
	NOT-FOR-US: include.cgi
CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: include.cgi
CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: include.cgi
CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
	- affix-kernel 2.1.1-1.1
CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
	NOT-FOR-US: StorePortal
CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
	- phpbb2 2.0.13-6sarge1 (low)
CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Cart
CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
	NOT-FOR-US: ACS Blog
CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
	NOT-FOR-US: BK Forum
CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows ...)
	NOT-FOR-US: Bitdefender
CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.10.10-2
CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
	- ethereal 0.10.10-2
	- tcpdump 3.8.3-4
CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
	{DSA-850-1}
	- tcpdump 3.8.3-4
CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
	- tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
	REJECTED
CVE-2005-1276
	RESERVED
CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-1273
	RESERVED
CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
	NOT-FOR-US: Backup Agent for Microsoft SQL
CVE-2005-1271
	REJECTED
CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
	- rkhunter 1.2.7-14 (medium)
CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
	- apache 1.3.31-1
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
	- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
	{DSA-805-1}
	- apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
	- apache <not-affected> (Not affected, see #322613)
CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
	{DSA-854-1}
	- tcpdump 3.9.0.cvs.20050614-1 (medium)
CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
	{DSA-736-2 DSA-736-1}
	- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
	{DSA-922-1}
	TODO: check
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	[sarge] - kernel-source-2.4.27 2.4.27-10
	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
	{DSA-741-1}
	- bzip2 1.0.2-7
CVE-2005-1259
	RESERVED
CVE-2005-1258
	RESERVED
CVE-2005-1257
	RESERVED
CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
	NOT-FOR-US: IMail
CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1253
	RESERVED
CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
	NOT-FOR-US: IMail
CVE-2005-1251
	RESERVED
CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
	NOT-FOR-US: IpSwitch
CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
	NOT-FOR-US: IMail
CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes
CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: Novell Nsure Audit
CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
	NOT-FOR-US: snmppd
CVE-2005-XXXX [Multiple security problems in Quake 2]
	NOTE: this release added lots of warnings about the security problems
	- quake2 1:0.3-1.1
CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1244 (** DISPUTED ** ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
	NOT-FOR-US: AS/400 FTP server
CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
	NOT-FOR-US: FlexPHPNews
CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
	NOT-FOR-US: DUPortal
CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
	NOT-FOR-US: PHP Labs proFile
CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
	NOT-FOR-US: Sun ONE Proxy Server
CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
	NOT-FOR-US: JAWS
CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
	NOT-FOR-US: Yawcan
CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #306693; medium)
CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
	NOT-FOR-US: PHPProjekt
CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
	NOT-FOR-US: DUPortal
CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
	NOT-FOR-US: Ocean12 Calender manager
CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
	NOT-FOR-US: Annuaire Netref
CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
	NOT-FOR-US: ECommPro
CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Shoutbox
CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1217
	RESERVED
CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
	NOT-FOR-US: Microsoft
CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
	NOT-FOR-US: Microsoft
CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
	NOT-FOR-US: Microsoft
CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
	NOT-FOR-US: Microsoft
CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-1210
	RESERVED
CVE-2005-1209
	RESERVED
CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
	NOT-FOR-US: Microsoft
CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
	NOT-FOR-US: Microsoft
CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
	- postgresql <unfixed> (unimportant)
	NOTE: This is not a real world problem; it's only applicable in rare circurstances
	NOTE: like someone analysing stolen user database information and even then the gain
	NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
	- libpam-ssh 1.91.0-9
CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Desktop Rover
CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
	NOT-FOR-US: AZbb
CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ ...)
	NOT-FOR-US: AZbb
CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
	NOT-FOR-US: UBB.threads
CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
	NOT-FOR-US: Anaconda Foundation Directory
CVE-2005-1197 (SQL injection vulnerability in the ...)
	NOT-FOR-US: Oracle
CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
	NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
	- xine-lib 1.0.1-1
CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
	- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
	- phpbb2 2.0.13-6sarge1 (medium)
CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
	NOT-FOR-US: HP-UX
CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
	NOT-FOR-US: Cisco
CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
	NOT-FOR-US: Cisco
CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
	NOT-FOR-US: Cisco
CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the &quot;disallow NULL passwords&quot; ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
	- phpbb2 2.0.6c-1
CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
	- phpbb2 2.0.6c-1
CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in ...)
	NOT-FOR-US: phpSecurePages
CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
	- expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by pid)
	NOTE: doesn't seem to seed at all; my tests indicate it generates no dups in
	NOTE: some 100000 passwords.
CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
	NOT-FOR-US: VanDyke SecureCRT
CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
	NOT-FOR-US: SurfControl SuperScout
CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
	NOT-FOR-US: Crystal Reports
CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
	NOT-FOR-US: RhinoSoft Serv-U
CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
	NOT-FOR-US: PostNuke
CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
	- openssh 1:3.0.1p1-1
CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
	NOT-FOR-US: Novell Groupwise
CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
	NOT-FOR-US: CrazyWWWBoard
CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
	NOT-FOR-US: Gauntlet Firewall
CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
	NOT-FOR-US: Windows
CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
	NOT-FOR-US: Windows
CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
	NOT-FOR-US: Windows
CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
	- apache <not-affected> (Mandrake specific packaging flaw)
CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
	NOT-FOR-US: Magic eDeveloper
CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
	NOT-FOR-US: Windows
CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
	NOT-FOR-US: MacOS X
CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
	- inn2 2.3.3+20020922-1
	- innfeed 0.10.1.7-7
CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
	NOT-FOR-US: VisualAge for Java
CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
	NOT-FOR-US: AIX
CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
	NOT-FOR-US: HP-UX
CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
	NOT-FOR-US: Handspring Visor
CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
	NOT-FOR-US: easyScripts easyNews
CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
	NOT-FOR-US: Dallas Semiconductor iButton DS1991
CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
	NOT-FOR-US: Tru64 UNIX
CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
	NOT-FOR-US: IOS
CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
	NOT-FOR-US: Quikstore Shopping Cart
CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
	NOT-FOR-US: AIX
CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
	- lpr 1:0.48-1
CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
	- lpr 1:0.48-1
CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
	- gcc-3.3 1:3.3.4-1
CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
	NOT-FOR-US: Windows
CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
	NOT-FOR-US: Windows
CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
	NOT-FOR-US: AIX
CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
	NOT-FOR-US: Lotus Domino
CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
	NOT-FOR-US: AIX
CVE-1999-1582 (By design, the &quot;established&quot; command on the Cisco PIX firewall allows ...)
	NOT-FOR-US: Cisco
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
	NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
	- sendmail <not-affected> (Sun-specific)
CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
	NOT-FOR-US: Windows
CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
	NOT-FOR-US: Windows
CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
	NOT-FOR-US: Windows
CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
	NOT-FOR-US: Acrobat Reader
CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
	NOT-FOR-US: Kodak/Wang tools for IE
CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
	NOT-FOR-US: AIX
CVE-1999-1573 (Multiple unknown vulnerabilities in the &quot;r-cmnds&quot; (1) remshd, (2) ...)
	NOT-FOR-US: HP-UX
CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
	NOT-FOR-US: Windows
CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...)
	NOT-FOR-US: WinHex
CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
	NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced
CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
	NOT-FOR-US: mvnForum
CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
	NOT-FOR-US: iSeries OS
CVE-2005-1181 (** DISPUTED ** ...)
	NOT-FOR-US: Ariadne CMS
CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
	NOT-FOR-US: Xerox
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
	- webmin <not-affected>
	NOTE: I haven't found further information on this, but this appears to only
	NOTE: affect non-Debian setups
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
	NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
	{DSA-757-1}
	TODO: check krb4
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...)
	{DSA-757-1}
	TODO: check krb4
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
	NOT-FOR-US: Oracle
CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
	NOT-FOR-US: PMSoftware Simple Web Server
CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
	NOT-FOR-US: Mafia Blog
CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
	NOT-FOR-US: Dameware
CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Yager game
CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Yager game
CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
	NOT-FOR-US: Yager game
CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1160 (The privileged &quot;chrome&quot; UI code in Firefox before 1.0.3 and Mozilla ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-1158 (Multiple &quot;missing security checks&quot; in Firefox before 1.0.3 allow ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
	NOT-FOR-US: Sun Java
CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
	NOT-FOR-US: ACNews
CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1146 (** DISPUTED ** ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1145 (** DISPUTED ** ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
	- gocr 0.39-5
CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
	- gocr 0.39-5
CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
	NOT-FOR-US: MyBloggie
CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
	NOT-FOR-US: Opera
CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
	NOT-FOR-US: Kerio
CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
	NOT-FOR-US: Serendipity
CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
	NOT-FOR-US: AS/400 system software
CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: LG mobile phone
CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
	NOT-FOR-US: Veritas Focalpoint Server
CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: PinnacleCart
CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
	NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
	{DSA-1122 DSA-1121}
	- libnet-server-perl 0.89-1 (bug #378640)
	NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention
	NOTE: the security implication, which was noticed later. I've verified both fixes
	NOTE: are identical
	NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make
	NOTE: scripts happy (at time of writing, 0.90-1 is in testing)
	- postgrey 1.22-1
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
	NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
	- libsafe <removed>
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
	NOT-FOR-US: Solaris
CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
	NOT-FOR-US: monkeyd
CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
	NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
	{DSA-726-1}
	- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
	- ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
	- sudo <unfixed> (bug #283161; unimportant)
	NOTE: That's a policy violation, but not a security problem
CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
	NOT-FOR-US: RSA authentication agent
CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
	NOT-FOR-US: phpbb2 calendar addon
CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
	NOT-FOR-US: Photo Album
CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
	NOT-FOR-US: Photo Album
CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
	NOT-FOR-US: PhpBB Plus
CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
	NOT-FOR-US: IBM Websphere
CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #305372; low)
CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
	NOT-FOR-US: Sumus web server
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
	{DSA-713-1}
	- junkbuster <removed> (bug #304793)
	- privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
	{DSA-713-1}
	- junkbuster <removed>
	- privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
	NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
	- postgrey 1.21-1
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
	- libgnumail-java <unfixed> (bug #304712; unimportant)
	NOTE: This just provides an Java API function to receive a file name, sanitising
	NOTE: this file name for further use must be done inside the application calling
	NOTE: the function
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
	NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOTE: Upstream developers don't consider this an issue, see bug #304468
CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
	- postfix-gld 1.5-1
CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
	- postfix-gld 1.5-1
CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
	NOT-FOR-US: GetDataBack for NTFS (Windows)
CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
	NOT-FOR-US: Rebrand P2P Share Spy
CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: FTP Now
CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
	NOT-FOR-US: Miranda IM
CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
	NOT-FOR-US: DeluxeFTP
CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
	NOT-FOR-US: Maxthon
CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
	NOT-FOR-US: Maxthon
CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
	NOT-FOR-US: DC++
CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
	NOT-FOR-US: aeDating
CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
	NOT-FOR-US: aeDating
CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
	NOT-FOR-US: aeDating
CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
	NOT-FOR-US: JAR in J2SE SDK
CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
	NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
	NOT-FOR-US: WebCT
CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
	NOT-FOR-US: JPortal
CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
	NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
	- pine 4.63-1 (unimportant)
	NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
	- tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
	- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
	NOT-FOR-US: Kerio
CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
	NOT-FOR-US: Kerio
CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
	- logwatch 5.0-1
CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
	NOT-FOR-US: Novell Netware
CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
	NOT-FOR-US: Linksys WET11
CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
	NOT-FOR-US: Cisco
CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
	NOT-FOR-US: Cisco
CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
	NOT-FOR-US: TowerBlog
CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill ...)
	NOT-FOR-US: ModernBill
CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
	NOT-FOR-US: ModernBill
CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
	NOT-FOR-US: Microsoft
CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
	NOT-FOR-US: PostNuke
CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
	NOT-FOR-US: PunBB
CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
	{DSA-714-1}
	- kdelibs 4:3.3.2-6
CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
	NOT-FOR-US: OpenText
CVE-2005-1044
	REJECTED
CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
	- netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
	- coreutils <unfixed> (bug #304556; unimportant)
	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
	NOTE: long fixed in Debian's cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
	NOT-FOR-US: AIX
CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
	NOT-FOR-US: FreeBSD
CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
	- pavuk 0.9.32-1
CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CubeCart
CVE-2005-1032
	REJECTED
	NOT-FOR-US: LiteCommerce
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
	NOT-FOR-US: exoops
CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
	NOT-FOR-US: SnailSource phpBB mod
CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
	NOT-FOR-US: IBM
CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
	NOT-FOR-US: ColdFusion
CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
	NOT-FOR-US: IOS
CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
	NOT-FOR-US: IOS
CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
	NOT-FOR-US: Aeon
CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
	NOT-FOR-US: CA ArcServe Backup
CVE-2005-XXXX [Some security issues in mod_security]
	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
	NOTE: the changelog entries matches the security criteria, but the changelog
	NOTE: claims so.
	- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
	- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
	- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
	- obexftp 0.10.7-3
CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...)
	NOT-FOR-US: MailEnable
CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...)
	NOT-FOR-US: NetVault
CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...)
	NOT-FOR-US: XM Forum
CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...)
	NOT-FOR-US: SonicWALL
CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PayProCart
CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...)
	NOT-FOR-US: PayProCart
CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...)
	NOT-FOR-US: PayProCart
CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...)
	NOT-FOR-US: LOG-FT File Transfer
CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
	NOT-FOR-US: ProductCart
CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
	NOT-FOR-US: ProductCart
CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...)
	NOT-FOR-US: SCO
CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
	- phpmyadmin 3:2.6.2-rc1-1
CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not &quot;use a secure location ...)
	NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
	- sharutils 1:4.2.1-13
CVE-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
	{DSA-781-1}
	- mozilla 2:1.7.7-1 (bug #306001)
	- mozilla-firefox 1.0.2-3
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
	NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows ...)
	NOT-FOR-US: Apple
CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
	NOT-FOR-US: Star Wars game
CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
	NOT-FOR-US: Quake 3 based games
CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...)
	NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...)
	NOT-FOR-US: Rumba
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
	NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
	NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
	NOT-FOR-US: Apple
CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
	NOT-FOR-US: Apple
CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...)
	NOT-FOR-US: Apple
CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
	NOT-FOR-US: CA eTrust IDS
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
	- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
	- openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
	NOT-FOR-US: Kerio firewall
CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
	NOT-FOR-US: ACPI BIOS hardware issue
CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...)
	NOT-FOR-US: SquirrelCart
CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...)
	- horde3 3.0.4-1
	- horde2 2.2.8-1
CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...)
	NOT-FOR-US: BayTech RPC
CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...)
	NOT-FOR-US: InterAKT MX Kart
CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...)
	NOT-FOR-US: InterAKT MX Shop
CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
	NOT-FOR-US: Windows
CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
	{DSA-730-1}
	- bzip2 1.0.2-6
	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
	NOTE: attacker would have to exploit the minimal time span between uncompressing
	NOTE: the file and chmodding it to delete the file and place a hardlink to another
	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
	NOT-FOR-US: PafileDB
CVE-2005-0951
	REJECTED
CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
	NOT-FOR-US: FastStone 4in1 Browser
CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
	NOT-FOR-US: PortalApp
CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...)
	NOT-FOR-US: PortalApp
CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
	NOT-FOR-US: phpCoin
CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...)
	NOT-FOR-US: phpCoin
CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...)
	NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
	NOT-FOR-US: Cisco
CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: Sybase ASE
CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
	- openoffice.org 1.1.3-9
CVE-2005-0939
	RESERVED
CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
	NOT-FOR-US: UBlog
CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
	- kernel-source-2.6.8 2.6.8-16
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
	- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
	- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
	- kdenetwork 4:3.3.2-2
CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...)
	NOT-FOR-US: WackoWiki
CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 ...)
	NOT-FOR-US: The Includer
CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...)
	NOT-FOR-US: Chatness
CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...)
	NOT-FOR-US: WebAPP
CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...)
	- sylpheed 1.0.4-1
	- sylpheed-claws 1.0.4-1
CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
	NOT-FOR-US: Lotus
CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
	NOT-FOR-US: Bugtracker.NET
CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
	NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...)
	NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
	- kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
	NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
	NOT-FOR-US: CPG Dragonfly
CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
	- smarty 2.6.8-1
CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...)
	NOT-FOR-US: deplate
CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...)
	NOT-FOR-US: exoops
CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...)
	NOT-FOR-US: exoops
CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's ...)
	NOT-FOR-US: THai's Shoutbox
CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...)
	NOT-FOR-US: Tincat network library
CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...)
	NOT-FOR-US: Maxthon
CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the &quot;Force shutdown ...)
	NOT-FOR-US: Microsoft
CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...)
	NOT-FOR-US: QuickTime PictureViewer
CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...)
	NOT-FOR-US: AS/400 running OS400
CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...)
	NOT-FOR-US: phpMyDirectory
CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Netcomm 1300NB DSL Modem
CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
	- openmosixview 1.5-7
CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
	- smail <unfixed> (bug #335042; unimportant)
	NOTE: cording to upstream impossible to exploit
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
	{DSA-722-1}
	- smail 3.2.0.115-7 (bug #301428; high)
CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
	NOTE: The description is wrong; 2.6 is affected as well
	- gtk+2.0 2.6.4-1
	- gdk-pixbuf 0.22.0-7.1
CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
	- sharutils 1:4.2.1-12
CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
	- sharutils 1:4.2.1-11
CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...)
	NOT-FOR-US: X-News
CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...)
	NOT-FOR-US: Netscape Enterprise Server
CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...)
	NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...)
	- cryptcat 20031202-2
	NOTE: don't know when it was fixed, verified above version is ok
CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...)
	- cgiemail 1.6-14
CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
	NOT-FOR-US: Verity Search97
CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
	- squirrelmail 1:1.2.3
CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
	- squirrelmail 1:1.2.3
CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	- squirrelmail 1:1.2.3
CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
	- slash 2.2.6-8 (bug #160579; low)
	[sarge] - slash <no-dsa> (Minor security implications)
CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
	- postgresql 7.2.3
CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
	NOT-FOR-US: Oracle
CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
	NOT-FOR-US: Oracle
CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
	NOT-FOR-US: Oracle
CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
	NOT-FOR-US: NetWare
CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
	NOT-FOR-US: QNX
CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
	NOT-FOR-US: Oracle
CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
	NOT-FOR-US: Oracle
CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
	NOT-FOR-US: Multi-Tech ProxyServer
CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- dcl 1:0.9.4.4-1
CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
	- dcl 1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
	NOT-FOR-US: XMB Forum
CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
	NOT-FOR-US: BirdBlog
CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
	NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
	- dnsmasq 2.21
CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
	- dnsmasq 2.21
CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
	NOT-FOR-US: Oracle
CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
	- phpsysinfo 2.3-7
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
	- phpsysinfo 2.3-3 (bug #301118; unimportant)
CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
	- kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
	[sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
	[woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Scalable OGo (SOGo)
CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
	NOT-FOR-US: Mike Spice Mike's Vote CGI
CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
	NOT-FOR-US: Mike Spice Quiz CGI
CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
	NOT-FOR-US: Mike Spice My Calendar
CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
	NOT-FOR-US: General protocol flaw, cannot be fixed
CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
	NOT-FOR-US: AIX
CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
	NOT-FOR-US: AIX
CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
	NOT-FOR-US: AIX
CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
	NOT-FOR-US: AIX
CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
	NOT-FOR-US: Samsung ADSL modems
CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
	NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...)
	NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...)
	NOT-FOR-US: CzarNews
CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...)
	NOT-FOR-US: CoolForum
CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...)
	NOT-FOR-US: CoolForum
CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
	NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CoolForum
CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Code Ocean FTP Server
CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...)
	NOT-FOR-US: HP-UX
CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...)
	- screen <not-affected> (HAVE_BRAILLE not set in binary build)
CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
	NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
	NOT-FOR-US: Phorum
CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
	NOT-FOR-US: phpmyfamily
CVE-2005-0840
	REJECTED
CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
	NOT-FOR-US: Java Web Start for proprietary Sun Java
CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
	NOT-FOR-US: Xzabite DynDNS Updater
CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
	NOT-FOR-US: PHP-Fusion Addon
CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OllyDbg MS Windows debugger
CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
	- ltris 1.0.6-1.1 (bug #291620)
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
	- mathopd 1.5p5-1
CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
	NOT-FOR-US: Cherokee
CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
	NOT-FOR-US: Cherokee
CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
	NOT-FOR-US: Nokia Firewall appliances
CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
	NOT-FOR-US: Cayman DSL router
CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
	NOTE: I could track this down to this posting
	NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
	NOTE: This looks very obscure an does not contain useful information on how this
	NOTE: was triggered and even then it's not a problem, as mcedit usage does not
	NOTE: have a remote impact and is not suid
CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
	NOT-FOR-US: IPC@CHIP Embedded web server
CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
	- cernlib 2004.11.04-3
CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
	NOT-FOR-US: iSnooker
CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
	NOT-FOR-US: Citrix
CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
	NOT-FOR-US: Citrix
CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
	NOT-FOR-US: MS Office
CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
	NOT-FOR-US: Novell Netware
CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
	NOT-FOR-US: Pun BB
CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
	NOT-FOR-US: Symantec Gateway
CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-0815 (Multiple &quot;range checking flaws&quot; in the ISO9660 filesystem handler in ...)
	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
	{DSA-717-1}
	- lsh-utils 2.0.1-1
CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
	NOT-FOR-US: ir
CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CVE-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote ...)
	NOT-FOR-US: Cain &amp; Abel
CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
	- evolution 2.0.4-2
CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
	NOT-FOR-US: Subdreamer
CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
	NOT-FOR-US: MailEnable
CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
	NOT-FOR-US: The Includer
CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 ...)
	NOT-FOR-US: mcNews
CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
	NOT-FOR-US: MySQL on Windows
CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
	NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...)
	NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
	NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
	NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
	NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
	NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
	NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
	NOT-FOR-US: IDA Pro
CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
	NOT-FOR-US: GoodTech Telnet Server
CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
	- kernel-source-2.6.8 2.6.8-15
CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
	- ethereal 0.10.10-1
CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
	- ethereal 0.10.10-1
CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
	- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
	{DSA-698-1}
	- mc 1:4.6.0-4.6.1-pre3-1
	NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
	- imagemagick 5:6.0.2.5 (bug #301110)
CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
	- gzip 1.3.5-10 (low)
	- bzip2 1.0.2-8.1 (bug #321286; low)
	[sarge] - bzip2 <no-dsa> (Minor issue)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
	- linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
	- helix-player 1.0.4-1
CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
	- kdewebdev 1:3.3.2-6
CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
	{DSA-742-1}
	- cvs 1:1.12.9-13
CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-0751
	REJECTED
CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
	- kernel-source-2.4.27 2.4.27-10
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-10
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
	NOT-FOR-US: Adobe PhotoDeluxe
CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
	NOT-FOR-US: Advanced Poll
CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
	NOT-FOR-US: WinVNC
CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
	NOT-FOR-US: no_package
	NOTE: Debian's nvi recover script is very different
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
	- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
	NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
	- wine 0.0.20050310-1.1
CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...)
	- openslp 1.0.11a-2
CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta ...)
	NOT-FOR-US: WEBInsta
CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ApplyYourself
CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...)
	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
	- xoops <itp> (bug #207640)
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
	NOT-FOR-US: YaBB
CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
	{DSA-718-1}
	- ethereal 0.10.10-1
CVE-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...)
	NOT-FOR-US: Microsoft
CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...)
	NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0728
	REJECTED
CVE-2005-0727
	REJECTED
CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
	NOT-FOR-US: UBB.threads
CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
	NOT-FOR-US: wfsections
CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFileDB
CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0720 (PHP remote file inclusion vulnerability in header.php in PHP mcNews ...)
	NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
	NOT-FOR-US: Tru64
CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
	- squid 2.5.8 (bug #305605)
CVE-2005-0717
	RESERVED
CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
	NOT-FOR-US: Mac OS
CVE-2005-0714
	REJECTED
CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
	NOT-FOR-US: Mac OS
CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
	NOT-FOR-US: Mac OS
CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
	NOT-FOR-US: FreeBSD
CVE-2003-1130
	REJECTED
CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
	NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
	NOT-FOR-US: X2 XMMS Remote
CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
	NOT-FOR-US: e-Gap
CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
	NOT-FOR-US: SunOne/iPlanet
CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...)
	NOT-FOR-US: SunOne
CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
	NOT-FOR-US: Sun Management Center
CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
	NOT-FOR-US: Sun JRE
CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...)
	- openssh <not-affected>
CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...)
	- setiathome 3.04
CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
	NOT-FOR-US: RealSystem Server
CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...)
	NOT-FOR-US: Nortel Networks Succession Communication Server
CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...)
	NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...)
	NOT-FOR-US: IPTel SIP Express Router
CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...)
	NOT-FOR-US: Ingate Firewall and Ingate SIParator
CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...)
	NOT-FOR-US: dynamicsoft
CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...)
	NOT-FOR-US: Columbia SIP User Agent
CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...)
	NOT-FOR-US: Alcatel
CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
	NOT-FOR-US: Microsoft
CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...)
	NOT-FOR-US: MSIE
CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...)
	NOT-FOR-US: IBM Tivoli Firewall Toolbox
CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...)
	NOT-FOR-US: shar on HP-UX
CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
	NOT-FOR-US: HP-UX)
CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
	NOT-FOR-US: HP-UX)
CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...)
	NOT-FOR-US: Mike Spice's My Classifieds
CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...)
	- dansguardian 2.4.5-1
CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...)
	NOT-FOR-US: Computer Associates MLink
CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...)
	NOT-FOR-US: Cisco
CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...)
	- shadow <not-affected> (Debian's pwck and grpck do not overflow and are not suid)
CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
	- apache2 2.0.42
CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
	- apache2 2.0.36
CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
	NOT-FOR-US: AIM in MSIE
CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
	[sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code)
	- grip 3.2.0-4 (low)
	- libcdaudio 0.99.9-2.1 (bug #304799; low)
	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
	- gnome-vfs2 2.10.1-3
CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...)
	- ethereal 0.10.10-1
CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
	- ethereal 0.10.10-1
CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1769 (The &quot;Allow cPanel users to reset their password via email&quot; feature in ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...)
	NOT-FOR-US: Solaris
CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...)
	NOT-FOR-US: NetScreen-Security Manager
CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...)
	- libapache-mod-security <not-affected> (only seems to affect 1.7.4, not the newer branch in Debian)
CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
	NOT-FOR-US: hsrun.exe
CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
	- ethereal 0.10.3
CVE-2004-1760 (The default installation of Cisco IBM Director agent does not require ...)
	NOT-FOR-US: Cisco
CVE-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...)
	NOT-FOR-US: Cisco
CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using &quot;memory&quot; ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1092 (Unknown vulnerability in the &quot;Automatic File Content Type Recognition ...)
	- file 3.4.1
CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...)
	NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...)
	NOT-FOR-US: AbsoluteTelnet
CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
	NOT-FOR-US: Xerox MicroServer Web Server
CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
	NOT-FOR-US: Oracle
CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
	NOT-FOR-US: Aztek
CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
	- ethereal 0.10.9-2
CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...)
	NOT-FOR-US: PHPWebLog
CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...)
	NOT-FOR-US: CopperExport
CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
	NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
	NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
	NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
	NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
	NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
	- hashcash 1.17-1
CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
	- mlterm 2.9.2 (bug #298621)
CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
	NOT-FOR-US: OutStart Participate Enterprise
CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-0683
	REJECTED
CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
	- drupal 4.5.2
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...)
	NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...)
	NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
	NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
	NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
	NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
	NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
	- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
	NOT-FOR-US: HAVP
CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
	- sylpheed 1.0.3-1
	- sylpheed-claws 1.0.3-1
CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
	- kernel-patch-adamantix 1.7
CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
	{DSA-709-1}
	- libexif 0.6.9-5
CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
	NOT-FOR-US: D-Forum
CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
	NOT-FOR-US: Typo3 extension
CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
	NOT-FOR-US: Computalynx CProxy
CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
	NOT-FOR-US: auraCMS
CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: auraCMS
CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
	NOTE: this is not a security issue according to maintainer
CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
	- phpmyadmin 3:2.6.1-pl3-1
CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
	NOT-FOR-US: OpenVMS
CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
	NOT-FOR-US: paNews
CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
	NOT-FOR-US: paNews
CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
	{DSA-695-1 DSA-694-1}
	- xloadimage 4.1-14.2
	- xli 1.17.0-17
CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
	{DSA-695-1 DSA-694-1}
	- xli 1.17.0-18
	- xloadimage 4.1-14.1 (bug #298926)
CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
	NOT-FOR-US: Foxmail
CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Foxmail
CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
	NOT-FOR-US: PHPNews
CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
	NOT-FOR-US: PBLang
CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
	NOT-FOR-US: PBLang
CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: 427BB
CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
	NOT-FOR-US: Forumwa
CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
	- qt-x11-free <not-affected> (RPATH disabled in Debian's build)
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
	NOT-FOR-US: Symantec DNSd
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
	NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
	NOT-FOR-US: Zorum
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
	- squid 2.5.9-2
CVE-2005-0940
	REJECTED
CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
	- reportbug 3.8
CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
	- reportbug 3.8
CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Scrapland
CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
	NOT-FOR-US: Einstein
CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
	NOT-FOR-US: Einstein
CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
	NOT-FOR-US: PostNuke
CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
	NOT-FOR-US: PostNuke
CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
	NOT-FOR-US: PostNuke
CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
	- phpbb2 2.0.13-1
CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
	NOT-FOR-US: Cisco
CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
	NOT-FOR-US: Real
CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
	NOT-FOR-US: FreeBSD portupgrade
CVE-2005-0609
	RESERVED
CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
	NOT-FOR-US: Half Life WebMod
CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
	NOT-FOR-US: CubeCert
CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
	NOT-FOR-US: CubeCert
CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
	{DSA-723-1}
	NOTE: lesstif2
	- lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236)
	NOTE: lesstif1
	- lesstif1-1 1:0.93.94-11.3 (bug #300421)
	NOTE: libxmp4 is the real culprit
	- xfree86 4.3.0.dfsg.1-13
	- xorg-x11 <not-affected> (Fixed before upload into archive)
	- openmotif 2.2.3-1.1 (bug #308819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
	NOT-FOR-US: GFI Languard Network Security Scanner
CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
	- phpbb2 2.0.13-1
CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
	- unzip 5.52-1
	NOTE: um, tar does this too, not really considered a security hole
CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
	NOT-FOR-US: Real
CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
	- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
	NOT-FOR-US: BadBlue
CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
	NOT-FOR-US: Apple
CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
	- mozilla-firefox 1.0.1
CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
	- mozilla-firefox 1.0.1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...)
	- mozilla-firefox 1.0.1
CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
	NOTE: windows only
CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
	NOT-FOR-US: cmd5checkpw
CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
	NOT-FOR-US: FreeNX
CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...)
	- mozilla-firefox 1.0.1-1
CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...)
	NOT-FOR-US: MKBold-MKItalic
CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...)
	NOT-FOR-US: STSF in Solaris
CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
	NOT-FOR-US: Stormy Studios Knet
CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...)
	NOT-FOR-US: CIS Webserver
CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...)
	NOTE: Historic Gaim on Windows
CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...)
	NOT-FOR-US: PunBB
CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: PunBB
CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...)
	NOT-FOR-US: PunBB
CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...)
	NOT-FOR-US: Soldier of Fortune II
CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
	NOT-FOR-US: Microsoft
CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
	NOT-FOR-US: MSN Messenger
CVE-2005-0561
	RESERVED
CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
	NOT-FOR-US: Exchange server
CVE-2005-0559
	RESERVED
CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0557
	RESERVED
CVE-2005-0556
	RESERVED
CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
	NOT-FOR-US: MSIE
CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
	NOT-FOR-US: MSIE
CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
	NOT-FOR-US: MSIE
CVE-2005-0552
	RESERVED
CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
	NOT-FOR-US: Microsoft
CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
	NOT-FOR-US: Solaris
CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
	NOT-FOR-US: Solaris
CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
	NOT-FOR-US: Apple Java plugin
CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
	NOT-FOR-US: Gaucho
CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...)
	NOT-FOR-US: Ground Control II
CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: RealVNC
CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...)
	NOT-FOR-US: Attack Mitigator IPS 5500
CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...)
	NOT-FOR-US: NtRegmon
CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...)
	NOT-FOR-US: NetworkEverywhere NR041
CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...)
	NOT-FOR-US: PHP Code Snippet Library
CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...)
	NOT-FOR-US: Painkiller
CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
	NOT-FOR-US: WebAPP
CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: musicd
CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: musicd
CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Bird Chat
CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...)
	NOT-FOR-US: JShop
CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...)
	- cacti 0.8.5a-5
CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
	- cacti 0.8.5a-5
CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...)
	- sympa 4.1.5-4 (bug #298105; unimportant)
	NOTE: A user with the privilege to create new mailing lists needs to be trustworthy
CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...)
	- mantis 0.19.2-1
CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
	NOT-FOR-US: MyDMS
CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
	NOT-FOR-US: MyDMS
CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
	- mantis 0.19.0-1
CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
	- mantis 0.19.0-1
CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
	NOT-FOR-US: Nihuo Web Log Analyzer
CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
	NOT-FOR-US: sarad
CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BadBlue
CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
	NOT-FOR-US: XV
CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
	NOT-FOR-US: Merak Webmail Server
CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
	NOT-FOR-US: IPD
CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
	- gv 1:3.6.1-1
CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
	NOT-FOR-US: PForum
CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
	NOT-FOR-US: PRM on HP-UX
CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
	NOT-FOR-US: TypePad
CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
	- moodle 1.4-1
CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: page.cgi
CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Webbsyte
CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...)
	NOT-FOR-US: Oracle
CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...)
	NOT-FOR-US: U.S. Robotics wireless access point
CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...)
	NOT-FOR-US: WpQuiz
CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
	NOT-FOR-US: Fusion News
CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...)
	NOT-FOR-US: Lexar Safe Guard
CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...)
	NOT-FOR-US: diagmond on HP-UX
CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: ftpd on HP-UX
CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...)
	- cyrus21-imapd 2.1.18-1
CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)
	NOT-FOR-US: MS Office
CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
	NOT-FOR-US: IBM
CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
	NOT-FOR-US: ginp
CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...)
	- kernel-source-2.6.8 2.6.8-14
	NOTE: affects only 2.6 (see #296906)
CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
	REJECTED
	NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
	NOT-FOR-US: PBLang
CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
	{DSA-729-1 DSA-708-1}
	- php4 4:4.3.10-10
	- php3 3:3.0.18-31
CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
	- php3 <not-affected>
	- php4 4:4.3.10-10
CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
	{DSA-719-1}
	- prozilla 1:1.3.7.4-1
CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
	NOT-FOR-US: Chat Anywhere
CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
	NOT-FOR-US: SendLink
CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: eXeem
CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: PeerFTP
CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
	NOT-FOR-US: ImageGalleryPlugin for Twiki
CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
	NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the ...)
	NOT-FOR-US: pMachine
CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...)
	NOT-FOR-US: Mambo
CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when &quot;Add Template Name in ...)
	NOT-FOR-US: vBulletin
CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...)
	NOT-FOR-US: pMachine
CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...)
	NOT-FOR-US: fallback-reboot
CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...)
	NOTE: default config of Mono not vulnerable
	- mono 1.1.6-4 (medium)
CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
	- batik 1.5.1-1
CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...)
	NOT-FOR-US: SD Server
CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...)
	NOT-FOR-US: Avaya IP Office Phone Manager
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
	- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.6.8 2.6.8-12
	- kernel-source-2.6.9 2.6.9-5
	- kernel-source-2.6.10 2.6.10-2
	- kernel-source-2.4.27 2.4.27-8
CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
	- uim 1:0.4.6beta2-1
CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
	NOT-FOR-US: Xinkaa
CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Bontago
CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE6
CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...)
	NOT-FOR-US: ADP Elite System
CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...)
	NOT-FOR-US: Arkeia Network Backup
CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...)
	NOT-FOR-US: Thomson TCW690 cable modem
CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...)
	NOT-FOR-US: Biz Mail From
CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
	- curl 7.13.0-2
CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	TODO: check
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
	- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
	- cfengine2 2.1.8-1
CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
	NOT-FOR-US: PopMessenger
CVE-2004-1697 (The &quot;Forgot your Password&quot; link in Computer Associates (CA) Unicenter ...)
	NOT-FOR-US: Computer Associates Unicenter Management Portal
CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...)
	NOT-FOR-US: Symantec
CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ...)
	NOT-FOR-US: Mambo
CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...)
	NOT-FOR-US: Mambo
CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...)
	- sudo 1.6.8p3-1
CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Pigeon Server
CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...)
	NOT-FOR-US: SMC router
CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...)
	NOT-FOR-US: Zyxel
CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
	NOT-FOR-US: crrtrap
CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...)
	NOT-FOR-US: QNX FTP
CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...)
	NOT-FOR-US: QNX
CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...)
	NOT-FOR-US: TwinFTP
CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
	NOT-FOR-US: Serv-U FTP
CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
	NOT-FOR-US: Subjects
CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
	NOT-FOR-US: Halo Combat Evolved
CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
	NOT-FOR-US: PsNews
CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Call of Duty
CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
	NOT-FOR-US: Engenio/LSI Logic storage controllers
CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: YaBB
CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
	NOT-FOR-US: MailWorks
CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...)
	NOT-FOR-US: CuteNews
CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
	NOT-FOR-US: DasBlog
CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
	NOT-FOR-US: Comersus Shopping Cart
CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
	- ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
	NOTE: See bug #296547 for details
CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
	NOT-FOR-US: D-Link DCS-900
CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
	NOT-FOR-US: Msinfo32.exe
CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
	NOT-FOR-US: Password Protect
CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
	NOT-FOR-US: Password Protect
CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
	NOT-FOR-US: Xedus
CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
	NOT-FOR-US: Xedus
CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
	NOT-FOR-US: Xedus
CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
	NOT-FOR-US: Titan
CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
	NOT-FOR-US: XOOPS
CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
	NOT-FOR-US: Thomson cable modem
CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
	TODO: check heimdal, netkit-telnet-ssl
	- krb4 <unfixed> (unimportant)
	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	- krb5 <unfixed> (unimportant)
	[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	- netkit-telnet <not-affected> (netkit-telnet is not affected)
CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
	NOTE: This is not a real security issue; it just describes the fact that the Gecko
	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
	NOTE: during transfer any user will cancel the transfer and if you load it from the
	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
	NOTE: generally try to make sense of anything even remotely resembling HTML.
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
	NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
	NOT-FOR-US: Hawking Technologies HAR11A modem/router
CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
	NOT-FOR-US: WvTftp
CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
	- bugzilla 2.16.7
CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
	- moniwiki 1.0.9
CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
	NOT-FOR-US: Dwc_articles
CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
	- rssh 2.2.2
CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
	NOT-FOR-US: ability server
CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
	NOT-FOR-US: ability server
CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
	NOT-FOR-US: pGina
CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
	NOT-FOR-US: Carbon Copy
CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
	NOT-FOR-US: UBB.threads
CVE-2004-1621 (** DISPUTED ** ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows ...)
	NOT-FOR-US: Serendipity
CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
	NOT-FOR-US: Privateer's Bounty: Age of Sail II
CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Tonecast
CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers ...)
	{DSA-1077-1 DSA-1076-1}
	- lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low)
	- lynx-cur 2.8.6-6 (low)
	- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
	- links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
	NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
	- mozilla-firefox <not-affected> (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6)
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
	NOTE: example page did not bother firefox 1.0+dfsg.1-6
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
	- proftpd 1.2.10-4
CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
	NOT-FOR-US: coolphp
CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
	NOT-FOR-US: Acrobat
CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
	NOT-FOR-US: RIM Blackberry
CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
	NOT-FOR-US: 3COM router
CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
	NOT-FOR-US: ShixxNote
CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SCT email client
CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...)
	NOT-FOR-US: ocPortal
CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
	NOT-FOR-US: Micronet Wireless Router
CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: clientexec
CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
	NOT-FOR-US: GoSmart
CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
	NOT-FOR-US: GoSmart
CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
	NOT-FOR-US: Monolith Games
CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
	- wordpress 1.2.1-1.1
CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
	NOT-FOR-US: FTP server in TriDComm
CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
	NOT-FOR-US: CubeCart
CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: CubeCart
CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
	NOT-FOR-US: phplinks
CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
	NOT-FOR-US: Judge Dredd
CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
	- xerces25 2.5.0-4
	- xerces24 2.4.0-4
	- xerces23 <not-affected> (not affected, see bug #296432)
	- xerces21 <not-affected> (not affected, see bug #296466)
CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
	NOT-FOR-US: Vypress
CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
	NOT-FOR-US: bBlog
CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
	NOT-FOR-US: dbPowerAmp
CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
	NOT-FOR-US: Parachat
CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
	NOT-FOR-US: w-Agora
CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
	NOT-FOR-US: w-Agora
CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
	NOT-FOR-US: w-Agora
CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
	NOT-FOR-US: w-Agora
CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
	- icecast2 2.0.2.debian-1
CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
	- wordpress 1.2.2-1.1
CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 ...)
	NOT-FOR-US: YahooPOPS
CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
	NOT-FOR-US: BroadBoard Instant ASP Message Board
CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex ...)
	NOT-FOR-US: @lex GuestBook
CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
	NOT-FOR-US: aspWebAlbum
CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
	NOT-FOR-US: aspWebCalendar
CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...)
	NOT-FOR-US: PafileDB
CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
	NOT-FOR-US: Motorola Router
CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
	NOT-FOR-US: ActivePost
CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
	NOT-FOR-US: ActivePost
CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
	NOT-FOR-US: ActivePost
CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
	NOT-FOR-US: MDaemon
CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
	- moniwiki 1.0.9-4
CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
	NOT-FOR-US: Kyako ESupport
CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
	NOT-FOR-US: Tarantella Secure Global Desktop
CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...)
	NOT-FOR-US: paNews
CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
	NOT-FOR-US: GProFTPD
CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
	NOT-FOR-US: Glftpd
CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...)
	NOT-FOR-US: hpm_guestbook.cgi
CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...)
	NOT-FOR-US: paFAQ
CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...)
	- webcalendar 0.9.45-3
CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
	- gaim 1:1.1.3-1
CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
	{DSA-716-1}
	- gaim 1:1.1.3-1
CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
	NOT-FOR-US: SUN JRE
CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
	- wpasupplicant 0.3.8-1
CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
	- krb4 1.2.2-11.2 (bug #306141)
	- krb5 1.3.6-2
	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
	- netkit-telnet 0.17-28
	- heimdal 0.6.3-10
CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
	{DSA-731-1 DSA-703-1}
	- krb5 1.3.6-2
	- krb4 1.2.2-11.2 (bug #306141)
	TODO: check netkit-telnet, netkit-telnet-ssl
CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)
	- putty 0.57-1
CVE-2005-0466
	RESERVED
CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
	NOT-FOR-US: SGI IRIX
CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...)
	- jspwiki 2.0.52-8
CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...)
	NOT-FOR-US: SecureCRT
CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...)
	NOT-FOR-US: ZyXEL Routers
CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...)
	NOT-FOR-US: Halo: Combat Evolved
CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...)
	NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
	NOT-FOR-US: DMS POP3
CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...)
	NOT-FOR-US: AppServ
CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...)
	NOT-FOR-US: MSIE
CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...)
	NOT-FOR-US: Hired Team
CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...)
	NOT-FOR-US: Hired Team
CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...)
	NOT-FOR-US: Hired Team
CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...)
	NOT-FOR-US: Army Men RTS
CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...)
	NOT-FOR-US: Eudora
CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...)
	NOT-FOR-US: phpBugTracker
CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...)
	NOT-FOR-US: Zone Labs IMsecure
CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...)
	NOT-FOR-US: vBulletin
CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...)
	NOT-FOR-US: Hotfoon
CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...)
	- webcalendar 0.9.45-1
CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...)
	- webcalendar 0.9.45-1
CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...)
	- webcalendar 0.9.45-1
CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
	- webcalendar 0.9.45-1
CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
	- webcalendar 0.9.45-1
CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...)
	NOT-FOR-US: JAF
CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...)
	NOT-FOR-US: JAF
CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...)
	NOT-FOR-US: Lithtech
CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...)
	NOT-FOR-US: HELM
CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
	NOT-FOR-US: HELM
CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...)
	NOT-FOR-US: XDICT
CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2005-0463 (Unknown &quot;major security flaws&quot; in Ulog-php before 1.0, related to ...)
	NOT-FOR-US: ulog-php
CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
	NOT-FOR-US: NewsBruiser
CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
	- phpmyadmin 4:2.6.2 (unimportant)
	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
	NOTE: I think it is not a problem on Debian as far as everybody knows the full
	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
	NOT-FOR-US: oscommerce
CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
	NOT-FOR-US: Opera
CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
	NOT-FOR-US: Opera
CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
	NOT-FOR-US: Opera
CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
	NOT-FOR-US: Opera
CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
	NOT-FOR-US: Opera
CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
	NOT-FOR-US: Real
CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
	NOT-FOR-US: Lighttpd
CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
	{DSA-696-1}
	- perl 5.8.4-7
CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
	NOT-FOR-US: Quake3
CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
	{DSA-688-1}
	- squid 2.5.8-3
CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...)
	- openwebmail <removed>
CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...)
	NOT-FOR-US: VMware
CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...)
	NOT-FOR-US: CubeCart
CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...)
	NOT-FOR-US: CubeCart
CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...)
	NOT-FOR-US: Sybase
CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
	- elog 2.5.7+r1558-1
CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...)
	- elog 2.5.7+r1558-1
CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...)
	- awstats 6.3-1
CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
	- awstats 6.3-1
CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...)
	- awstats 6.3-1
CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...)
	- awstats 6.3-1
CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
	- pdns 2.9.16-6
CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the ...)
	- webmin <not-affected> (Gentoo specific)
CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
	NOT-FOR-US: Websphere
CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...)
	NOT-FOR-US: 3com
CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
	NOT-FOR-US: Sun Java
CVE-2005-0417 (Unknown &quot;high risk&quot; vulnerability in DB2 Universal Database 8.1 and ...)
	NOT-FOR-US: IBM DB2
CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
	NOT-FOR-US: Windows
CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...)
	NOT-FOR-US: Emdros
CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
	NOT-FOR-US: Spidean PostWrap
CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
	NOT-FOR-US: Openconf
CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
	- imagemagick <unfixed> (bug #298051; unimportant)
	NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
	NOTE: <Piet> 'convert -strip' will remove exif data according to http://www.imagemagick.org/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
	RESERVED
CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
	- kdepim 3.4-1 (bug #305601; low)
	[sarge] - kdepim <no-dsa> (Hardly exploitable)
	NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also
	NOTE: warns that HTML mails introduce the risk of phishing. This could as well
	NOTE: be unimportant
CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...)
	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
	- mozilla-firefox 1.0.2-1
CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
	- racoon 1:0.5-5
CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
	{DSA-702-1}
	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
	- graphicsmagick 1.1.7-1
CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
	NOTE: fix in -4 was broken
	- kdelibs 4:3.3.2-6
CVE-2005-0395
	REJECTED
CVE-2005-0394
	RESERVED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
	{DSA-733-1}
	- crip 3.5-1sarge2 (low)
CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
	{DSA-725-2 DSA-725-1}
	- ppxp 0.2001080415-11
CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
	{DSA-712-1}
	- geneweb 4.10-7 (bug #304405)
CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
	{DSA-706-1}
	- axel 1.0b-1
CVE-2005-0389
	REJECTED
CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
	{DSA-700-1}
	- mailreader 2.3.29-11
CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
	{DSA-693-1}
	- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...)
	- wget 1.9.1-11
CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
	- wget 1.9.1-11
CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Breed game
CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
	NOT-FOR-US: forumKIT
CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
	- horde2 <not-affected>
	- horde3 3.0.1-1
CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
	NOT-FOR-US: sgallery
CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...)
	NOT-FOR-US: sgallery
CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
	NOT-FOR-US: sgallery
CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
	NOT-FOR-US: bitboard
CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
	NOTE: cyrus-sasl2 already has patch applied
	TODO: At which version was this patch introduced?
	- cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...)
	{DSA-686-1}
	- gftp 2.0.18-1
	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
	- armagetron 0.2.8.2.1-1 (bug #296840; low)
	[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
	[etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but oldstable is affected
CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but olstable is affected
CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
	NOT-FOR-US: CMScore
CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
	- gnupg 1.4.1-1
CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
	- bind9 <not-affected> (Bind on hp-ux)
CVE-2005-0361
	RESERVED
CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
	NOT-FOR-US: Microsoft
CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
	- kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
	RESERVED
CVE-2005-0354
	RESERVED
CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
	NOT-FOR-US: Servers Alive
CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...)
	NOT-FOR-US: SCO OpenServer
CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2004-9999
	REJECTED
CVE-2004-9998
	REJECTED
CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped)
	- atftp <not-affected> (atftp checks h_length)
	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
	- tftpd-hpa <not-affected> (bug #295297; not exploitable)
	NOTE: The address length comes from libc, not the network.
CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
	- socat 1.4.0.3-1
CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
	NOT-FOR-US: BNC irc proxy
CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
	NOT-FOR-US: Real
CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
	NOT-FOR-US: HP StorageWorks Command View XP
CVE-2004-1479
	REJECTED
CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
	NOT-FOR-US: JRun
CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: JRun
CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
	- xine-lib 1-rc6
	- libcdio 0.69
CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
	- xine-lib 1-rc6
CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
	- cvs 1:1.12.9
CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
	NOT-FOR-US: snipsnap
CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
	NOT-FOR-US: SUS
CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
	- webmin 1.160
	- usermin 1.090
CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
	- egroupware 1.0.00.004
CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
	- gallery 1.4.4-pl2
CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
	NOT-FOR-US: WinZip
CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
	- moin 1.2.3-1
CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
	- moin 1.2.3-1
CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
	NOT-FOR-US: Cisco
CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
	NOT-FOR-US: Cisco
CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
	NOT-FOR-US: Cisco
CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
	NOT-FOR-US: Novell
CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
	- cvstrac 1.1.4-1
CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
	- xine-lib 1-rc5-1.1
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
	NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
	- glibc 2.3.5 (bug #272210; unimportant)
	NOTE: according to GOTO Masanori this is not a security problem
	NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
	NOTE: Although not a real issue we should play safe with 2.3.5, where the code
	NOTE: was reorganized
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
	- mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
	- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
	- mozilla 2:1.7-1
CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
	NOT-FOR-US: ScreenOS
CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
	- nessus-core 2.0.12-1
CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
	- roundup 0.7.3-1
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
	- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
	NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
	NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
	- putty 0.56-1
CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
	NOT-FOR-US: BlackJumboDog
CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
	- subversion 1.0.6-1
CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
	- pavuk 0.9pl28-3.1
CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
	NOT-FOR-US: Cisco
CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
	NOT-FOR-US: FormMail.php != nms-formmail
CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...)
	NOT-FOR-US: Arcade.php
CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
	- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
	- moodle 1.4.3-1
CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...)
	NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and ...)
	NOT-FOR-US: ZeroBoard
CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
	NOT-FOR-US: WPKontakt
CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
	NOT-FOR-US: PsychoStats
CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
	NOT-FOR-US: RealOne IE plugin
CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
	NOT-FOR-US: 2Bgal
CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
	NOT-FOR-US: Kayako
CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako
CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
	NOT-FOR-US: Ikonboard
CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...)
	NOT-FOR-US: GNUBoard
CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
	NOT-FOR-US: iWebNegar
CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
	NOT-FOR-US: Asp-rider
CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
	NOT-FOR-US: ASP Calendar
CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...)
	NOT-FOR-US: MacOSX
CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
	- usemod-wiki 1.0-6
CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
	NOT-FOR-US: Lithtech engine
CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
	- monit 1:4.2.1-1
CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
	- monit 1:4.2.1-1
CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
	- kdelibs 4:3.3.2-2
CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
	{DSA-682-1}
	- awstats 6.2-1.2
CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
	- awstats 6.2-1.2
	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
	NOT-FOR-US: Woltlab Burning Book
CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
	NOT-FOR-US: RealArcade
CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
	NOT-FOR-US: RealArcade
CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
	NOT-FOR-US: SafeNet
CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
	NOT-FOR-US: php-fusion
CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
	NOT-FOR-US: PerlDesk
CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
	NOT-FOR-US: Apple
CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
	NOT-FOR-US: Apple
CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
	NOT-FOR-US: Apple
CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Foxmail
CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
	- postfix 2.1.4-5
CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
	NOT-FOR-US: LanChat
CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
	NOT-FOR-US: DeskNow Mail server
CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
	NOT-FOR-US: Winrar
CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
	NOT-FOR-US: Painkiller
CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
	NOT-FOR-US: ZipGenius
CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
	NOT-FOR-US: Netgear
CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
	NOT-FOR-US: PafileDB
CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PafileDB
CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
	NOT-FOR-US: Webadmin
CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
	NOT-FOR-US: Webadmin
CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
	NOT-FOR-US: Webadmin
CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
	NOT-FOR-US: WebWasher
CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
	NOT-FOR-US: WarFTPD under NT
CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
	NOT-FOR-US: Ingate
CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Exponent
CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Exponent
CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
	NOT-FOR-US: W32Dasm
CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
	NOT-FOR-US: Siteman
CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
	NOT-FOR-US: DivX Player
CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
	- jsboard 2.0.10-1
CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
	- gforge 3.1-26
CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
	NOT-FOR-US: Oracle
CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
	NOT-FOR-US: Oracle
CVE-2005-0296 (** DISPUTED ** ...)
	NOT-FOR-US: Novell
CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
	NOT-FOR-US: nProtect
CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Minis
CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
	NOT-FOR-US: Minis
CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
	NOT-FOR-US: phpGiftReg
CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
	NOT-FOR-US: NetGear
CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
	NOT-FOR-US: NetGear
CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
	NOT-FOR-US: Apple
CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
	NOT-FOR-US: QwikiWiki
CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ...)
	NOT-FOR-US: GNUBoard
CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
	NOT-FOR-US: SugerCRM
CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
	NOT-FOR-US: AIX
CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...)
	- phpbb2 2.0.12-1
CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
	- phpbb2 2.0.12-1
CVE-2005-0257
	RESERVED
CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 ...)
	{DSA-705-1}
	- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
	NOT-FOR-US: BibORB
CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
	NOT-FOR-US: BibORB
CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
	NOT-FOR-US: BibORB
CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
	NOT-FOR-US: BibORB
CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
	NOT-FOR-US: AIX
CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)
	NOT-FOR-US: Symantec AntiVirus Library
CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
	NOT-FOR-US: Solaris
CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
	{DSA-683-1}
	- postgresql 7.4.7-2
CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...)
	- postgresql 7.4.7-1
CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...)
	{DSA-683-1}
	- postgresql 7.4.7-1
CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
	- postgresql 7.4.7-1
CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...)
	- squid 2.5.7-7
CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)
	NOT-FOR-US: Solaris
CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Solaris
CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...)
	NOT-FOR-US: Solaris
CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...)
	NOT-FOR-US: Solaris
CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...)
	NOT-FOR-US: Solaris
CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...)
	NOT-FOR-US: Solaris
CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...)
	NOT-FOR-US: Solaris
CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...)
	NOT-FOR-US: Solaris
CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
	NOT-FOR-US: Solaris
CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...)
	NOT-FOR-US: Solaris
CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
	NOT-FOR-US: Solaris
CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...)
	NOT-FOR-US: Solaris
CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...)
	NOT-FOR-US: Solaris
CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
	NOT-FOR-US: Solaris
CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...)
	NOT-FOR-US: Solaris
CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...)
	NOT-FOR-US: Solaris
CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
	NOT-FOR-US: Solaris
CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
	NOT-FOR-US: Mailtool for OpenWindows
CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...)
	NOT-FOR-US: Solaris
CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...)
	NOT-FOR-US: Solaris
CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...)
	NOT-FOR-US: Solaris
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
	NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
	- epiphany-browser 1.4.8-2
CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...)
	- kdelibs 4:3.3.2-3
CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
	NOT-FOR-US: Omniweb
CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...)
	NOT-FOR-US: Opera
CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...)
	NOT-FOR-US: Safari
CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...)
	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
	NOTE: solution in the future
	- mozilla-firefox 1.0.1-1
	- mozilla 2:1.7.6-1
CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0228
	REJECTED
CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
	{DSA-668-1}
	- postgresql 7.4.7-1
CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
	- firehol 1.214-4
CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
	NOT-FOR-US: HP-UX
CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
	NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
	- mozilla <not-affected> (Mozilla 1.6 for Windows)
CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
	NOT-FOR-US: SPHPBlog
CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
	NOT-FOR-US: WinHKI
CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-15
	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
	- gaim 1:1.1.4
CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
	- xpdf <not-affected> (Initial Debian fix was already correct)
	- gpdf <not-affected> (Initial Debian fix was already correct)
	- kdegraphics <not-affected> (Initial Debian fix was already correct)
	- tetex-bin <not-affected> (Initial Debian fix was already correct)
	- pdftohtml <not-affected> (Initial Debian fix was already correct)
	- cupsys 1.1.22-7
	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
	NOTE: cupsys uses an external xpdf now.
CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
	{DSA-692-1}
	- kdenetwork 4:3.1.6
CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
CVE-2005-0203
	REJECTED
CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
	{DSA-674-1}
	- mailman 2.1.5-6
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
	- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
	NOT-FOR-US: TikiWiki
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
	NOT-FOR-US: Cisco
CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
	NOT-FOR-US: Cisco
CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
	{DSA-667-1}
	- squid 2.5.7-7
CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
	NOT-FOR-US: mRouter in iSync in OS X
CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
	NOT-FOR-US: Cisco
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
	NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
	NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
	RESERVED
CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
	[sarge] - kernel-source-2.6.8 2.6.8-12
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4)
CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9)
	TODO: Check, when this was fixed in 2.6
CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...)
	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
	- kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...)
	TODO: Check 2.6.8 and 2.4 and check, when this was fixed
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
	- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
	NOT-FOR-US: Veritas NetBackup Administrative Assistant
CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...)
	- gpsd 2.7-4
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
	- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
	NOT-FOR-US: TikiWiki
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
	- phpgroupware 0.9.16.005-1 (unimportant)
	NOTE: path disclosure only, path is known on Debian anyway
CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...)
	- glibc 2.3.2.ds1-19
CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
	- clamav 0.81
CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
	- uw-imap 7:2002edebian1-6
CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
	- squid 2.5.7-6
CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
	{DSA-667-1}
	- squid 2.5.7-4
CVE-2005-0172
	RESERVED
CVE-2005-0171
	RESERVED
CVE-2005-0170
	RESERVED
CVE-2005-0169
	RESERVED
CVE-2005-0168
	RESERVED
CVE-2005-0167
	RESERVED
CVE-2005-0166
	RESERVED
CVE-2005-0165
	RESERVED
CVE-2005-0164
	RESERVED
CVE-2005-0163
	RESERVED
CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
	- openswan 2.3.0-2
	- freeswan <not-affected>
CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...)
	- unace 1.2b-3
CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...)
	- unace 1.2b-3
CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
	{DSA-679-1}
	- toolchain-source 3.4-5
CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
	{DSA-687-1}
	- bidwatcher 1.3.17-1
CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
	{DSA-720-1}
	- smartlist 3.15-18
CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
	- perl 5.8.4-6
CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...)
	- perl 5.8.4-6
	- mooix 1.0rc5.pre4
CVE-2005-0154
	RESERVED
CVE-2005-0153
	RESERVED
CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...)
	{DSA-662-1}
	- squirrelmail 1:1.2.7-1
	NOTE: This bug exists only in version 1.2.6.
CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
	NOT-FOR-US: Adobe License Management Software
CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
	- mozilla-firefox 1.0
CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...)
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...)
	- mozilla-firefox 1.0
CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...)
	- mozilla-firefox 1.0
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.5
CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: PeID
CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
	NOT-FOR-US: Irix
CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
	NOT-FOR-US: Irix
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- linux-2.6 2.6.11
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
	- clamav 0.80-0.81rc1-1
CVE-2005-0132
	RESERVED
CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
	- konversation 0.15-3
CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
	- konversation 0.15-3
CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
	- konversation 0.15-3
CVE-2005-0128
	RESERVED
CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
	NOT-FOR-US: MacOS
CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
	NOT-FOR-US: MacOS
CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
	NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 2.6.12-1
CVE-2005-0123
	RESERVED
CVE-2005-0122
	REJECTED
CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
	NOT-FOR-US: golddig
CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
	NOT-FOR-US: helvis
CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
	NOT-FOR-US: helvis
CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
	NOT-FOR-US: helvis
CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
	- xshisen 1.51-1-1.1 (bug #289784)
CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
	- awstats 6.2-1.1
CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
	NOT-FOR-US: DataRescue Interactive Disassembler
CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
	NOT-FOR-US: ZoneAlarm
CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
	NOT-FOR-US: IRIX
CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...)
	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
	NOTE: attack, paranoid people should disable hyper threading
	- kfreebsd5-source 5.3-11
CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
	{DSA-659-1}
	- libapache-mod-auth-radius 1.5.7-6
	- libpam-radius-auth 1.3.16-3
CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
	{DSA-690-1}
	- bsmtpd 2.3pl8b-16
CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
	- libnet-ssleay-perl 1.25-1.1
CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
	{DSA-684-1}
	- typespeed 0.4.4-8
CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
	{DSA-662-1}
	- squirrelmail 2:1.4.4
CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
	{DSA-673-1}
	- evolution 2.0.3-1.2 (bug #295548)
CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
	- newspost 2.1.1-2
CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
	{DSA-685-1 DSA-671-1 DSA-670-1}
	- emacs21 21.3+1-9
	- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
	- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
	- squid 2.5.7-4
CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0093
	REJECTED
CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
	{DSA-666-1}
	- python2.2 2.2.3-14
	- python2.3 2.3.4+2.3.5c1-2
	- python2.4 2.4-5
CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
	{DSA-689-1}
	- libapache2-mod-python 3.1.3-3
	- libapache-mod-python 2:2.7.10-4
CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
	- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
	- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
	{DSA-680-1}
	- htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
	{DSA-653-1}
	- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
	- maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
	{DSA-657-1}
	- xine-lib 1-rc6a-1
CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
	- jabber 1.4.3-3 (unimportant)
	NOTE: We do not ship jadc2s.
CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: mod_access_referer
CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
	- xshisen 1.51-1-1 (bug #213957)
CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
	- mailman 2.1.5-5
CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
	{DSA-649-1}
	- xtrlock 2.0-9
CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...)
	{DSA-660-1}
	- kdebase 4:3.0.5
CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
	{DSA-658-1}
	- libdbi-perl 1.46-6
CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
	{DSA-672-1}
	- xview 3.2p1.4-19
CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
	{DSA-676-1}
	- xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
	{DSA-677-1}
	- sympa 4.1.2-2.1
CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
	{DSA-655-1}
	- zhcon 1:0.2.3-8.1 (bug #292210)
CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...)
	{DSA-656-1}
	- vdr 1.2.6-6
CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...)
	{DSA-681-1}
	- synaesthesia 2.1-3
	NOTE: does not apply for sarge, program is not setuid anymore
CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...)
	- vim 1:6.3-058+1
CVE-2005-0068 (The original design of ICMP does not require authentication for ...)
	NOTE: general icmp design error
CVE-2005-0067 (The original design of TCP does not require that port numbers be ...)
	NOTE: general tcp design error, no indication it affects linux
CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
	NOTE: general tcp design error
CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
	NOTE: general tcp design error
CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
	{DSA-648-1 DSA-645-1}
	- xpdf 3.00-13
	- gpdf 2.8.2-1.2
	- pdftohtml 0.36-11
	- kdegraphics 4:3.3.2-2
	- tetex-bin 2.0.2-26
	- cupsys 1.1.22-6 (bug #324459)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.23-13, the dormant code in the source
	NOTE: package was fixed.
CVE-2005-0063 (The document processing application used by the Windows Shell in ...)
	NOT-FOR-US: Microsoft
CVE-2005-0062
	RESERVED
CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
	NOT-FOR-US: TAPI for Windows
CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)
	NOT-FOR-US: Microsoft
CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...)
	NOT-FOR-US: Microsoft
CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2005-0052
	RESERVED
CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly &quot;validate the use ...)
	NOT-FOR-US: Microsoft
CVE-2005-0046
	RESERVED
CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
	NOT-FOR-US: Microsoft
CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
	NOT-FOR-US: iTunes
CVE-2005-0042
	RESERVED
CVE-2005-0041
	RESERVED
CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
	NOT-FOR-US: DotNetNuke
CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
	NOTE: These are known issues of IPSEC and basically every VPN system using
	NOTE: encryption without authentication.
	NOTE: openswan even prevents such configurations
CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote ...)
	- pdns 2.9.17-1
CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...)
	NOT-FOR-US: dnrd
CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote ...)
	NOT-FOR-US: DeleGate
CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
	NOT-FOR-US: Adobe
CVE-2005-0034 (An &quot;incorrect assumption&quot; in the authvalidated validator function in ...)
	- bind9 1:9.3.1
	[woody] - bind9 <not-affected>
	[sarge] - bind9 <not-affected>
	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
	- bind 1:8.4.6-1
CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
	NOT-FOR-US: MSIE
CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
	NOT-FOR-US: NetBSD
CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
	NOT-FOR-US: Shoutcast
CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
	NOT-FOR-US: Oracle
CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
	NOT-FOR-US: Oracle
CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
	NOT-FOR-US: Oracle
CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
	NOT-FOR-US: Oracle
CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
	NOT-FOR-US: Oracle
CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
	NOT-FOR-US: Oracle
CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
	NOT-FOR-US: Oracle
CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
	NOT-FOR-US: Windows
CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
	NOT-FOR-US: Solaris
CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
	NOT-FOR-US: Solaris
CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
	NOT-FOR-US: ssh on Solaris
CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
	NOT-FOR-US: Solaris
CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
	NOT-FOR-US: Solaris
CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
	NOT-FOR-US: Solaris
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
	NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
	- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
	- xfree86 <not-affected> (xdm on Solaris)
	- xorg-x11 <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CVE-2004-1344
	RESERVED
CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
	{DSA-711-1}
	- info2www 1.2.2.9-23 (bug #281655)
CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
	{DSA-659-1}
	- libpam-radius-auth 1.3.16-1.1
CVE-2005-0032
	RESERVED
CVE-2005-0031
	RESERVED
CVE-2005-0030
	RESERVED
CVE-2005-0029
	RESERVED
CVE-2005-0028
	RESERVED
CVE-2005-0027
	RESERVED
CVE-2005-0026
	RESERVED
CVE-2005-0025
	RESERVED
CVE-2005-0024
	RESERVED
CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...)
	- gnome-libs <unfixed> (bug #329156; unimportant)
	- vte <unfixed> (bug #330907; unimportant)
	NOTE: Not considered a security problem, see #329156
CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
	- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
	{DSA-637-1 DSA-635-1}
	- exim4 4.34-10
	- exim 3.36-13 (bug #290036)
	- exim-tls <removed>
CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
	{DSA-641-1}
	- playmidi 2.4debian-3
CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
	{DSA-675-1}
	- hztty 2.0-6.1
CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
	{DSA-640-1}
	- gatos 0.0.5-15
CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
	{DSA-650-1}
	- sword 1.5.7-7 (bug #291433)
CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
	- ncpfs 2.2.6-1
CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
	{DSA-665-1}
	- ncpfs 2.2.6-1
CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
	- dillo 0.8.3-1
CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
	- kdeedu 4:3.3.2-2
CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
	- ethereal 0.10.9-1
CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...)
	- ethereal 0.10.9-1
CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...)
	- ethereal 0.10.9-1
CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
	- ethereal 0.10.9-1
CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...)
	- ethereal 0.10.9-1
CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
	{DSA-646-1}
	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
	{DSA-647-1}
	- mysql-dfsg-4.1 4.1.8a-6
	- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 2.4.27-9
	[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
	NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	NOTE: i386 and smp specific
	TODO: Check, when this was fixed upstream
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
	NOT-FOR-US: oracle
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
	NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	TODO: Check, when this was fixed
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
	- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
	NOT-FOR-US: hpux
CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
	NOT-FOR-US: microsoft
CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
	NOT-FOR-US: AIX
CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: hpux
CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
	NOT-FOR-US: Crystal FTP client
CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
	NOT-FOR-US: Ultrix
CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
	NOT-FOR-US: Microsoft
CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
	NOT-FOR-US: Netbsd
CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
	NOT-FOR-US: Cisco
CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
	NOT-FOR-US: MSIE
CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
	{DSA-627-1}
	- namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
	- netcat <not-affected> (only affects netcat in Windows)
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
	- mozilla 2:1.7.5-1 (bug #288047)
CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
	- phpbb2 2.0.10-3
CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
	NOT-FOR-US: MacOS
CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
	NOT-FOR-US: My Firewall Plus
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
	NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
	{DSA-617-1}
	- tiff 3.6.1-4
	TODO: other packages containing libtiff code may be vulnerable, e.g. kfax
CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
	- tiff 3.7.0 (low)
CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
	- file 4.12
CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
	NOT-FOR-US: Yanf
CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
	NOT-FOR-US: YAMT
CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
	NOT-FOR-US: xlreader
CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
	- xine-lib 1-rc8-1
CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
	NOT-FOR-US: vilistextum
CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
	NOT-FOR-US: vb2c
CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
	- unrtf 0.19.3-1.1 (bug #287038)
CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
	- groff 1.18.1.1-5
CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
	- uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
	- tnftp 20050625-0.1 (bug #285902; medium)
CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
	NOT-FOR-US: rtf2latex2e
CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
	NOT-FOR-US: ringtonetools
CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
	NOT-FOR-US: qwik-smtpd
CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
	NOT-FOR-US: pgn2web
CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
	{DSA-625-1}
	- pcal 4.8.0-1
CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
	NOT-FOR-US: o3read
CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
	{DSA-623-1}
	- nasm 0.98.38-1.1 (bug #285889)
CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
	NOT-FOR-US: NapShare
CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
	NOT-FOR-US: mplayer
CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
	- mpg123 0.59r-20 (bug #287043)
CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
	NOT-FOR-US: mview
CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
	{DSA-632-1}
	- linpopup 1.2.0-7
CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
	NOT-FOR-US: junkie
CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
	NOT-FOR-US: junkie
CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
	NOT-FOR-US: jpegtoavi
CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
	NOT-FOR-US: jcabc2ps
CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
	NOT-FOR-US: html2hdml
CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
	- filter 2.4.2-1.1
CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
	NOT-FOR-US: dxfscope
CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
	- cupsys 1.1.22-2
CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
	- cupsys 1.1.22-2
CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
	- cupsys 1.1.22-2
CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
	- cupsys 1.1.22-2
CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
	NOT-FOR-US: csv2xml
CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
	NOT-FOR-US: Convex
CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
	{DSA-644-1}
	- chbg 1.5-4
CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
	NOT-FOR-US: ChangePassword
CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
	NOT-FOR-US: bsb2ppm
CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
	NOT-FOR-US: asp2php
CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
	NOT-FOR-US: abctab2ps
CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
	NOT-FOR-US: abcpp
CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
	- abcm2ps 4.8.5-1
CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
	NOT-FOR-US: abc2mtex
CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
	- abcmidi 20050101-1
CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
	NOT-FOR-US: 2fax
CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1253
	RESERVED
CVE-2004-1252
	RESERVED
CVE-2004-1251
	RESERVED
CVE-2004-1250
	RESERVED
CVE-2004-1249
	RESERVED
CVE-2004-1248
	RESERVED
CVE-2004-1247
	RESERVED
CVE-2004-1246
	RESERVED
CVE-2004-1245
	RESERVED
CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-1243
	REJECTED
CVE-2004-1242
	REJECTED
CVE-2004-1241
	REJECTED
CVE-2004-1240
	REJECTED
CVE-2004-1239
	REJECTED
CVE-2004-1238
	REJECTED
CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
	- linux-2.6 <not-affected> (Apparently Red Hat specific)
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
	NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, when this was fixed
	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
	- mtr 0.67-1
CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
	NOT-FOR-US: paFileDB
CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Remote Execute
CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kreed
CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
	NOT-FOR-US: Blog Torrent
CVE-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
	NOT-FOR-US: IpCop
CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
	NOT-FOR-US: Verisign Payflow Link
CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
	NOT-FOR-US: Orbz
CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
	NOTE: at best a local DOS by the user running fluxbox.
	NOTE: Where's the security hole?
	- fluxbox 0.9.11-1
CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
	NOT-FOR-US: phpCMS
CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
	NOT-FOR-US: phpCMS
CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
	NOTE: memory leak, doubt it's usefully exploitable
	NOTE: did not followup
CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
	NOT-FOR-US: Safari
CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: MSIE
CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
	NOT-FOR-US: inShop
CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
	NOT-FOR-US: Insite Inmail
CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
	NOT-FOR-US: Prevex Home
CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
	TODO: Check linux-2.6
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
	NOTE: has a misleading entry titled "Fix exploitable hole"
	NOTE: http://www.securityfocus.com/advisories/7579
	NOTE: http://xforce.iss.net/xforce/xfdb/18370
	NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
	{DSA-629-1}
	- krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
	- xine-lib 1-rc8-1
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
	- xine-lib 1-rc8-1
CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
	{DSA-626-1}
	- tiff 3.6.1-5
CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
	{DSA-634-1}
	- hylafax 1:4.2.1-1
CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
	{DSA-622-1}
	- htmlheadline <removed>
CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
	{DSA-678-1}
	- netkit-rwho 0.17-8
CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
	{DSA-615-1}
	- debmake 3.7.7
CVE-2004-1178
	RESERVED
CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
	{DSA-674-1}
	- mailman 2.1.5-5
CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
	NOT-FOR-US: MSIE
CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
	- kdelibs 4:3.3.1-2
	- kdebase 4:3.3.1-3
CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
	{DSA-612-1}
	- a2ps 1:4.13b-4.2 (bug #283134)
CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
	- maxdb-webtools 7.5.00.19-1
CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
	- maxdb-webtools 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
	NOT-FOR-US: gentoo mirrorselect
CVE-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
	{DSA-631-1}
	- kdelibs 4:3.3.2-1
CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
	NOT-FOR-US: Cisco
CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
	- scponly 4.0-1
CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
	- rssh 2.2.3-1
CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
	NOT-FOR-US: Netscape
CVE-2004-1159
	REJECTED
CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
	- kdelibs 4:3.3.1-3
	- kdebase 4:3.3.1-4
CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
	NOT-FOR-US: Opera
CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...)
	- mozilla 2:1.7.6-1
	- mozilla-firefox 1.0.1
CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
	NOT-FOR-US: Microsoft MSIE
CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
	{DSA-701-1}
	- samba 3.0.10-1
CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
	NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
	- phpmyadmin 2:2.6.1-rc1-1
CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
	- phpmyadmin 2:2.6.1-rc1-1
CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...)
	- cvstrac 1.1.5
CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...)
	- kdelibs 4:3.3.2-1
CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
	NOTE: amd64 specific
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
	- mailman 2.1.5-5
CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
	{DSA-613-1}
	- ethereal 0.10.8-1
CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
	- ethereal 0.10.8-1
CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
	- ethereal 0.10.8-1
CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
	- ethereal 0.10.8-1
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
	- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
	- linux-2.6 <not-affected> (Fixed before upload into the archive)
	TODO: Check, when this was fixed
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
	NOT-FOR-US: CuteFTP
CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
	NOT-FOR-US: WS-Ftpd
CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
	NOT-FOR-US: Microsoft
CVE-2004-1132
	RESERVED
CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
	NOT-FOR-US: SCO
CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
	NOT-FOR-US: CMailServer
CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
	NOT-FOR-US: CMailServer
CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
	NOT-FOR-US: CMailServer
CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
CVE-2004-1126
	RESERVED
CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
	{DSA-621-1 DSA-619-1}
	- xpdf 3.00-11
	- cupsys 1.1.22-2
	- tetex-bin 2.0.2-25
	- gpdf 2.8.2-1
	- koffice 1:1.3.5-1
CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
	NOT-FOR-US: UnixWare
CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
	NOT-FOR-US: Darwin Streaming Server
CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
	NOT-FOR-US: Safari
CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
	NOT-FOR-US: Safari
CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
	{DSA-663-1}
	- prozilla 1:1.3.7.3-1
CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
	NOT-FOR-US: Winamp
CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
	NOT-FOR-US: ChessBrain
CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
	NOT-FOR-US: GIMPS
CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
	- setiathome <not-affected> (Gentoo-specific vulnerability)
CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
	NOT-FOR-US: Skype
CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
	- sqlgrey <itp> (bug #389472)
CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
	NOT-FOR-US: Cisco
CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
	- mtink 1.0.5
	NOTE: debian not vulnerable except in edge case
CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
	NOT-FOR-US: Gentoolkit
CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
	NOT-FOR-US: Portage
CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
	{DSA-642-1}
	- gallery 1.4.4-pl4-1
CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
	NOT-FOR-US: Nortel Networks Contivity VPN Client
CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
	NOT-FOR-US: MailPost
CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
	NOT-FOR-US: MailPost
CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
	NOT-FOR-US: MailPost
CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
	NOT-FOR-US: MailPost
CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
	- mime-tools 5.415-1
CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
	- cherokee <not-affected> (Fixed before upload into archive)
CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
	- libarchive-zip-perl 1.14-1
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version ...)
	NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that &quot;Secure Keyboard ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
	NOT-FOR-US: Microsoft
CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
	- ncpfs 2.2.5-2
CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
	NOT-FOR-US: Citrix
CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
	NOT-FOR-US: Citrix
CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...)
	{DSA-609-1}
	- atari800 1.3.2-1
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
	- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	- kernel-source-2.4.27 <not-affected> (2.6 only issue)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 2.4.27-7
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
	- cyrus21-imapd <not-affected> (Only affected 2.2 series)
CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
	NOT-FOR-US: FreeBSD
CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
	- php4 4:4.3.10-1
CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
	- php4 4:4.3.10-1
CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
	- php4 4:4.3.10-1
CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...)
	- bugzilla 2.16.7-2
CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
	- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: previous fix in -9 has regressions
	- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 2:2.6.0-pl3-1
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
	NOT-FOR-US: AIX
CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
	NOT-FOR-US: fetch on FreeBSD
CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
	{DSA-595-1}
	- bnc <removed>
CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
	{DSA-596-2}
	- sudo 1.6.8p3-1
CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-1048
	RESERVED
CVE-2004-1047
	RESERVED
CVE-2004-1046
	RESERVED
CVE-2004-1045
	RESERVED
CVE-2004-1044
	RESERVED
CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-1042
	RESERVED
CVE-2004-1041
	RESERVED
CVE-2004-1040
	RESERVED
CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
	NOT-FOR-US: IEEE1394 specification bug, physical security
CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
	- twiki 20030201-6
CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
	- squirrelmail 2:1.4.3a-3
CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
	- imapproxy 1.2.2+1.2.3rc2-1
CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
	- kaffeine 0.4.3.1-3
	- gxine 0.4-rc1
CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
	- fcron 2.9.5.1-1
CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
	NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
	{DSA-652-1}
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
	{DSA-628-1 DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
	- imlib2 1.1.2-2.1
CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
	{DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
CVE-2004-1024
	RESERVED
CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
	NOT-FOR-US: MacOS
CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...)
	- php4 4:4.3.10-1
CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
	- php4 4:4.3.10-1
CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...)
	- php4 4:4.3.10-1
	- php3 3:3.0.18-29
CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
	{DSA-606-1}
	- nfs-utils 1:1.0.6-3.1
CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
	{DSA-624-1}
	- zip 2.30-8
CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
	- putty 0.56-1
CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
	- bogofilter 0.92.8-1
CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
	{DSA-584-1}
	- dhcp 2.0pl5-19.1
CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: Trend ScanMail
CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
	- ppp 2.4.2+20040428-3
CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
	{DSA-585-1}
	NOTE: Fixed in 	shadow 1:4.0.3-30.3 for the first time.
	NOTE: Apparently, the fix was lost somehow, see #309587.
	NOTE: It was reapplied to sarge before the release, and to sid in
	NOTE: version 1:4.0.3-35.
	- shadow 1:4.0.3-35
	[sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
	{DSA-630-1}
	- lintian 1.23.6 (bug #286379; low)
CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
	NOTE: changelog says he only patched 1095, but diff comparison
	NOTE: shows 0999 was also fixed.
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
	{DSA-616-1}
	- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
	{DSA-610-1}
	- cscope 15.5-1.1 (bug #282815)
	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CVE-2004-0995
	RESERVED
CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
	{DSA-614-1}
	NOTE: only indication that it's this CVE is in the debian package changelog
	- xzgv 0.8-3
CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
	{DSA-604-1}
	- hpsockd 0.14
CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
	NOT-FOR-US: Proxytunnel
CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
	- mpg123 0.59r-19
CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
	- libgd2 2.0.30-1
	- libgd 1.8.4-36.1
CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
	{DSA-582-1}
	- libxml 1:1.8.17-9
	- libxml2 2.6.11-5
CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
	NOT-FOR-US: Apple
CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
	{DSA-598-1}
	- yardradius 1.0.20-15
CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
	{DSA-580-1}
	- iptables 1.2.11-4
CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: windows
CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...)
	- mailutils 1:0.5-4
CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
	{DSA-586-1}
	- ruby1.8 1.8.1+1.8.2pre2-4
	- ruby1.6 1.6.8-12
	- ruby <removed>
CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
	{DSA-578-1}
	- mpg123 0.59r-18
	NOTE: Original fix in -17 was incomplete
CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
	{DSA-593-1}
	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
	- graphicsmagick 1.1.7-1
CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
	{DSA-592-1}
	- ez-ipupdate 3.0.11b8-8
CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the &quot;Drag and ...)
	NOT-FOR-US: windows
CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...)
	NOT-FOR-US: windows
CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...)
	{DSA-577-1}
	- postgresql 7.4.6-1
CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
	{DSA-620-1}
	- perl 5.8.4-4
CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
	{DSA-603-1}
	- openssl 0.9.7e-3
	NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
	- netatalk 1.6.4a-1 (low)
CVE-2004-0973
	REJECTED
CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
	{DSA-583-1}
	- lvm10 1:1.0.8-8
CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
	NOTE: Not shipped in the krb5 binary package
	- krb5 <unfixed> (bug #278271; unimportant)
	- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
	{DSA-588-1}
	- gzip 1.3.5-8 (bug #259043; bug #257314; medium)
CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
	- groff 1.18.1.1-2
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
	{DSA-636-1}
	- glibc 2.3.2.ds1-19
CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...)
	- gs-common 0.3.6-0.1
	- gs-gpl <unfixed> (bug #291373; unimportant)
	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
	- gettext 0.14.1-6
CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
	NOT-FOR-US: HP-UX
CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
	{DSA-587-1}
	- zinf <not-affected> (According to DSA-587 not affected, as module was rewritten)
	- freeamp <removed>
	TODO: Changelog claims a possibly related fix in 2.2.5?
CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...)
	NOT-FOR-US: windows
CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
	NOT-FOR-US: Apple Remote Desktop Client
CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
	- freeradius 1.0.1
CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
	- freeradius 1.0.1
CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...)
	- php4 4:4.3.9
CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
	- php4 4:4.3.9
CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
	{DSA-707-1}
	- mysql-dfsg-4.1 4.1.10a-6
	- mysql-dfsg 4.0.24-5
CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
	- mysql-dfsg <not-affected> (Not vulnerable, http://www.debian.org/security/nonvulns-sarge)
CVE-2004-0955
	REJECTED
CVE-2004-0954
	REJECTED
CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
	- jabber <not-affected> (Jabber version 2 is vulnerable, we have an older version that seems not)
CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
	NOT-FOR-US: HP-UX
CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...)
	NOT-FOR-US: HP-UX
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
	NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
CVE-2004-0948
	REJECTED
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
	{DSA-652-1}
	NOTE: see http://lwn.net/Alerts/110733/
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
	- nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0943
	REJECTED
CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
	- apache2 2.0.52-2
CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
	{DSA-602-1 DSA-601-1}
	- libgd2 2.0.33-1.1
	- libgd 1.8.4-36.1
CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
	{DSA-594-1}
	- apache 1.3.33-2
CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
	- freeradius 1.0.1
CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
	NOT-FOR-US: RAV antivirus
CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
	NOT-FOR-US: Eset anti-virus
CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
	NOT-FOR-US: Kaspersky antivirus
CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
	- samba 3.0.8-1
CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
	- tiff3g <removed>
CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
	NOT-FOR-US: Macromedia
CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
	NOT-FOR-US: MacOS
CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
	NOT-FOR-US: MacOS
CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
	NOT-FOR-US: MacOS
CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
	NOT-FOR-US: MacOS
CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
	{DSA-566-1}
	- cupsys 1.1.20final+rc1-9
CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
	NOT-FOR-US: MacOS
CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
	NOT-FOR-US: MacOS
CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
	NOT-FOR-US: norton
CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
	{DSA-576-1}
	- squid 2.5.7
CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...)
	NOT-FOR-US: Vignette Application Portal
CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
	{DSA-574-1}
	- cabextract 1.1-1
CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
	{DSA-605-1}
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237)
CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
	{DSA-607-1}
	NOTE: Previous -9 fix had some issues of its own
	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
	NOTE: lesstif1 and 2 have to be fixed separately
	- lesstif1 1:0.93.94-11.3 (bug #294099)
	NOTE: but lesstif2 did get fixed for this hole..
	- lesstif2 1:0.93.94-11.2
	- openmotif 2.2.3-1.1 (bug #309819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
	{DSA-572-1}
	- ecartis 1.0.0+cvs.20030911-8
CVE-2004-0912
	RESERVED
CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
	{DSA-569-1 DSA-556-1}
	- netkit-telnet-ssl 0.17.24+0.1-4
	- netkit-telnet 0.17-26
CVE-2004-0910
	REJECTED
CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
	- mozilla-firefox <not-affected> (non-Debian packaging issue)
CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
	NOT-FOR-US: Microsoft
CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
	NOT-FOR-US: Microsoft
CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
	NOT-FOR-US: Microsoft
CVE-2004-0898
	RESERVED
CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
	NOT-FOR-US: Windows
CVE-2004-0896
	RESERVED
CVE-2004-0895
	RESERVED
CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
	NOT-FOR-US: Microsoft
CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
	NOT-FOR-US: Microsoft
CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
	- gaim 1:1.0.2
CVE-2004-0890
	REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
	- xpdf 3.00-10 (medium)
	TODO: check xpdf embedders
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
	{DSA-599-1 DSA-581-1 DSA-573-1}
	- koffice 1:1.3.4-1
	- tetex-bin 2.0.2-23
	- xpdf 3.00-9
	- kpdf 4:3.3.1-1 (bug #278173)
	- gpdf 2.8.0-1
	- kfax 4:3.3.1-1 (bug #280373)
	- cupsys 1.1.22-6 (bug #324460)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
	NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
	- apache2 2.0.52-2
	- libapache-mod-ssl 2.8.20-1
CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
	{DSA-568-1 DSA-563-3}
	- cyrus-sasl <removed>
	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, when this was fixed
	- kernel-source-2.4.27 2.4.27-6
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
	NOTE: details http://security.e-matters.de/advisories/132004.html
	- samba 3.0.7
CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0879
	RESERVED
CVE-2004-0878
	RESERVED
CVE-2004-0877
	RESERVED
CVE-2004-0876
	RESERVED
CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
	- phpgroupware 0.9.16.002
CVE-2004-0874
	REJECTED
CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: apple
CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
	NOT-FOR-US: Opera
CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
	TODO: followup
CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
	TODO: followup
CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
	NOT-FOR-US: MSIE
CVE-2004-0868
	REJECTED
CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
	- mozilla-firefox 0.9.3
CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
	NOT-FOR-US: MSIE
CVE-2004-0865
	RESERVED
CVE-2004-0864
	RESERVED
CVE-2004-0863
	RESERVED
CVE-2004-0862
	RESERVED
CVE-2004-0861
	RESERVED
CVE-2004-0860
	RESERVED
CVE-2004-0859
	RESERVED
CVE-2004-0858
	RESERVED
CVE-2004-0857
	RESERVED
CVE-2004-0856
	RESERVED
CVE-2004-0855
	RESERVED
CVE-2004-0854
	RESERVED
CVE-2004-0853
	RESERVED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
	{DSA-611-1}
	- htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
	{DSA-559-1}
	- net-acct 0.71-7
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
	- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
	NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
	NOT-FOR-US: microsoft
CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
	NOT-FOR-US: microsoft
CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
	NOT-FOR-US: microsoft
CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...)
	NOT-FOR-US: microsoft
CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
	NOT-FOR-US: microsoft
CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
	NOT-FOR-US: microsoft
CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
	- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
	{DSA-554-1}
	- sendmail 8.13.1-13
CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
	- squid 2.5.6-8
CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
	NOT-FOR-US: McAfee
CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
	- samba 2.2.11
CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
	NOTE: not-fos-us (AIX)
CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
	{DSA-547-1}
	- imagemagick 5:6.0.7.1-1
CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
	NOT-FOR-US: netscape NSS
CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
	NOT-FOR-US: Apple
CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
	NOT-FOR-US: Apple
CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...)
	NOT-FOR-US: Apple
CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
	NOT-FOR-US: Apple
CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: winamp
CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
	NOT-FOR-US: openbsd
CVE-2004-0818
	RESERVED
CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
	{DSA-548-2}
	- imlib+png2 1.9.14-16.2
	- imlib 1.9.14-17 (bug #285025)
CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (2.6 specific issue)
CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
	{DSA-600-1}
	- samba 3.0.6-1 (bug #274342)
CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	[sarge] - kernel-source-2.6.8 2.6.8-8
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive)
	TODO: Check, when this was fixed in 2.4
	TODO: Check, when this was fixed in 2.6
CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive)
	TODO: Check, when this was fixed in 2.4
CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents &quot;the merging of the ...)
	- apache2 2.0.52
CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
	NOT-FOR-US: Netopia Timbuktu
CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
	{DSA-558-1}
	- apache2 2.0.51-1
	- libapache-mod-dav 1.0.3-10
CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
	- samba 3.0.7
CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
	- samba 3.0.7
CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
	- cdrtools 4:2.0+a34-2
CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
	{DSA-564-1}
	- mpg123 0.59r-16
CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
	{DSA-552-1}
	- imlib2 1.1.0-12.4
CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
	- foomatic-filters 3.0.2
CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
	- zlib 1:1.2.1.1-6
	[woody] - zlib <not-affected> (zlib 1.1 is not affected)
CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
	- spamassassin 2.64
CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
	{DSA-551-1}
	- lukemftpd 1.1-2.2 (bug #266370)
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
	- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
	{DSA-538}
	- rsync 2.6.2-3
CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
	- kernel-source-2.4.27 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
	- linux-2.6 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
	NOT-FOR-US: DNS impleementations not in Debian
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
	NOT-FOR-US: OpenCA
CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
	- apache <not-affected>	(not vulnerable according to http://www.debian.org/security/nonvulns-sarge)
	- apache2 2.0.51
CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
	- gaim 1:0.82
CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
	- gaim 1:0.82
CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
	{DSA-549-1}
	- gtk+2.0 2.4.9-2
CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
	{DSA-541}
	- icecast-server 1:1.3.12-8
CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
	- cvs 1:1.12.9
CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
	- courier 0.45.6-1 (medium; bug #266723)
	NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite
	NOTE: mentioned in the bug report.
CVE-2004-0776
	RESERVED
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
	NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
	NOT-FOR-US: Real Helix server
CVE-2004-0773
	RESERVED
CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
	- dgen 1.23-6
CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
	- mozilla-firefox 0.9.3
CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
	- mozilla 2:1.7
CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0756
	RESERVED
CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
	{DSA-537}
	- ruby1.8 1.8.1+1.8.2pre1-4
	- ruby <removed>
	TODO: is ruby1.6 vulnerable?
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
	- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
	{DSA-546-1}
	- gdk-pixbuf 0.22.0-7
CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
	- openoffice.org 1.1.2-4
CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
	- apache2 2.0.50-11
CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
	NOT-FOR-US: Red Hat specific
CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
	- subversion 1.0.9-2
CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
	- apache2 2.0.51
CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
	[sarge] - apache2 <not-affected>
	- apache2 2.0.51
CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3
CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
	NOT-FOR-US: MacOS
CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
	NOT-FOR-US: MacOS
CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
	NOT-FOR-US: LionMax Software WWW File Share Pro
CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
	NOT-FOR-US: Lexmark
CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
	NOT-FOR-US: Whisper FTP Surfer
CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
	NOT-FOR-US: phpnuke
CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
	NOT-FOR-US: phpnuke
CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
	NOT-FOR-US: phpnuke
CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
	NOT-FOR-US: various windows games
CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Web_Store.cgi
CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
	NOT-FOR-US: OllyDbg
CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
	NOT-FOR-US: phpnuke
CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
	NOT-FOR-US: phpnuke
CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
	- phpbb2 2.0.10
CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
	- phpbb2 2.0.10
CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
	NOT-FOR-US: Microsoft
CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
	- moodle 1.4
CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
	NOT-FOR-US: Half Life
CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
	- mozilla 2:1.6
CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
	[sarge] - kdebase 4:3.2.3-1.sarge.1
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
	- kdebase 4:3.3.0-1
CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
	NOT-FOR-US: Safari
CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
	NOTE: upstream versions became vulnerable again, see
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
	NOTE: and were fixed again, it got CVE-2005-1937 for the reversion
	- mozilla 2:1.7.10-1 (medium)
	- mozilla-firefox 1.0.6-1 (medium)
CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
	NOT-FOR-US: opera 7.50
CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
	NOT-FOR-US: HP-UX
CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
	NOT-FOR-US: Cisco
CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
	NOT-FOR-US: Cisco
CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
	NOT-FOR-US: HP OpenView Select Access
CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
	- moin 1.2.2
CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
	NOT-FOR-US: Solaris
CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
	{DSA-532}
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0694
	RESERVED
	- lha 1.14i-10 (bug #279870)
CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
	{DSA-539}
	- kdelibs 4:3.3.0-1
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
	- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
	NOT-FOR-US: WebSphere Edge Server
CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
	NOT-FOR-US: Norton
CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
	NOT-FOR-US: Zoom DSL modem
CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
	NOT-FOR-US: UnrealIRCd
CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
	NOT-FOR-US: 12Planet Chat Server
CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
	NOT-FOR-US: c32web.exe
CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
	NOT-FOR-US: Netegrity IdentityMinder Web Edition
CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
	NOT-FOR-US: Brightmail Spamfilter
CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
	NOT-FOR-US: Rompager
CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
	NOT-FOR-US: Lotus
CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Lotus
CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
	- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
	NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
	NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
	NOT-FOR-US: D-Link AirPlus DI-614+
CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
	NOT-FOR-US: CuteNews
CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
	- mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
	- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
	- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins)
CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
	- ntp 4.0
CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
	- pure-ftpd 1.0.19-1
CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
	NOT-FOR-US: Solaris
CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
	NOT-FOR-US: Solaris
CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
	NOT-FOR-US: Sun JRE
CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
	NOT-FOR-US: Cisco
CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
	{DSA-530}
	- l2tpd 0.70-pre20031121-2
CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
	- mozilla 2:1.7.1
	- mozilla-firefox 0.9.2
	- mozilla-thunderbird 0.7.2
CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
	- shorewall 2.0.3a
CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
	NOT-FOR-US: JRun
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
	{DSA-579-1 DSA-550-1}
	- abiword 2.0.8
	- wv 1.0.2-0.1 (bug #264972)
	NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
	NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
	{DSA-529}
	- netkit-telnet-ssl 0.17.24+0.1-2
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
	NOT-FOR-US: Oracle
CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
	NOT-FOR-US: Oracle
CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
	{DSA-528}
	- ethereal 0.10.5-1
CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
	NOT-FOR-US: adobe reader
CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
	- mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium)
	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
	[sarge] - kernel-source-2.6.8 2.6.8-1
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
	NOT-FOR-US: Infinity WEB
CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic ...)
	NOT-FOR-US: Artmedic links
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
	{DSA-590-1}
	- gnats 4.0-6.1
CVE-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
	NOT-FOR-US: MacOS
CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
	NOT-FOR-US: Newsletter ZWS
CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
	NOT-FOR-US: vBulletin
CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
	NOTE: does not seem to be part of linux kernel or other package
CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
	NOT-FOR-US: freebsd
CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
	NOT-FOR-US: ArbitroWeb
CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
	NOT-FOR-US: D-Link DI-614+ SOHO router
CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
	NOT-FOR-US: osTicket
CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
	NOT-FOR-US: osTicket
CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
	NOT-FOR-US: ZoneAlarm Pro
CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
	NOT-FOR-US: Netgear FVS318 VPN Router
CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
	NOT-FOR-US: Microsoft MN-500 Wireless Router
CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
	- rssh 2.2.1
CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
	NOT-FOR-US: Unreal Engine
CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
	- racoon 0.3.3-1
CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
	TODO: Check: Does not match posted patch. Mailed Debian maintainer.
CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
	NOT-FOR-US: giFT-FastTrack not in debian
CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
	- gzip <not-affected> (Gentoo-specific bug in gzip introduced by botched security fix)
CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
	- distcc 2.18.1-4
CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
	- samba 3.0.5 (bug #260838)
CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
	{DSA-571-1 DSA-570-1 DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	TODO: Check, which version fixed this
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
	{DSA-669-1 DSA-531}
	- php3 3:3.0.18-27
	- php4 4:4.3.8-1
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
	{DSA-669-1 DSA-531}
	- php4 4:4.3.8-1
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...)
	NOT-FOR-US: linux 2.4 with usagi patches
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
	{DSA-533}
	- courier 0.45.4-4
CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
	- freeswan 2.04-10
	- openswan 2.2.0
CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
	NOT-FOR-US: Cisco
CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
	- usermin 1.090-1
CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
	- qla2x00-source 7.01.01-1
CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-2004-0585
	REJECTED
CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
	- imp3 3.2.4
CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
	NOT-FOR-US: Mandrake script
CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
	NOT-FOR-US: Linksys routers
CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
	{DSA-522}
	- super 3.23.0-1
CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
	NOT-FOR-US: Wingate
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
	NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
	NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
	NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
	NOT-FOR-US: Windows
CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
	NOT-FOR-US: Windows
CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
	NOT-FOR-US: Windows
CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
	NOT-FOR-US: Microsoft
CVE-2004-0570
	RESERVED
CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
	NOT-FOR-US: Windows
CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
	NOT-FOR-US: HyperTerminal
CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
	NOT-FOR-US: Windows
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
	NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
	{DSA-557-1}
	- rp-pppoe 3.5-4 (bug #343264)
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
	{DSA-555-1}
	- freenet6 1.0-2.2
CVE-2004-0562
	RESERVED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
	{DSA-544-1}
	- webmin 1.160-1
	- usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
	{DSA-545-1}
	- cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
	{DSA-565-1}
	- sox 12.17.4-9 (bug #262083)
CVE-2004-0556
	RESERVED
CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
	{DSA-643-1}
	- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
	RESERVED
CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
	NOT-FOR-US: Sophos Small Business Suite
CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
	NOT-FOR-US: Cisco
CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
	NOT-FOR-US: Real Player
CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
	NOT-FOR-US: Windows
CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
	- aspell 0.50.5-3
CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
	{DSA-516}
	- postgresql 07.03.0200-3
CVE-2004-0546
	RESERVED
CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIX
CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
	NOT-FOR-US: AIX
CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
	- php4 <not-affected> (Only affects Windows)
CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
	- squid 2.5.5-5
CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
	NOT-FOR-US: Windows
CVE-2004-0539 (The &quot;Show in Finder&quot; button in the Safari web browser in Mac OS X ...)
	NOT-FOR-US: MacOS
CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
	NOT-FOR-US: MacOS
CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a &quot;Shortcut ...)
	NOT-FOR-US: Opera
CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
	- tripwire 2.3.1.2.0-2.1
CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0532
	RESERVED
CVE-2004-0531
	RESERVED
CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
	- php4 <not-affected> (Slackware specific rpath issue)
CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
	NOT-FOR-US: Netscape Navigator 7.1
CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
	- kdebase 2.2.3
CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
	NOT-FOR-US: Windows
CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
	NOT-FOR-US: iLO
CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
	{DSA-520}
	- krb5 1.3.3-2
CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
	{DSA-512}
	- gallery 1.4.3-pl2-1
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
	NOT-FOR-US: MacOS
CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
	NOT-FOR-US: MacOS
CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;package ...)
	NOT-FOR-US: MacOS
CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
	NOT-FOR-US: MacOS
CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
	NOT-FOR-US: MacOS
CVE-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;logging when ...)
	NOT-FOR-US: MacOS
CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0509
	RESERVED
CVE-2004-0508
	RESERVED
CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
	- ethereal 0.10.4
CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
	- ethereal 0.10.4
CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
	- ethereal 0.10.4
CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
	- ethereal 0.10.4
CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...)
	NOT-FOR-US: Microsoft
CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
	NOT-FOR-US: Microsoft
CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Microsoft
CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
	- gaim 1:0.81-3
CVE-2004-0499
	REJECTED
CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
	NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
	NOTE: fixed in 2.6.7
CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc1)
CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
	- gnome-vfs 1.0.1
	TODO: Fedora fixed this in a recent mc advisory, we should double-check whether
	TODO: this applies to Debian's mc package
CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
	- apache2 2.0.50-1
CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
	{DSA-525}
	- apache 1.3.31-2
CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
	NOTE: appears redhat specific
CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
	NOT-FOR-US: MacOS
CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
	{DSA-532}
	- apache2 2.0.50-1
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
	NOT-FOR-US: Norton
CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
	NOT-FOR-US: MacOS
CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
	NOT-FOR-US: IRIX
CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
	NOT-FOR-US: OpenBSD
CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
	NOT-FOR-US: the KCMS on Solaris
CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
	NOTE: only a Mozilla DOS
	TODO: not even fixed upstream
CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
	NOT-FOR-US: Help Center (HelpCtr.exe)
CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
	NOT-FOR-US: opera
CVE-2004-0472
	REJECTED
CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...)
	NOT-FOR-US: WebConnect
CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
	NOT-FOR-US: WebConnect
CVE-2004-0464
	RESERVED
CVE-2004-0463
	RESERVED
CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
	NOT-FOR-US: Multiple embedded hardware vendors
CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
	- dhcp3 3.0.1
CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
	- dhcp3 3.0.1
CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
	NOT-FOR-US: DOS in 802.11 protocol
CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
	{DSA-503}
	- mah-jong 1.6.2-1
CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
	{DSA-540}
	- mysql-dfsg 4.0.20-11
	- mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
	{DSA-527}
	- pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
	{DSA-523}
	- www-sql 0.5.7-18
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0453 (Format string vulnerability in the monitor &quot;memory dump&quot; command in ...)
	- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
	{DSA-620-1}
	- perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
	{DSA-521}
	- sup 1.8-11
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
	{DSA-513}
	- log2mail 0.2.8-3
CVE-2004-0449
	RESERVED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
	{DSA-510}
	- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-0446
	RESERVED
CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
	NOT-FOR-US: Norton
CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
	NOT-FOR-US: Norton
CVE-2004-0443
	RESERVED
CVE-2004-0442
	RESERVED
CVE-2004-0441
	RESERVED
CVE-2004-0440
	RESERVED
CVE-2004-0439
	RESERVED
CVE-2004-0438
	RESERVED
CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
	NOT-FOR-US: Titan FTP Server
CVE-2004-0436
	RESERVED
CVE-2004-0435 (Certain &quot;programming errors&quot; in the msync system call for FreeBSD ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
	{DSA-504}
	- heimdal 0.6.2-1
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
	- mplayer 1.0~pre6a-1
	- xine-lib 1-rc4
CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
	- proftpd 1.2.9-4
CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0429 (Unknown vulnerability related to &quot;the handling of large requests&quot; in ...)
	NOT-FOR-US: RAdmin for Mac OS X
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
	NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
	{DSA-499}
	- rsync 2.6.1-1
CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
	NOT-FOR-US: windows
CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
	NOTE: fixed after 2.6.4/2.4.26 kernel
CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
	- ssmtp <unfixed> (unimportant)
	NOTE: bug still exists in the ssmtp source, but is only activated if
	NOTE: --enable-logfile is used in ./configure
	NOTE: The package doesn't enable that flag so it is safe.
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
	{DSA-500}
	- flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
	{DSA-498}
	- libpng 1.0.15-5
	- libpng3 1.2.5.0-6
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
	NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
	[sarge] - xfree86 <not-affected> (vulnerable code not present)
	- xdm <not-affected> (vulnerable code not present)
CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS protocol command ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc6)
CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
	{DSA-517}
	- cvs 1:1.12.9-1
CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
	- subversion 1.0.5-1
CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
	- mailman 2.1.4-5
CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
	{DSA-518}
	- kdelibs 4:3.2.3
CVE-2004-0410
	REJECTED
CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
	{DSA-493}
	- xchat 2.0.8-1
CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
	{DSA-494}
	- ident2 1.04-2
CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
	NOT-FOR-US: ColdFusion
CVE-2004-0406
	RESERVED
CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...)
	{DSA-488}
	- logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
	- racoon 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
	{DSA-508}
	- xpcd 2.08-10
CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
	- libtasn1 0.1.2-2
CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
	{DSA-507 DSA-506}
	- cadaver 0.22.1-3
	- neon 0.24.6.dfsg-1
CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
	- subversion 1.0.3-1 (bug #249791)
CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
	{DSA-505}
	- cvs 1:1.12.5-6
CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
	{DSA-509}
	- gatos 0.0.5-12
CVE-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
	- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
	NOT-FOR-US: Cisco
CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
	NOT-FOR-US: SCO OpenServer
CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-6
CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
	NOT-FOR-US: RealPlayer plugin
CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
	- mplayer 1.0~pre6a-1
CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
	NOT-FOR-US: Oracle 9i Application Server Web Cache
CVE-2004-0384
	RESERVED
CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
	NOT-FOR-US: Mail for Mac OS X
CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
	NOT-FOR-US: CUPS printing system in Mac OS X
CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-4
CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CVE-2004-0378
	RESERVED
CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
	- perl <not-affected> (Win32 specific)
CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
	{DSA-473}
	- oftpd 20040304-1 (bug #353882)
CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to &quot;expose the ...)
	{DSA-471}
	- interchange 5.0.1-1
CVE-2004-0373
	RESERVED
CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
	{DSA-477}
	- xine-ui 0.99.1-1
CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
	{DSA-476}
	- heimdal 0.6.1-1
CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
	NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
	NOT-FOR-US: Entrust LibKmp ISAKMP library
CVE-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
	NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
	{DSA-469}
	- pam-pgsql 0.5.2-7.1
	NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9
CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
	NOT-FOR-US: WrapNISUM ActiveX
CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
	NOT-FOR-US: SymSpamHelper ActiveX
CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
	NOT-FOR-US: ISS Protocol Analysis Module
CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
	NOT-FOR-US: safari
CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
	NOT-FOR-US: solaris
CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
	NOT-FOR-US: VirtuaNews Admin Panel
CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
	NOT-FOR-US: SL Mail Pro
CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
	NOT-FOR-US: Cisco
CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
	NOT-FOR-US: GWeb HTTP Server
CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
	NOT-FOR-US: SpiderSales
CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
	- proftpd 1.2.9
CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
	NOT-FOR-US: Red Faction
CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...)
	NOT-FOR-US: WFPTD
CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
	NOT-FOR-US: WFPTD
CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
	NOT-FOR-US: WFPTD
CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
	- phpbb2 2.0.6d
CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
	NOT-FOR-US: Invision Board Forum
CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the &quot;Directory ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic ...)
	NOT-FOR-US: AXIS 2100
CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
	- uudeview 0.5.20 (medium)
CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
	NOT-FOR-US: extremail
CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
	NOT-FOR-US: Dell OpenManage Web Server
CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FreeChat
CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
	NOT-FOR-US: Gigabyte Broadband Router
CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
	NOT-FOR-US: PhpNewsManager
CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
	NOT-FOR-US: GateKeeper Pro
CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
	NOT-FOR-US: TypSoft
CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
	NOT-FOR-US: confirm 0.70
CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Team Factor
CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
	NOT-FOR-US: ezBoard
CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Avirt
CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Avirt
CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
	NOT-FOR-US: WebzEdit
CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
	NOT-FOR-US: PSOProxy
CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
	NOT-FOR-US: LINKSYS
CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
	NOT-FOR-US: APC
CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
	NOT-FOR-US: LiveJournal
CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
	NOT-FOR-US: cisco
CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
	NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
	NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
	NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
	NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
	NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
	NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
	- mnogosearch 3.2.18
	NOTE: it's not quite clear which version exactly fixes the problem;
	NOTE: I checked the source code of the most recent version and compared
	NOTE: it with the problematic section described in the advisory
	NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
	NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
	NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...)
	NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
	NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
	NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
	NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
	NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
	NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
	NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the &quot;public message&quot; capability ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
	NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
	NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
	NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
	NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
	NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
	NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
	NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
	NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
	NOT-FOR-US: rxgoogle.cgi
CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
	NOT-FOR-US: PHPX
CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
	NOT-FOR-US: PHPX
CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
	NOT-FOR-US: Chaser
CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: Les Commentaires
CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Web Crossing
CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
	NOT-FOR-US: Cisco
CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
	NOT-FOR-US: AIX
CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...)
	- overkill 0.16-7
CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
	NOT-FOR-US: Aprox PHP Portal
CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
	NOT-FOR-US: thePHOTOtool
CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
	NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
	NOT-FOR-US: famous TCP RST bug
CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
	NOT-FOR-US: Kernel 2.6 framebuffer bug
CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
	- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
	NOT-FOR-US: ZoneMinder
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0225
	RESERVED
CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
	- courier 0.45.1-1
CVE-2004-0223
	RESERVED
CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
	NOT-FOR-US: MS-Outlook-Express
CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
	NOT-FOR-US: Windows bug
CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
	NOT-FOR-US: Windows bug
CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
	NOT-FOR-US: Windows bug
CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
	NOT-FOR-US: Windows bug
CVE-2004-0207 (&quot;Shatter&quot; style vulnerability in the Window Management application ...)
	NOT-FOR-US: Windows bug
CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
	NOT-FOR-US: Visual Studio bug
CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
	NOT-FOR-US: Exchange bug
CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
	NOT-FOR-US: DirectX
CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
	NOT-FOR-US: Windows HTML Help
CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
	NOT-FOR-US: Windows bug
CVE-2004-0198
	RESERVED
CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
	NOT-FOR-US: MSJet bug
CVE-2004-0196
	RESERVED
CVE-2004-0195
	RESERVED
CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2004-0187
	REJECTED
CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
	- mailman <not-affected> (RedHat specific bug)
CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre5)
CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
	{DSA-487}
	- neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3)
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
	{DSA-511}
	- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
	{CVE-2000-0992}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
	NOTE: largely theoretic.  This is a rediscovery of CVE-2000-0992.
	NOTE: jmm: 3.9p1 thus marked as fixed version
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
	- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
	- ltrace <not-affected> (Not setuid/setgid in Debian)
CVE-2004-0170
	RESERVED
CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
	NOT-FOR-US: CoreFoundation for Mac OS X
CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
	NOT-FOR-US: Safari
CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
	- ipsec-tools 0.3.3-1
	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
	NOTE: the problem, but the patch that fixes the bug is applied:
	NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
	{DSA-445}
	- lbreakout2 2.4
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...)
	{DSA-484}
	- xonix 1.4-21
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
	{DSA-485}
	- ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
	- racoon 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
	- nfs-utils 1:1.0.5-3
CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
	{DSA-462}
	- xitalk 1.1.11-11
CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
	{DSA-451}
	- xboing 2.4-26.1 (bug #174924)
CVE-2004-0147
	RESERVED
CVE-2004-0146
	RESERVED
CVE-2004-0145
	RESERVED
CVE-2004-0144
	RESERVED
CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
	NOT-FOR-US: Nokia mobile phones
CVE-2004-0142
	RESERVED
CVE-2004-0141
	RESERVED
CVE-2004-0140
	RESERVED
CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
	NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
	NOT-FOR-US: IRIX
CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
	NOT-FOR-US: IRIX
CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
	NOT-FOR-US: IRIX
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...)
	NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
	NOT-FOR-US: phpGedView
CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
	NOT-FOR-US: phpGedView
CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
	NOT-FOR-US: FreeBSD jail
CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
	NOT-FOR-US: Windows bug
CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
	NOT-FOR-US: Windows bug
CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
	- openssl 0.9.7d-1
CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
	{DSA-455}
	- libxml 1:1.8.17-5
	- libxml2 2.6.6-1
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
	- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a size check&quot; when ...)
	{DSA-432}
	- crawl 1:4.0.0beta26-4
CVE-2004-0102
	RESERVED
CVE-2004-0101
	RESERVED
CVE-2004-0100
	RESERVED
CVE-2004-0098
	RESERVED
CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
	{DSA-448}
	- pwlib 1.5.2-4
CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
	NOT-FOR-US: Safari
CVE-2004-0091 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
	NOT-FOR-US: MacOS
CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
	NOT-FOR-US: MacOS
CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
	NOT-FOR-US: MacOS
CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...)
	NOT-FOR-US: MacOS
CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
	{DSA-465}
	- openssl 0.9.6d-1
CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
	{DSA-465}
	- openssl 0.9.7d-1
	- openssl096 0.9.6m-1
CVE-2004-0076
	REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
	- xsok <not-affected> (Not vulnerable. See bug #278777)
CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) ...)
	NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
	NOT-FOR-US: Accipiter Direct Server 6.0
CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
	NOT-FOR-US: PHP Man Page Lookup 1.2.0
CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
	NOT-FOR-US: HD Soft Windows FTP Server 1.6
CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
	NOT-FOR-US: phpGedView
CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
	NOT-FOR-US: phpGedView
CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
	NOT-FOR-US: phpGedView
CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
	NOT-FOR-US: SuSE YaST
CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
	NOT-FOR-US: FishCart
CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
	NOT-FOR-US: Antivir
CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Nortel Networks products
CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Cisco
CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2004-0048
	RESERVED
CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
	{DSA-430}
	- trr19 1.0beta5-17.1 (bug #264702)
CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
	NOT-FOR-US: SnapStream PVS LITE
CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
	NOT-FOR-US: Yahoo Instant Messenger
CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
	- vsftpd 2.0.1-1
	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
CVE-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
	{DSA-421}
	- mod-auth-shadow 1.4-1
CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
	NOT-FOR-US: Check Point Firewall
CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
	NOT-FOR-US: McAfee
CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
	NOT-FOR-US: FistClass Desktop Client
CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
	NOT-FOR-US: Phorum
CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) ...)
	NOT-FOR-US: PHPGEDVIEW
CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
	NOT-FOR-US: Lotus Notes Domino
CVE-2004-0027
	RESERVED
CVE-2004-0026
	RESERVED
CVE-2004-0025
	RESERVED
CVE-2004-0024
	RESERVED
CVE-2004-0023
	RESERVED
CVE-2004-0022
	RESERVED
CVE-2004-0021
	RESERVED
CVE-2004-0020
	RESERVED
CVE-2004-0019
	RESERVED
CVE-2004-0018
	RESERVED
CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
	{DSA-412}
	- nd 0.8.2-1
CVE-2004-0012
	RESERVED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7)
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
	NOT-FOR-US: FreeBSD netinet
CVE-2003-1565
	REJECTED
CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
	NOT-FOR-US: microsoft
CVE-2003-1047
	REJECTED
CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
	- bugzilla 2.16.4-1
CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
	- bugzilla 2.16.4-1
CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
	- bugzilla 2.16.4-1
CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
	- bugzilla 2.16.4-1
CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
	- bugzilla 2.16.4-1
CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
	NOTE: linux kernel kmod local DoS, fixed in all current kernels
CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
	NOT-FOR-US: SAP
CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
	NOT-FOR-US: SAP
CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
	NOT-FOR-US: SAP
CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
	NOT-FOR-US: SAP
CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
	NOT-FOR-US: Pi3Web not in debian
CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
	NOT-FOR-US: VBulletin
CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
	NOT-FOR-US: Dameware
CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
	NOT-FOR-US: microsoft
CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
	NOT-FOR-US: solaris
CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
	{DSA-424}
	- mc 1:4.6.0-4.6.1-pre1-1
CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
	NOT-FOR-US: SCO
CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
	- irssi-text 0.8.9-0.1
CVE-2003-1019
	RESERVED
CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
	NOT-FOR-US: AIX
CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
	- flashplugin-nonfree 7.0.25-1
CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
	NOTE: Multiple vendor MIME quote bypass filtering
CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
	- mime-tools 5.411-2
CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
	NOTE: Multiple vendor MIME RFC822 comment bypass filtering
CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
	NOT-FOR-US: Apple
CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
	NOT-FOR-US: Apple
CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
	NOT-FOR-US: Apple
CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
	NOT-FOR-US: Apple
CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
	NOT-FOR-US: Cisco
CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
	NOT-FOR-US: Cisco
CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
	- xchat 2.0.7
CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
	NOT-FOR-US: Solaris
CVE-2003-0998 (Unknown &quot;potential system security vulnerability&quot; in Computer ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0997 (Unknown &quot;Denial of Service Attack&quot; vulnerability in Computer ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
	NOT-FOR-US: Microsoft
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
	- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
	- squirrelmail 1.4.2 (low)
	NOTE: Only potentially exploitable withexternel GPG Plugin, see
	NOTE: http://www.securityfocus.com/archive/1/348366
	NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
	{DSA-425}
	- tcpdump 3.8.1
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
	- apache 1.3.29.0.2-5
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
	NOT-FOR-US: Cisco
CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
	NOT-FOR-US: Cisco
CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
	NOT-FOR-US: gpgkeys_hkp
CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
	- cvs 1:1.11.10
CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
	NOT-FOR-US: netware
CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
	NOT-FOR-US: MacOS
CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
	NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
	{DSA-452}
	- libapache-mod-python 2:2.7.10-1
CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
	{DSA-408}
	- screen 4.0.2-0.1
CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
	{DSA-429}
	- gnupg 1.2.4-1
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
	NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
	- freeradius 1.0.1 (unimportant)
	NOTE: freeradius module in question is not built in debian package
CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
	- freeradius 0.9.2-4
CVE-2003-0996 (Unknown &quot;System Security Vulnerability&quot; in Computer Associates (CA) ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
	{DSA-436}
	- mailman 2.1.4-1
CVE-2003-0964
	REJECTED
CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
	{DSA-406}
	- lftp 2.6.10-1
CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
	{DSA-404}
	- rsync 2.5.6-1.1
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
	NOT-FOR-US: OpenCA
CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21)
CVE-2003-0958
	RESERVED
CVE-2003-0957
	RESERVED
CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22)
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
	NOT-FOR-US: rcp
CVE-2003-0953
	RESERVED
CVE-2003-0952
	RESERVED
CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
	NOT-FOR-US: HP-UX
CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
	NOT-FOR-US: PeopleSoft PeopleTools
CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
	{DSA-405}
	- xsok 1.02-11
CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
	- clamav 0.65
CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
	NOT-FOR-US: UnixWare
CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
	NOT-FOR-US: PCAnywhere
CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
	- net-snmp 5.0.9
CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
	NOT-FOR-US: Symbol Access Portable Data Terminal
CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
	{DSA-398}
	- conquest 7.2-5
CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
	{DSA-400}
	- omega-rpg 1:0.90-pa9-11
CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0923
	RESERVED
CVE-2003-0922
	RESERVED
CVE-2003-0921
	RESERVED
CVE-2003-0920
	RESERVED
CVE-2003-0919
	RESERVED
CVE-2003-0918
	RESERVED
CVE-2003-0917
	RESERVED
CVE-2003-0916
	RESERVED
CVE-2003-0915
	RESERVED
CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
	{DSA-409}
	- bind 1:8.4.3-1
CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
	NOT-FOR-US: MacOS
CVE-2003-0912
	RESERVED
CVE-2003-0911
	RESERVED
CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
	NOT-FOR-US: Windows
CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
	NOT-FOR-US: Windows
CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
	NOT-FOR-US: Windows
CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
	NOT-FOR-US: Windows
CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
	NOT-FOR-US: Windows
CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
	NOT-FOR-US: Windows
CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
	{DSA-402}
	- minimalist 2.4-1
CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
	{DSA-397}
	- postgresql 7.3.4-1
	NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the
	NOTE: DSA, that's why the DSA says that unstable is not affected.
CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...)
	- perl 5.8.2
CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3
CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0897 (&quot;Shatter&quot; vulnerability in CommCtl32.dll in Windows XP may allow local ...)
	NOT-FOR-US: microsoft
CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
	NOT-FOR-US: Sun/Java
CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2003-0893
	RESERVED
CVE-2003-0892
	RESERVED
CVE-2003-0891
	RESERVED
CVE-2003-0890
	RESERVED
CVE-2003-0889
	RESERVED
CVE-2003-0888
	RESERVED
CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...)
	NOTE: verified Debian is not explitable; we don't put the cache in /tmp
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
	{DSA-401}
	- hylafax 1:4.1.8-1
CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...)
	- xscreensaver 4.15
CVE-2003-0884
	RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
	NOT-FOR-US: Apple
CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
	NOT-FOR-US: Apple
CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2003-0879
	REJECTED
CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
	NOT-FOR-US: Apple
CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
	NOT-FOR-US: Apple
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
	NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
	NOTE: Vulnerable code not shipped in the binary package
	- openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
	NOT-FOR-US: Deskpro
CVE-2003-0873
	RESERVED
CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
	NOT-FOR-US: SCO
CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
	NOT-FOR-US: Opera
CVE-2003-0869
	RESERVED
CVE-2003-0868
	RESERVED
CVE-2003-0867
	REJECTED
CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
	{DSA-395}
	- tomcat4 4.1.24-2
CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
	{DSA-435}
	- mpg123 0.59r-15
CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
	- ircd-irc2 2.10.3p5-1
CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
	NOTE: php4, this bug appears not to have been fixed.
	NOTE: submitted to BTS on libapache-mod-php4
	NOTE: developer claims there is no problem
CVE-2003-0862
	REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
	- php4 4:4.3.3-1
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
	- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0857
	RESERVED
CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
	{DSA-492}
	- iproute 20010824-13.1
CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
	- pan 0.13.4-1
CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
	- coreutils 5.2.1-1
CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
	- coreutils 5.2.1-1
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
	- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
	- openssl096 0.9.6l
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
	{DSA-410}
	- libnids 1.18-1
CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
	- cfengine2 2.0.9+2.1.0b3-1
CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
	{DSA-428}
	- slocate 2.7-3
CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
	NOT-FOR-US: SuSE
CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
	NOT-FOR-US: SuSE
CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
	NOT-FOR-US: JBoss
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
	NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
	NOT-FOR-US: HPUX
CVE-2003-0839 (Directory traversal vulnerability in the &quot;Shell Folders&quot; capability in ...)
	NOT-FOR-US: microsoft
CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
	NOT-FOR-US: microsoft
CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
	NOTE: mplayer fixed before upload
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
	NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
	- proftpd 1.2.9-1
CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
	{DSA-390}
	- marbles <removed>
CVE-2003-0829
	RESERVED
CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
	{DSA-391}
	- freesweep 0.88-4.1 (bug #242616)
CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
	{DSA-717-1}
	- lsh-utils 1.4.2-6
CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
	NOT-FOR-US: microsoft
CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
	NOT-FOR-US: microsoft
CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
	NOT-FOR-US: microsoft
CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
	NOT-FOR-US: microsoft
CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
	NOT-FOR-US: microsoft
CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0811
	RESERVED
CVE-2003-0810
	RESERVED
CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
	NOT-FOR-US: microsoft
CVE-2003-0808
	RESERVED
CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
	NOT-FOR-US: microsoft
CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
	{DSA-387}
	- gopher 3.0.6
	NOTE: gopherd was removed from the gopher package in version 3.0.6.
CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
	NOT-FOR-US: BSD
CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
	NOT-FOR-US: Nokia
CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
	NOT-FOR-US: Nokia
CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
	NOT-FOR-US: Nokia
CVE-2003-0800
	RESERVED
CVE-2003-0799
	RESERVED
CVE-2003-0798
	RESERVED
CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
	- gdm 2.4.4.4
CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
	- gdm 2.4.4.4
CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
	- fetchmail 6.2.5
CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
	- mozilla 2:1.5
CVE-2003-0790
	REJECTED
CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
	- apache2 2.0.48
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
	- cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
	- ssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
	- ssh 1:3.7.1p2
CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
	{DSA-389}
	- ipmasq 3.5.12
CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
	NOT-FOR-US: IBM TSM
CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
	{DSA-385}
	- hztty 2.0-6
CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
	{DSA-381}
	- mysql-dfsg 4.0.15-1
CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
	- asterisk 0.7.0
CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly &quot;check the ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
	NOT-FOR-US: WS_FTP server
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
	- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
	NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
	NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
	NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
	NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
	NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
	NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
	NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
	- asterisk 0.5.0
CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: optisoft blubster
CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
	NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
	NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
	NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
	NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
	NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
	NOT-FOR-US: SAP
CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
	NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
	NOT-FOR-US: castlerock SNMPc
CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
	- leafnode 1.9.42
CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
	{DSA-376}
	- exim 3.36-8
CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
	NOT-FOR-US: SCO
CVE-2003-0741
	RESERVED
CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
	- stunnel 2:3.26 (bug #278942)
	- stunnel4 2:4.04
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
	NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
	- libpam-ldap 164-1
	- libnss-ldap 207-1
CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
	NOT-FOR-US: BEA weblogic
CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
	NOT-FOR-US: cisco
CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
	NOT-FOR-US: cisco
CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
	{DSA-380}
	- xfree86 4.2.1-12
CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
	NOT-FOR-US: tellurian tftpdNT
CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
	- horde2 2.2.4
CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
	NOT-FOR-US: oracle
CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
	NOT-FOR-US: RealOne player
CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
	NOT-FOR-US: Real Networks Server / Helix Server
CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
	NOT-FOR-US: HP Tru64
CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
	- gkrellmd 2.1.14
CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
	NOT-FOR-US: solaris
CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
	- pine 4.58
CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
	- pine 4.58
CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
	NOT-FOR-US: microsoft
CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
	NOT-FOR-US: microsoft
CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
	NOT-FOR-US: microsoft
CVE-2003-0716
	RESERVED
CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
	NOT-FOR-US: microsoft
CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
	NOT-FOR-US: microsoft
CVE-2003-0713
	RESERVED
CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
	NOT-FOR-US: microsoft
CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
	NOT-FOR-US: pchealth for windows
CVE-2003-0710
	RESERVED
CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
	- whois 4.6.7
CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
	NOT-FOR-US: microsoft
CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
	NOT-FOR-US: microsoft
CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
	NOTE: fixed in 2.4.22-pre3
CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
	NOTE: fixed in 2.4.21-rc2
CVE-2003-0698
	REJECTED
CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
	NOT-FOR-US: AIX
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
	NOT-FOR-US: AIX
CVE-2003-0695 (Multiple &quot;buffer management errors&quot; in OpenSSH before 3.7.1 may allow ...)
	{DSA-383 DSA-382}
	- openssh 1:3.7.1
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0693 (A &quot;buffer management error&quot; in buffer_append_space of buffer.c for ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-6.0
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
	{DSA-388}
	- kdebase 4:3.2
CVE-2003-0691
	REJECTED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
	{DSA-443 DSA-388}
	- xfree86 4.3.0-0pre1v2
	- kdebase 4:3.2
CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	- glibc 2.2.5
CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
	- sendmail 8.12.9
CVE-2003-0687
	REJECTED
CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
	{DSA-374}
	- libpam-smb <removed>
CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
	{DSA-372}
	- netris 0.52-1
CVE-2003-0684
	RESERVED
CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
	NOT-FOR-US: SGI
CVE-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-9
CVE-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0678
	RESERVED
CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
	NOT-FOR-US: Sun iPlanet
CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
	{DSA-370}
	- pam-pgsql 0.5.2-7
CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
	NOT-FOR-US: solaris
CVE-2003-0668
	RESERVED
CVE-2003-0667
	RESERVED
CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
	NOT-FOR-US: microsoft
CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
	NOT-FOR-US: microsoft
CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
	NOT-FOR-US: microsoft
CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
	NOT-FOR-US: microsoft
CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
	NOT-FOR-US: microsoft
CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
	NOT-FOR-US: microsoft
CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
	NOT-FOR-US: microsoft
CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
	NOT-FOR-US: microsoft
CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
	NOT-FOR-US: docview / caldera
CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
	{DSA-366}
	- eroaster 2.2.0-0.5-1
CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
	- cdrtools 4:2.0+a18-1
CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
	{DSA-373}
	- autorespond 2.0.4-1
CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
	NOT-FOR-US: NetBSD
CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
	{DSA-367}
	- xtokkaetama 1.0b-9
CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
	NOT-FOR-US: mod_mylo for apache
CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
	NOT-FOR-US: gamespy
CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
	{DSA-368}
	- xpcd 2.08-9
CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
	{DSA-472}
	- fte 0.50.0-1.1 (bug #203871)
CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
	NOT-FOR-US: ActiveX
CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
	- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
	NOT-FOR-US: novell ichain
CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
	NOT-FOR-US: novell ichain
CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
	NOT-FOR-US: novell ichain
CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
	NOT-FOR-US: novell ichain
CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
	NOT-FOR-US: novell ichain
CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
	NOT-FOR-US: oracle
CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
	NOT-FOR-US: oracle
CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
	NOT-FOR-US: oracle
CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
	NOT-FOR-US: VMware
CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
	{DSA-359}
	- atari800 1.3.1-2
CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
	{DSA-360}
	- xfstt 1.5.1-1
CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
	{DSA-431}
	- perl 5.8.3-3
CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
	{DSA-362}
	- mindi 0.86-1
CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
	{DSA-371}
	- perl 5.8.0-19
CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
	{DSA-355}
	- gallery 1.3.4-3
CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
	{DSA-369}
	- zblast 1.2.1-7
CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...)
	- crafty 19.3-1
CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
	{DSA-356}
	- xtokkaetama 1.0b-8
CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-0608
	RESERVED
CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
	{DSA-354}
	- xconq 7.4.1-2.1 (bug #202963)
CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
	{DSA-353}
	- sup 1.8-9
CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
	- bugzilla 2.16.3
CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
	- bugzilla 2.16.3
CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
	NOT-FOR-US: Apple
CVE-2003-0600
	RESERVED
CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0598
	REJECTED
CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
	NOT-FOR-US: Unixware
CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
	{DSA-352}
	- fdclone 2.04-1
CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
	NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
	NOTE: cannot find reference to it being fixed.
	TODO: check
CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
	NOT-FOR-US: opera
CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
	{DSA-459}
	- kdelibs 4:3.1.3-1
CVE-2003-0591
	REJECTED
CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Digi-ads
CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Digi-news
CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
	NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
	NOT-FOR-US: BRU
CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
	NOT-FOR-US: BRU
CVE-2003-0582
	REJECTED
CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
	{DSA-360}
	- xfstt 1.5-1
CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
	- mpg123 0.59r-1
CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
	NOT-FOR-US: IRIX
CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
	NOT-FOR-US: IRIX
CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
	NOT-FOR-US: IRIX
CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
	NOT-FOR-US: IRIX
CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
	NOT-FOR-US: IRIX
CVE-2003-0571
	RESERVED
CVE-2003-0570
	RESERVED
CVE-2003-0569
	RESERVED
CVE-2003-0568
	RESERVED
CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2003-0566
	RESERVED
CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
	NOTE: affects many implementations of the X.400 protocol
	TODO: see if anything in debian uses X.400 and is vulnerable.
CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
	NOTE: affects multiple S/MIME implementations
	NOTE: checked current mozilla, which contains safe NSS 3.9.1
	- mozilla 2:1.7.3
	TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable
CVE-2003-0563
	RESERVED
CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
	NOT-FOR-US: Novell Netware
CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
	NOT-FOR-US: IglooFTP
CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
	NOT-FOR-US: VP-ASP
CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
	NOT-FOR-US: phpforum
CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
	NOT-FOR-US: LeapFTP
CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
	NOT-FOR-US: StoreFront
CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Polycom MGC
CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
	NOT-FOR-US: NeoModus Direct Connect
CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
	NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
	- gdm 2.4.1.5
CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
	- gdm 2.4.1.5
CVE-2003-0547 (GDM before 2.4.1.6, when using the &quot;examine session errors&quot; feature, ...)
	- gdm 2.4.1.5
CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
	NOT-FOR-US: up2date
CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
	- apache2 2.0.48
	- apache 1.3.29
CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
	{DSA-710-1}
	- evolution <not-affected> (Does not affect evolution on debian)
	- gtkhtml 1.0.4-6.2
CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
	{DSA-343}
	- skk 10.62a-6
	- ddskk 12.1.cvs.20030622-1
CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
	{DSA-342}
	- mozart 1.2.5.20030212-2
CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
	{DSA-341}
	- liece 2.0+0.20030527cvs-1
CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
	{DSA-346}
	- phpsysinfo 2.1-1
CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
	{DSA-345}
	- xbl 1.0k-6
CVE-2003-0534
	RESERVED
CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
	NOT-FOR-US: Microsoft
CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
	NOT-FOR-US: Microsoft
CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0529
	RESERVED
CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
	NOT-FOR-US: Microsoft
CVE-2003-0527
	RESERVED
CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
	NOT-FOR-US: Microsoft
CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
	- qt-x11-free <not-affected> (appears specific to the knoppix CD)
CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
	NOT-FOR-US: ProductCart
CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
	NOT-FOR-US: ProductCart
CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
	NOT-FOR-US: Microsoft
CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
	NOT-FOR-US: MacOS
CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
	{DSA-347}
	- teapop 0.3.5-2
CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
	NOT-FOR-US: Safari
CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
	NOT-FOR-US: MSIE
CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
	NOT-FOR-US: Cisco
CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
	NOT-FOR-US: Cisco
CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
	NOT-FOR-US: ezbounce
CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
	NOT-FOR-US: Cyberstrong eShop
CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
	NOT-FOR-US: acroread
CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
	NOT-FOR-US: Microsoft
CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
	{DSA-338}
	- proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
	{DSA-335}
	- mantis 0.17.5-6
CVE-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
	NOT-FOR-US: lednews; not in debian
CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
	- xoops <itp> (bug #207640)
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
	NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
	{DSA-330}
	- tcptraceroute 1.4-4
CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
	- phpbb2 2.0.6
CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
	NOT-FOR-US: Progress 4GL Compiler
CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
	- phpbb2 2.0.6d-3
CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
	NOT-FOR-US: XMB Forum
CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
	- tutos 1.1.20030715-1
CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	- tutos 1.1.20030715-1
CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
	NOT-FOR-US: VMware
CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
	NOT-FOR-US: WebBBS; not in debian
CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
	NOT-FOR-US: bahamut and other irc daemons; not in debian
CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
	- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
	NOT-FOR-US: iWeb server
CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
	NOT-FOR-US: iWeb server
CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
	NOT-FOR-US: webadmin / win
CVE-2003-0470 (Buffer overflow in the &quot;RuFSI Utility Class&quot; ActiveX control (aka ...)
	NOT-FOR-US: symantec activex
CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
	NOTE: fixed in linux 2.4.21
CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
	{DSA-357}
	- wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
	- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
	NOTE: arch specific asm versions:
	NOTE: x86 is not affected
	NOTE: ppc32 fixed in 2.4.22-rc4
	NOTE: not an issue on alpha, see bug #280492
	- kernel-source-2.4.27 2.4.27-8
	NOTE: above fixes s390x, ppc64 and s390 and generic C version
CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
	NOTE: fixed in linux 2.4.22-pre8
CVE-2003-0463
	REJECTED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
	{DSA-423 DSA-358}
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 2.4.27-1
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
	- apache <not-affected> (Affects only Apache for Windows and OS/2)
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
	NOT-FOR-US: HP
CVE-2003-0457
	RESERVED
	- mysql-dfsg 4.0.21-4
CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
	NOT-FOR-US: visnetic website
CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
	{DSA-331}
	- imagemagick 4:5.5.7-1
CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
	{DSA-334}
	- xgalaga 2.0.34-22
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
	{DSA-348}
	- traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
	{DSA-329}
	- osh 1.7-12
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
	{DSA-327}
	- xbl 1.0k-5
CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
	{DSA-321}
	- radiusd-cistron 1.6.6-2
CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
	NOT-FOR-US: progress database
CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
	NOT-FOR-US: portmon; not in debian
CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
	NOT-FOR-US: microsoft
CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
	NOT-FOR-US: microsoft
CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
	{DSA-328}
	- webfs 1.20
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
	{DSA-337}
	- gtksee 0.5.6-1
CVE-2003-0443
	RESERVED
CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
	{DSA-351}
	- php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
	{DSA-326}
	- orville-write 2.54-1
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
	{DSA-339}
	- semi 1.14.5+20030609-1 (bug #223456)
	- wemi <removed>
CVE-2003-0439
	RESERVED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
	{DSA-325}
	- eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
	- mnogosearch-common 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
	- mnogosearch-common 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
	{DSA-322}
	- typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
	- kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable)
	- gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
	- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
	{DSA-315}
	- gnocatan 0.8.0-1 (bug #328136)
	- pioneers <not-affected> (bug #328136)
CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
	- ethereal 0.9.13-1
CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
	{DSA-320}
	- mikmod 3.1.6-6
CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
	NOT-FOR-US: Apple
CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
	NOT-FOR-US: Apple
CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
	NOT-FOR-US: Apple
CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
	NOT-FOR-US: Apple
CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
	NOT-FOR-US: SMC
CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
	- kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
	- linux-2.6 <not-affected> (Affects only Linux 2.0.x)
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
	NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
	NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
	NOT-FOR-US: AnalogX proxy
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
	NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
	- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
	NOT-FOR-US: PalmVNC
CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
	NOT-FOR-US: Vignette
CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
	NOT-FOR-US: Vignette
CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
	NOT-FOR-US: Vignette / AIX
CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
	NOT-FOR-US: FastTrack network code (Kazaa)
CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
	- linux-atm 2.4.1
CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
	NOT-FOR-US: BLNews
CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
	NOT-FOR-US: Privacyware Privatefirewall
CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
	NOT-FOR-US: ST FTP Service (DOS)
CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
	NOT-FOR-US: Magic WinMail Server
CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
	- opt 3.19
CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
	NOT-FOR-US: RSA ACE/Agent
CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
	- pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer)
	NOTE: From the libc documentation:
	NOTE: "The user cannot do anything to fool these functions."
	NOTE: This means that this is not a bug in getlogin.
CVE-2003-0387
	RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
	- openssh 1:3.8p1-1
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
	{DSA-310}
	- xaos 3.1r-4
CVE-2003-0384
	RESERVED
CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
	{DSA-309}
	- eterm 0.9.2-1
CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
	{DSA-323}
	- noweb 2.10c-3.1 (bug #271146)
CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
	{DSA-314}
	- atftp 0.6.2
CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
	NOT-FOR-US: MaxOS
CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
	NOT-FOR-US: MaxOS
CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Eudora
CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
	NOT-FOR-US: XMBforum aka Partagium)
CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
	- nessus 2.0.6
CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow ...)
	- nessus 2.0.6
CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...)
	- nessus 2.0.6
CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
	NOT-FOR-US: Prishtina FTP client
CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0369
	RESERVED
CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
	NOT-FOR-US: Nokia Gateway GPRS
CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
	{DSA-318}
	- lyskom-server 2.0.7-2
CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
	NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6)
CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
	- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
	{DSA-316}
	- nethack 3.4.1-1
	- jnethack 1.1.5-15
	- slashem 0.0.6E4F8-6
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
	{DSA-350 DSA-316}
	- falconseye 1.9.3-9
	- nethack 3.4.1-1
	- slashem 0.0.6E4F8-6
	- jnethack 1.1.5-15
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
	NOT-FOR-US: Safari
CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
	- gs-gpl 7.07
CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
	NOT-FOR-US: Microsoft
CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2003-0351
	REJECTED
CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...)
	NOT-FOR-US: Microsoft
CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
	NOT-FOR-US: Microsoft
CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
	NOT-FOR-US: Microsoft
CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
	NOT-FOR-US: Microsoft
CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
	NOT-FOR-US: Microsoft
CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
	NOT-FOR-US: Puresecure
CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
	NOT-FOR-US: WsMp3
CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
	NOT-FOR-US: WsMp3
CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
	NOT-FOR-US: lsadmin
CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Eudora
CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
	NOT-FOR-US: Slaskware specific
CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
	- ircii-pana 1:1.0-0c19.20030512-1
CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
	NOT-FOR-US: C-Kermit on HP-UX
CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
	NOT-FOR-US: BadBlue
CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
	NOT-FOR-US: ttForum
CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
	NOT-FOR-US: CesarFTP
CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
	{DSA-399 DSA-306}
	- epic4 1:1.1.11.20030409-2
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
	NOT-FOR-US: Sybase Adaptive Server Enterprise
CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
	- slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments)
	NOTE: Even if exploited, you get only slocate gid.
CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
	{DSA-287}
	- epic4 1:1.1.11.20030409-1
	- epic 3.004-19
CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
	{DSA-298 DSA-291}
	- epic4 1:1.1.11.20030409-1
	- ircii 20030315-1
CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
	NOT-FOR-US: ttCMS
CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
	NOT-FOR-US: SmartMax MailMax
CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
	NOT-FOR-US: Venturi Client
CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0311
	RESERVED
CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
	- ezpublish 2.2.8-1
CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: MSIE
CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
	{DSA-305}
	- sendmail 8.12.9-2
CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
	NOT-FOR-US: Poster version.two
CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
	NOT-FOR-US: Windows
CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
	NOT-FOR-US: Cisco
CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
	NOT-FOR-US: Eudora
CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
	NOT-FOR-US: Microsort
CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
	TODO: sylpheed and sylpheed-claws might still be vulnerable, but it's only a crasher
CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
	TODO: mutt and balsa might still be vulnerable, but it's only a crasher
CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
	- mozilla 2:1.5-1
	NOTE: May have been fixed in an earlier version.  Not clear how
	NOTE: Mozilla's a/b versions map to the Debian version.
CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
	- uw-imap 7:2002c
	TODO: check pine
CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
	- evolution 1.3.2
CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: php-proxima
CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: PalmOS
CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
	NOT-FOR-US: Inktomi
CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
	NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eServ
CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
	- cdrtools 4:2.0+a14-1
CVE-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP ...)
	NOT-FOR-US: IP Messenger for Win
CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
	NOT-FOR-US: Movable Type
CVE-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
	NOT-FOR-US: Snitz Forums
CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
	NOT-FOR-US: bad sendmail config on AIX
CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
	NOT-FOR-US: Phorum
CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
	{DSA-344}
	- unzip 5.50-3
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
	- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
	NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
	NOT-FOR-US: HappyMail
CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
	NOT-FOR-US: HappyMail
CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Pi3Web
CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: YaBB SE
CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
	NOT-FOR-US: ListProc
CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
	- request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian)
CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
	NOT-FOR-US: miniPortail
CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
	NOT-FOR-US: Personal FTP Server
CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
	NOT-FOR-US: Apple Airport
CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
	NOT-FOR-US: youbin
CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
	NOT-FOR-US: SDBINST for SAP database
CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
	NOT-FOR-US: SLMail
CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
	NOT-FOR-US: FTGatePro
CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
	{DSA-299}
	- leksbot 1.2-5 (bug #186421)
CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
	{DSA-302}
	- fuzz 0.6-7.1
CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
	NOT-FOR-US: AIX
CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
	- kopete 3.2.0
CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
	- gnupg 1.2.2
CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
	- apache2 2.0.47
CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
	- apache2 2.0.47
CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
	{DSA-349}
	- nfs-utils 1:1.0.3-2
CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
	- nis 3.11
CVE-2003-0250
	RESERVED
CVE-2003-0249 (** DISPUTED ** ...)
	NOTE: unimportant (php)
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
	- linux-2.6 <not-affected>
CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
	- apache2 2.0.46
CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2)
	- linux-2.6 <not-affected>
CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
	NOT-FOR-US: Happycgi.com Happymall
CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
	NOT-FOR-US: MacOS
CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
	NOT-FOR-US: FrontRange GoldMine / win
CVE-2003-0240 (The web-based administration capability for various Axis Network ...)
	NOT-FOR-US: Axis Network Camera
CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0237 (The &quot;ICQ Features on Demand&quot; functionality for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0234
	RESERVED
CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
	NOT-FOR-US: microsoft
CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
	NOT-FOR-US: microsoft
CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain ...)
	NOT-FOR-US: microsoft
CVE-2003-0229
	RESERVED
CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
	NOT-FOR-US: microsoft
CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
	NOT-FOR-US: microsoft
CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
	NOT-FOR-US: microsoft
CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
	NOT-FOR-US: microsoft
CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
	NOT-FOR-US: microsoft
CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
	NOT-FOR-US: microsoft
CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
	NOT-FOR-US: oracle
CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
	NOT-FOR-US: HP tru64
CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
	NOT-FOR-US: Monkey http daemon; not in debian
CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
	NOT-FOR-US: cisco
CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
	NOT-FOR-US: bttlxeForum / win
CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
	{DSA-292}
	- mime-support 3.23-1
CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
	{DSA-295}
	- pptpd 1.1.4-0.b3.2
CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
	{DSA-289}
	- rinetd 0.61-2
CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
	- xinetd 1:2.3.11
CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
	NOT-FOR-US: cisco
CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
	NOT-FOR-US: macromedia flash
CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
	{DSA-286}
	- gs-common 0.3.3.1
CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
	{DSA-296 DSA-293 DSA-284}
	- kdebase 4:3.1.0-1
	- kdebase 4:3.1.0-1
	- kdegraphics 4:3.1.0-1
CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
	{DSA-281}
	- moxftp 2.2-18.20
CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
	{DSA-279}
	- metrics <removed>
CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0200
	RESERVED
CVE-2003-0199
	RESERVED
CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
	NOT-FOR-US: MacOS
CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
	NOT-FOR-US: Interbase Database
CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
	{DSA-317}
	- cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
	- tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw)
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
	{DSA-575-1}
	- catdoc 0.91.5-2
CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
	- apache2 2.0.47
CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
	- ssh 1:3.8.1p1-8.sarge.4 (bug #196413)
CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
	- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
	{DSA-304}
	- lv 4.49.5-2
CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21)
CVE-2003-0186
	RESERVED
CVE-2003-0185
	RESERVED
CVE-2003-0184
	RESERVED
CVE-2003-0183
	RESERVED
CVE-2003-0182
	RESERVED
CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
	NOT-FOR-US: IRIX
CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
	NOT-FOR-US: IRIX
CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
	NOT-FOR-US: IRIX
CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
	NOT-FOR-US: IRIX
CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
	{DSA-283}
	- xfsdump 2.2.8-1
CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
	- php4 <not-affected> (Non-issue; see http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
	NOT-FOR-US: MacOS
CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
	NOT-FOR-US: AIX
CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
	NOT-FOR-US: HP Instant TopTools
CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
	NOT-FOR-US: Apple QuickTime Player
CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
	{DSA-300 DSA-274}
	- balsa 2.0.10
	- mutt 1.4.0
CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
	- php4 <not-affected> (Non-issue; see http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
	- eog 2.2.1
CVE-2003-0164
	RESERVED
CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
	- gaim-encryption <not-affected> (fixed before first upload; 1.16)
CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
	{DSA-271}
	- ecartis 1.0.0+cvs.20030321-1
CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
	{DSA-290 DSA-278}
	- sendmail-wide 8.12.9+3.5Wbeta-1
	- sendmail 8.12.9-1
CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	- squirrelmail 1:1.2.11
CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
	- ethereal 0.9.10
CVE-2003-0158
	REJECTED
CVE-2003-0157
	REJECTED
CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
	{DSA-264}
	- lxr 0.3-4
CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
	TODO: not sure if this is fixed
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
	{DSA-263}
	- lpr 1:2000.05.07-4.20
	- netpbm-free 2:9.20-9
CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
	{DSA-275 DSA-267}
	- lpr 1:2000.05.07-4.20
	- lpr-ppd 1:0.72-3
CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
	NOT-FOR-US: acroread
CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
	NOT-FOR-US: Real
CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
	{DSA-268}
	- mutt 1.5.4-1
CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
	{DSA-273 DSA-266}
	- krb4 1.2.2-1
	- krb5 1.2.7-3
CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
	{DSA-273 DSA-269 DSA-266}
	- krb4 1.2.2-1
	- heimdal 0.5.2-1
	- krb5 1.2.7-3
CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
	NOT-FOR-US: Nokia Serving GPRS support node
CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
	{DSA-285}
	- lprng 3.8.20-4.
CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
	- vsftpd <not-affected> (Red Hat specific packaging flaw)
CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
	- apache2 2.0.46
CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
	- evolution 1.2.4
CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
	- apache2 2.0.45
CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
	- evolution 1.2.3
CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
	[sarge] - kernel-source-2.6.8 <not-affected>
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21)
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
	NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
	NOT-FOR-US: AIX
CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
	NOT-FOR-US: Microsoft
CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
	NOT-FOR-US: Microsoft
CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
	NOT-FOR-US: Microsoft
CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
	NOT-FOR-US: Microsoft
CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
	NOT-FOR-US: Microsoft
CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
	NOT-FOR-US: Microsoft
CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
	NOT-FOR-US: Microsoft
CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
	NOT-FOR-US: Microsoft
CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
	NOT-FOR-US: ServerMask
CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
	{DSA-319}
	- webmin 1.070-1
CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
	NOT-FOR-US: Oracle
CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
	NOT-FOR-US: Solaris
CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
	NOT-FOR-US: Solaris
CVE-2003-0090
	REJECTED
CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
	NOT-FOR-US: mod_auth_any not in Debian
CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
	- apache2 2.0.46
	- apache 1.3.25
CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
	{DSA-266}
	- krb5 1.3.3-2
CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
	- gnome-lokkit 0.50.22-4
CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
	- dcgui 0.2.2
CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
	- plptools 0.12-0
CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
	{DSA-266}
	- krb5 1.2.7-3
	NOTE: changelog does not mention this one, verified patch from upstream was applied to this version.
CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
	NOT-FOR-US: HP UX
CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
	- krb5 1.2.4
CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
	{DSA-248}
	- hypermail 2.1.6-1
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
	{DSA-252}
	- slocate 2.7-1
CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
	NOT-FOR-US: MacOS
CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
	- putty 0.53-b-2003-01-04-1
	NOTE: apparently fixed upstream 2002-11-12 changelog
CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
	- krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs)
CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
	{DSA-436}
	- mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
	{DSA-244}
	- noffle 1.1.2-1
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
	- mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable)
	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
	NOTE: chooser/mtinkc.c's version, which goes into mtinkc
CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
	NOT-FOR-US: Protegrity Secure.Data Extension Feature
CVE-2003-0029
	RESERVED
CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
	{DSA-282 DSA-272 DSA-266}
	- glibc 2.3.1-16
	- dietlibc 0.22-2
	- krb5 1.3.3-2
	NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
	{DSA-231}
	- dhcp3 3.0+3.0.1rc11-1
CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
	{DSA-229}
	- imp 2.2.6-7
	- imp3 <not-affected>
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
	{DSA-633-1}
	- bmv 1.2-17
CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
	NOT-FOR-US: Microsoft
CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
	NOT-FOR-US: Windows Script Engine for JScript
CVE-2003-0008
	RESERVED
CVE-2003-0006
	RESERVED
CVE-2003-0005
	RESERVED
CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)
CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
	[woody] - mailreader <not-affected> (Affects only 2.3.30-2.3.32)
	- mailreader 2.3.33
CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
	{DSA-534}
	- mailreader 2.3.29-9
CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
	{DSA-215}
	- cyrus-imapd 1.5.19-9.10
CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SAP
CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
	NOT-FOR-US: SAP
CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
	NOT-FOR-US: SAP
CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
	NOT-FOR-US: SAP
CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
	{DSA-437}
	- cgiemail 1.6-20
CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
	- ucd-snmp 4.2.3-2
CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
	- gv 1:3.5.8-27
CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
	- openssl 0.9.6g-1
CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
	NOTE: tomcat4 cross-site scripting vuln
CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
	- netris 0.52-1
CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
	- wget 1.8.2-8
CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
	NOT-FOR-US: microsoft
CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
	- stunnel4 4.04-1
	- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3 (bug #216677)
CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
	NOT-FOR-US: microsoft
CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
	NOT-FOR-US: ion-p
CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
	NOT-FOR-US: cisco
CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a &quot;public&quot; ...)
	NOT-FOR-US: cisco
CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
	NOT-FOR-US: cisco
CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
	NOT-FOR-US: cisco
CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
	NOT-FOR-US: AIX
CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Webweaver
CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: SolarWinds
CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
	NOT-FOR-US: MDaemon
CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Molly
CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
	NOT-FOR-US: Symantec
CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
	- jetty <not-affected> (Fixed before upload into archive; 4.1 series)
CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
	NOT-FOR-US: Sun
CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
	NOT-FOR-US: Miniserver
CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
	NOT-FOR-US: PowerFTP
CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
	NOT-FOR-US: Coolforum
CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: BRU
CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
	NOT-FOR-US: Unreal
CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
	- linuxconf <removed>
CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
	NOT-FOR-US: webserver-4everyone
CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
	NOT-FOR-US: AFD not in debian
CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
	NOT-FOR-US: FactoSystem
CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
	NOT-FOR-US: SWServer
CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
	NOT-FOR-US: Jawmail
CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
	NOT-FOR-US: Cisco
CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
	NOT-FOR-US: PlanetDNS
CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
	NOT-FOR-US: db4web
CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
	NOT-FOR-US: db4web
CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
	NOT-FOR-US: HPUX
CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
	NOT-FOR-US: HPUX
CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
	NOT-FOR-US: HPUX
CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
	NOT-FOR-US: Shoutcase
CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
	NOT-FOR-US: Cafelog
CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
	NOT-FOR-US: Cafelog
CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
	NOT-FOR-US: Cafelog
CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
	NOT-FOR-US: Organic PHP
CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webshop Manager
CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: mIRC
CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
	NOT-FOR-US: OmniHTTPD
CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
	NOT-FOR-US: Blazix not in Debian
CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
	NOT-FOR-US: IBM UniVerse
CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
	NOT-FOR-US: eUpload not in Debian
CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
	NOT-FOR-US: CERN HTTPD not in Debian
CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
	NOT-FOR-US: Tomahawk
CVE-2002-1440 (The Gateway GS-400 server has a default root password of &quot;0001n&quot; that ...)
	NOT-FOR-US: Gateway
CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
	NOT-FOR-US: HPUX
CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
	NOT-FOR-US: Kerio
CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kerio
CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
	NOT-FOR-US: MidiCart
CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
	NOT-FOR-US: Belkin
CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
	NOT-FOR-US: ShoutBox
CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: dotproject
CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
	NOT-FOR-US: Easy Homepage Creator
CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
	NOT-FOR-US: Duma
CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
	NOT-FOR-US: East Guestbook
CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
	NOT-FOR-US: HPUX
CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
	NOT-FOR-US: HP Openview
CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
	NOT-FOR-US: HPUX
CVE-2002-1404
	REJECTED
CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
	- postgresql 7.2.2-2
CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
	- postgresql 7.2.2-2
CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
	{DSA-202}
	- im 1:141-20
CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
	- kdemultimedia 4:3.0.5a
	- kdebase 4:3.0.5a
	- kdeutils 4:3.0.5a
	- kdegames 4:3.0.5a
	- kdesdk 4:3.0.5a
	- kdepim 4:3.0.5a
	- kdelibs 4:3.0.5a
	- kdenetwork 4:3.0.5a
	- kdegraphics 4:3.0.5a
	- kdeadmin 4:3.0.5a
CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1370
	REJECTED
CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.9.8-1
CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
	- ethereal 0.9.8-1
CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
	NOT-FOR-US: LocalWEB2000 HTTP server
CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
	NOT-FOR-US: CartMan
CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
	NOT-FOR-US: Melange Chat System
CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
	- libsasl2 2.1.10-1
CVE-2002-1346
	RESERVED
CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
	NOTE: multiple ftp client issues
CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
	{DSA-209}
	- wget 1.8.2-8
CVE-2002-1343
	RESERVED
CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
	{DSA-203}
	- smb2www 980804-17
CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
	{DSA-220}
	- squirrelmail 1:1.3.2-2
CVE-2002-1340 (The &quot;ConnectionFile&quot; property in the DataSourceControl component in ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1339 (The &quot;XMLURL&quot; property in the Spreadsheet component of Office Web ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
	- w3m-ssl <removed>
CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
	NOT-FOR-US: BizDesign
CVE-2002-1333
	RESERVED
CVE-2002-1332
	RESERVED
CVE-2002-1331
	RESERVED
CVE-2002-1330
	RESERVED
CVE-2002-1329
	RESERVED
CVE-2002-1328
	RESERVED
CVE-2002-1326
	RESERVED
CVE-2002-1324
	RESERVED
CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
	NOT-FOR-US: ClearCase
CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
	NOT-FOR-US: Realplayer
CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
	NOT-FOR-US: iPlanet
CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
	NOT-FOR-US: iPlanet
CVE-2002-1314
	RESERVED
CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
	NOT-FOR-US: Linksys
CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
	{DSA-214}
	- kdenetwork 4:2.2.2-14.20
CVE-2002-1305
	RESERVED
CVE-2002-1304
	RESERVED
CVE-2002-1303
	RESERVED
CVE-2002-1302
	RESERVED
CVE-2002-1301
	RESERVED
CVE-2002-1300
	RESERVED
CVE-2002-1299
	RESERVED
CVE-2002-1298
	RESERVED
CVE-2002-1297
	RESERVED
CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
	NOT-FOR-US: Microsoft
CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
	NOT-FOR-US: SuSE-specific lprfilter package
CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
	NOT-FOR-US: Novell iManager (eMFrame)
CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
	NOT-FOR-US: RealSecure Event Collector
CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
	{DSA-194}
	- masqmail 0.2.15-1
CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
	{DSA-192}
	- html2ps 1.0b3-2
CVE-2002-1274
	RESERVED
CVE-2002-1273
	RESERVED
CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
	NOT-FOR-US: MacOS
CVE-2002-1263
	REJECTED
CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
	NOT-FOR-US: Microsoft
CVE-2002-1261
	REJECTED
CVE-2002-1259
	REJECTED
CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
	NOT-FOR-US: Microsoft
CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1249
	RESERVED
CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
	{DSA-193}
	- kdenetwork 4:2.2.2-14.3
CVE-2002-1246
	RESERVED
CVE-2002-1243
	RESERVED
CVE-2002-1241
	RESERVED
CVE-2002-1240
	RESERVED
CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
	NOT-FOR-US: Peter Sandvik's Simple Web Server
CVE-2002-1237
	RESERVED
CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
	{DSA-185 DSA-184 DSA-183}
	- heimdal 0.4e-22
	- krb4 1.1-11-8
	- krb5 1.2.6-2
CVE-2002-1234
	REJECTED
CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
	NOT-FOR-US: Avaya Cajun switches
CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1218
	RESERVED
CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
	NOT-FOR-US: Microsoft
CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
	- tar 1.13.25
CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
	{DSA-174}
	- heartbeat 0.4.9.2-1
CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
	NOT-FOR-US: Eudora
CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2002-1208
	RESERVED
CVE-2002-1207
	RESERVED
CVE-2002-1206
	RESERVED
CVE-2002-1205
	RESERVED
CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
	NOT-FOR-US: Netscape Communicator 4.x
CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
	NOT-FOR-US: IBM SecureWay Firewall
CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AIX
CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
	NOT-FOR-US: NetBSD
CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
	NOT-FOR-US: NetBSD
CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
	NOT-FOR-US: Sabre Desktop
CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
	NOT-FOR-US: Cisco
CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
	NOT-FOR-US: Winamp
CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
	NOT-FOR-US: Winamp
CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1173
	RESERVED
CVE-2002-1172
	RESERVED
CVE-2002-1171
	RESERVED
CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
	- wn <removed>
CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
	- sendmail 8.12.3-5
CVE-2002-1161
	REJECTED
CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
	NOTE: kon2. patched, but I don't know when.
	NOTE: assuming the current unstable/testing version is ok then..
	- kon2 0.3.9b-18
CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
	NOT-FOR-US: Microsoft Netmeeting
CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...)
	NOT-FOR-US: Invision Board
CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
	NOT-FOR-US: Microsoft SQL
CVE-2002-1144
	RESERVED
CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
	NOT-FOR-US: Microsoft Word & Excel
CVE-2002-1136
	RESERVED
CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
	NOT-FOR-US: Dino's Webserver
CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1130
	RESERVED
CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
	{DSA-166}
	- purity 1-16
CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
	NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages.
CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
	NOT-FOR-US: Cisco
CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
	NOT-FOR-US: Cisco
CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
	- libesmtp5 0.8.11-1
CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
	NOT-FOR-US: Oracle
CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
	NOT-FOR-US: ezContents
CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
	NOT-FOR-US: ezContents
CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
	NOT-FOR-US: ezContents
CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
	NOT-FOR-US: ezContents
CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
	NOT-FOR-US: ezContents
CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
	NOT-FOR-US: ezContents
CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
	NOT-FOR-US: Abyss
CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
	NOT-FOR-US: Abyss
CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
	NOT-FOR-US: IPSwitch
CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
	NOT-FOR-US: Pegasus
CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
	- phpwiki 1.3.4-1
CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
	NOT-FOR-US: IC9 Print Server
CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Jana Server
CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
	NOT-FOR-US: Jana Server
CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
	NOT-FOR-US: Jana Server
CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
	NOT-FOR-US: Cobalt Qube
CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
	NOT-FOR-US: Brother hardware
CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
	NOT-FOR-US: Jigsaw
CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
	NOT-FOR-US: HP printers
CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
	NOT-FOR-US: Soho Firewall
CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
	NOT-FOR-US: iPlanet
CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
	NOT-FOR-US: SMIT
CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
	NOT-FOR-US: WebSecure
CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
	- dcl 1:0.9.2-1
CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
	- dcl 1:0.9.2-1
CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
	NOT-FOR-US: Fluid Dynamics
CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
	NOT-FOR-US: iRunBook
CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
	NOT-FOR-US: iRunBook
CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
	NOT-FOR-US: KeyFocus Web Server
CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
	NOT-FOR-US: Worldspam for Windows
CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
	NOT-FOR-US: Oddsock Winamp plugin
CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BadBlue
CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
	NOT-FOR-US: BadBlue
CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
	NOT-FOR-US: BadBlue
CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
	NOT-FOR-US: Adobe
CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
	NOT-FOR-US: Adobe
CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
	NOT-FOR-US: Adobe
CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
	NOT-FOR-US: Adobe
CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
	NOT-FOR-US: Adobe
CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
	NOT-FOR-US: Tivoli
CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
	NOT-FOR-US: Tivoli
CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Domino
CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
	NOT-FOR-US: Blackboard
CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
	NOT-FOR-US: ArGoSoft
CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
	NOT-FOR-US: AnalogX Proxy
CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
	NOT-FOR-US: CARE
CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
	NOT-FOR-US: CARE
CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
	NOT-FOR-US: Novell
CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
	NOT-FOR-US: Novell
CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
	NOT-FOR-US: SunPci II VNC
CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
	NOT-FOR-US: HP
CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
	NOT-FOR-US: HP
CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
	NOT-FOR-US: HP
CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
	{DSA-157}
	- irssi-text 0.8.5-2
CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
	NOT-FOR-US: Microsoft
CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
	NOT-FOR-US: Microsoft
CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
	{DSA-165}
	- postgresql 7.2.2-1
CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
	NOT-FOR-US: Microsoft Windows specific
CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
	NOT-FOR-US: 4D web server
CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
	NOT-FOR-US: GeekLog
CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
	NOT-FOR-US: GeekLog
CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
	NOT-FOR-US: YaBB
CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
	NOT-FOR-US: Cisco
CVE-2002-0951 (SQL injection vulnerability in Ruslan &lt;Body&gt;Builder allows remote ...)
	NOT-FOR-US: Ruslan
CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
	NOT-FOR-US: TransWARE Active!
CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
	NOT-FOR-US: Telindus ADSL router
CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
	NOT-FOR-US: MakeBook
CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
	NOT-FOR-US: DeepMetrix LiveStats
CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
	NOT-FOR-US: MetaCart
CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
	NOT-FOR-US: Lugiment Log Explorer
CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
	NOT-FOR-US: JRun
CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
	- tomcat 3.2.3-1
CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
	NOT-FOR-US: Jon Hedley AlienForm2
CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
	NOT-FOR-US: Datalex PLC BooktIt Consumer
CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
	NOT-FOR-US: Netware
CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
	NOT-FOR-US: Netware
CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
	NOT-FOR-US: pirch
CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
	NOT-FOR-US: webMathematica
CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
	NOT-FOR-US: mmftpd not in Debian anymore
CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
	NOT-FOR-US: Xandros specific tool
CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
	NOT-FOR-US: Slurp NNTP
CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
	NOTE: DSA-129
CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
	NOTE: netstd
CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
	NOT-FOR-US: mnews
CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
	NOT-FOR-US: Cisco
CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
	NOT-FOR-US: SHOUTcast
CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
	NOT-FOR-US: Informix
CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
	NOT-FOR-US: wbboard
CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
	- phpbb2 2.0.6c-1
CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
	- amanda 2.4.0b6-1
CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
	NOT-FOR-US: Falcon
CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
	- swatch 3.0.4-1
CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
	NOT-FOR-US: 3com
CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
	NOT-FOR-US: Solaris
CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
	NOT-FOR-US: Solaris
CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
	NOT-FOR-US: Compaq
CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
	NOT-FOR-US: Cisco
CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
	NOT-FOR-US: Cisco
CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
	NOT-FOR-US: CFXImage
CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
	NOT-FOR-US: LogiSense
CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
	NOT-FOR-US: Shambala
CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Shambala
CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
	{DSA-150}
	- interchange 4.8.6-1
CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
	NOT-FOR-US: Cisco
CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
	NOT-FOR-US: IIS
CVE-2002-0868
	RESERVED
CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
	NOT-FOR-US: Windows
CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
	NOT-FOR-US: Oracle
CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
	NOT-FOR-US: Oracle
CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
	NOT-FOR-US: SuSE specific
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
	NOT-FOR-US: Cisco
CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
	NOT-FOR-US: iSCSI
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0841
	REJECTED
CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
	{DSA-182 DSA-179 DSA-176}
	- kdegraphics 4:2.2.2-6.9
	- gnome-gv 1.99.7-9
	- gv 1:3.5.8-27
CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
	- wordtrans 1.1pre9
CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
	{DSA-162}
	- ethereal 0.9.6-1
CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
	NOT-FOR-US: Eudora
CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
	NOT-FOR-US: Internet Explorer
CVE-2002-0828
	REJECTED
CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
	NOT-FOR-US: UnixWare
CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
	- libnss-ldap 199-1
CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
	- arts <not-affected> (artscontrol not suid root)
CVE-2002-0815 (The Javascript &quot;Same Origin Policy&quot; (SOP), as implemented in (1) ...)
	- mozilla 2:1.0.0-1
CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
	NOT-FOR-US: Compaq hardware
CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
	NOT-FOR-US: BadBlue
CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
	NOT-FOR-US: YoungZoft
CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
	NOT-FOR-US: HP
CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
	NOT-FOR-US: Solaris
CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
	NOT-FOR-US: QNX
CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
	NOT-FOR-US: Cisco
CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
	NOT-FOR-US: iCon
CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
	NOT-FOR-US: Critical Path inJoin Directory Server
CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
	NOT-FOR-US: Lidik web server
CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
	NOT-FOR-US: Novell
CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
	- viewcvs 0.9.2-5
CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
	TODO: Check quake2
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
	NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
	NOT-FOR-US: simpleinit
CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Phorum
CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
	NOT-FOR-US: HP
CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
	NOT-FOR-US: Talentsoft
CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
	NOT-FOR-US: AIX
CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
	NOT-FOR-US: AIX
CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
	NOT-FOR-US: AIX
CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
	- slrn 0.9.6.2-9
CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
	NOT-FOR-US: PostCalendat
CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
	- squid <not-affected> (Historic vulnerability, fixed before Woody was released)
CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
	NOT-FOR-US: MyGuestbook
CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
	NOT-FOR-US: vqServer
CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
	NOT-FOR-US: guestbook
CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
	NOT-FOR-US: windows
CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
	NOT-FOR-US: windows
CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
	NOT-FOR-US: internet explorer
CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
	- php4 4:4.2.2-1
CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
	- squid 2.4.6-2
CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
	- squid 2.4.6-2
CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
	NOT-FOR-US: EASM
CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
	NOT-FOR-US: HP
CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
	NOT-FOR-US: no_package
CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
	NOT-FOR-US: no_package
CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
	NOT-FOR-US: no_package
CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
	NOT-FOR-US: no_package
CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
	NOT-FOR-US: no_package
CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
	- dhcp3 3.0+3.0.1rc9-1
CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
	NOT-FOR-US: windows
CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
	NOT-FOR-US: windows
CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
	NOT-FOR-US: McAfee
CVE-2002-0689
	RESERVED
CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
	NOT-FOR-US: no_package
CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
	- glibc 2.2.5-8
CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
	NOT-FOR-US: no_package
CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
	NOT-FOR-US: no_package
CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: no_package
CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: no_package
CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: no_package
CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: no_package
CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
	{DSA-201}
	- freeswan 1.99-1
CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
	NOT-FOR-US: ZMerge
CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
	- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly ...)
	{DSA-138}
	- gallery 1.3-3
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
	NOT-FOR-US: windows mta
CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in ...)
	NOT-FOR-US: juniper router
CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive ...)
	NOT-FOR-US: windows mta
CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) ...)
	NOT-FOR-US: ncipher hardware
CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe ...)
	NOT-FOR-US: windows firewall
CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...)
	NOT-FOR-US: cisco
CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD ...)
	NOT-FOR-US: cisco
CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) ...)
	NOT-FOR-US: windows mta
CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...)
	NOT-FOR-US: monkeyd, not in debian
CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can ...)
	- eggdrop 1.6.17
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...)
	NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...)
	- libclamav1 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...)
	- libapache-mod-php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...)
	NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
	NOT-FOR-US: open/netbsd
CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to ...)
	- libtool 1.5.6
CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for ...)
	NOT-FOR-US: acroread
CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...)
	NOT-FOR-US: realsecure/blackice
CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ...)
	- mozilla 2:1.7.3
CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext ...)
	NOT-FOR-US: symantec
CVE-2004-0189 (The &quot;%xx&quot; URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
	{DSA-474}
	- squid 2.5.5-1
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
	{DSA-461}
	- calife 2.8.6-1 (bug #235157)
CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...)
	{DSA-463}
	- samba 3.0.2-2
CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...)
	NOT-FOR-US: apache/cygwin
CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...)
	NOT-FOR-US: freebsd/os x
CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...)
	NOT-FOR-US: os x
CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly ...)
	NOT-FOR-US: os x
CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon ...)
	NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...)
	{DSA-446}
	- synaesthesia 2.1-3
	NOTE: synaesthesia is no longer setuid in Debian.
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
	{DSA-447}
	- hsftp 1.15-1
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...)
	{DSA-458-3}
	- python2.2 2.2.2
CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...)
	NOT-FOR-US: gnu radiusd, not in debian
CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...)
	- phpmyadmin 2:2.6.0-pl2
CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...)
	NOT-FOR-US: freebsd
CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain ...)
	NOT-FOR-US: microsoft
CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not ...)
	NOT-FOR-US: microsoft
CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 ...)
	NOT-FOR-US: microsoft
CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for ...)
	NOT-FOR-US: bsd
CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...)
	- apache2 2.0.52
CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...)
	{DSA-464}
	- gdk-pixbuf 0.22.0-3
CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...)
	{DSA-460}
	- sysstat 5.0.2-1
CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...)
	NOT-FOR-US: freebsd
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...)
	- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a ...)
	NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...)
	NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...)
	- samba 3.0.7
CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...)
	NOT-FOR-US: debian uses different login
CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...)
	- mutt 1.5.6-20040722+1
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...)
	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3)
	- kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...)
	- kernel-source-2.4.24 2.4.24-3
	NOTE: fixed in 2.4.26-pre3
CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents ...)
	NOT-FOR-US: ezcontents, commercial
CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...)
	NOT-FOR-US: phpdig, not in debian
CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...)
	NOT-FOR-US: ncipher hsm
CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote ...)
	NOT-FOR-US: real helix
CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control ...)
	- inn2 2.4.1+20040820
	[woody] - inn2 <not-affected>
CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password ...)
	NOT-FOR-US: cisco
CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through ...)
	NOT-FOR-US: checkpoint
CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...)
	NOT-FOR-US: vbulletin, commercial
CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and ...)
	NOT-FOR-US: phorum, not in debian
CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
	{DSA-420}
	- jitterbug 1.6.2-4.5
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the &quot;save ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before ...)
	{DSA-418}
	- vbox3 0.1.8
CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...)
	{DSA-414}
	- jabber 1.4.3-1
CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...)
	- apache-ssl 1.3.31
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...)
	NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace ...)
	- kernel-image-2.6.8-9-amd64-generic
	TODO: what version?
	TODO: test?
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...)
	NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: windows
CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2003-0994 (The GUI functionality for an interactive session in Symantec ...)
	NOT-FOR-US: norton
CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...)
	- apache 1.3.29.0.2-4
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...)
	{DSA-436}
	- mailman 2.1-1
	NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...)
	- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1)
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
	{DSA-411}
	- mpg321 0.2.10.3
CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and ...)
	NOT-FOR-US: elm
CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, ...)
	{DSA-426}
	- netpbm-free 2:9.25-9
CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components ...)
	NOT-FOR-US: microsoft
CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...)
	{DSA-261}
	- tcpdump 3.7.2-1
CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null ...)
	{DSA-259}
	- qpopper 4.0.4-9
CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...)
	NOT-FOR-US: SOHO Routefinder
CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a ...)
	NOT-FOR-US: man before 1.51
CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...)
	NOT-FOR-US: lotus notes
CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before ...)
	NOT-FOR-US: lotus notes
CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...)
	{DSA-256}
	- mhc 0.25+20030224-1
CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...)
	- zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...)
	NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...)
	NOT-FOR-US: nokia handset
CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows ...)
	{DSA-260}
	- file 3.40-1.1
CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...)
	NOT-FOR-US: cisco
CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...)
	- php4 4:4.3.2+rc3-1
CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, ...)
	NOT-FOR-US: oracle
CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 ...)
	NOT-FOR-US: mandrake specific
CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote ...)
	{DSA-261}
	- tcpdump 3.7.1-1
CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...)
	NOT-FOR-US: macosX
CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language ...)
	NOT-FOR-US: AIX
CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector ...)
	{DSA-258}
	- ethereal 0.9.9-2
CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...)
	{DSA-253}
	- openssl 0.9.7a-1
CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for ...)
	NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...)
	{DSA-303}
	- mysql-dfsg 4.0.12-2
CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...)
	- vte 1:0.11.10-1
CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...)
	- putty 0.54-1
CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to ...)
	{DSA-496}
	- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to ...)
	- rxvt 1:2.6.4-6.1 (bug #244810)
	NOTE: woody version is still vulnerable
CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window ...)
	NOT-FOR-US: uxterm not in Debian
CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window ...)
	NOT-FOR-US: dtterm not in Debian
CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows ...)
	NOT-FOR-US: NOD32 not in Debian
CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for ...)
	- krb5 1.2.5-1
CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows ...)
	- krb5 1.2.5-1
CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin ...)
	NOT-FOR-US: apple
CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime ...)
	NOT-FOR-US: apple
CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple ...)
	NOT-FOR-US: apple
CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow ...)
	NOT-FOR-US: windows
CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
	{DSA-246}
	- tomcat 3.3.1a-1
CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...)
	{DSA-247}
	- courier 0.40.2-3
	- courier-ssl 0.40.2-3
CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other ...)
	{DSA-245}
	- dhcp3 3.0+3.0.1rc11-3
	NOTE: Version information in DSA is wrong.
CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
	NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0022 (The &quot;screen dump&quot; feature in rxvt 2.7.8 allows attackers to overwrite ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0021 (The &quot;screen dump&quot; feature in Eterm 0.9.1 and earlier allows attackers ...)
	- eterm 0.9.2-1
	NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
	NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...)
	- apache2 2.0.49
	- apache 1.3.29.0.2-4
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has ...)
	NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
	NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...)
	NOT-FOR-US: apache on windows
CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...)
	{DSA-233}
	- cvs 1.11.2-5.1
CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center ...)
	NOT-FOR-US: windows
CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt ...)
	NOT-FOR-US: windows
CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft ...)
	NOT-FOR-US: windows
CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT ...)
	NOT-FOR-US: windows
CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...)
	NOT-FOR-US: windows
CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before ...)
	NOTE: fixed after 2.6/2.4.20 kernel
CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...)
	NOT-FOR-US: gbook not in Debian
CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...)
	NOT-FOR-US: novell
CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIX
CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...)
	NOT-FOR-US: lhttpd not in Debian
CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ...)
	NOT-FOR-US: AIX
CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...)
	NOT-FOR-US: Netscreen
CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...)
	NOT-FOR-US: NetBSD
CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...)
	NOT-FOR-US: BadBlue not in Debian
CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x ...)
	NOT-FOR-US: norton
CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: acusend not in Debian
CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...)
	- phpbb2 2.0.6c-1
	NOTE: according to http://www.securityfocus.com/archive/1/297419
	NOTE: phpBB versions above 2.0.0 are not vulnerable.
CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary ...)
	NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian
CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the ...)
	NOT-FOR-US: mondosearch
CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) ...)
	NOT-FOR-US: winamp
CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...)
	NOT-FOR-US: webserver 4D
CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions ...)
	NOT-FOR-US: IRIX
CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ...)
	NOT-FOR-US: IRIX
CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows ...)
	NOT-FOR-US: IRIX
CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite ...)
	NOT-FOR-US: interbase
CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() ...)
	- vnc 3.3.3r2-21
CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary ...)
	- xfree86 4.1.0-7
CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...)
	NOT-FOR-US: redhat and mandrake only
CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board not in Debian
CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...)
	NOT-FOR-US: xbreaky not in Debian
CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) ...)
	NOT-FOR-US: Enterasys
CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows ...)
	NOT-FOR-US: Aestiva
CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...)
	NOT-FOR-US: Lycos
CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...)
	NOT-FOR-US: Cisco
CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...)
	NOT-FOR-US: NetBSD
CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...)
	- cacti 0.6.8-1
CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...)
	NOT-FOR-US: NetBSD
CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...)
	- xfree86 4.2.1-1 (bug #280872)
CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ...)
	- evolution 1.2.0-1 (bug #280883)
CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...)
	- scponly 3.8-1
	NOTE: according to http://sublimation.org/scponly/ (scponly home page)
	NOTE: only versions of scponly older than scponly-2.4 are affected
CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ...)
	NOT-FOR-US: AIX
CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...)
	NOT-FOR-US: symantec
CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...)
	NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...)
	NOT-FOR-US: Cisco
CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...)
	NOT-FOR-US: nCipher PKCS#11 library
CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
	NOT-FOR-US: Google toolbar
CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except ...)
	NOT-FOR-US: Achievo not in Debian
CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read ...)
	NOT-FOR-US: Sympoll not in Debian
CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...)
	{DSA-141}
	- mpack 1.5-9
CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote ...)
	- mpack 1.5-9
CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...)
	NOT-FOR-US: OpenBSD
CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes ...)
	NOT-FOR-US: IRIX on Origin
CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges ...)
	- qmailadmin 1.0.6-1
CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, ...)
	NOT-FOR-US: RCONAG6 for Novell Netware SP2
CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...)
	NOT-FOR-US: TinySSL not in Debian
CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote ...)
	{DSA-210}
	- lynx 2.8.4.1b-4
	- lynx-ssl 1:2.8.4.1b-3.1
CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
	- bugzilla 2.16.2-1
CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to ...)
	{DSA-219}
	- dhcpcd 1:1.3.22pl2-2
	NOTE: Debian sarge uses dhcp >= 2.0
CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...)
	- php4 4:4.3.2+rc3-1
	NOTE: according to http://www.securityfocus.com/bid/6488
	NOTE: woody is not vulnerable
CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet ...)
	{DSA-225}
	- tomcat4 4.1.16-1
CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...)
	{DSA-223}
	- geneweb 4.09-1
CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to ...)
	{DSA-217}
	- typespeed 0.4.2-2
CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 ...)
	{DSA-221}
	- mhonarc 2.5.14-1
CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users ...)
	- openwebmail 1.90-1
CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...)
	{DSA-232 DSA-226 DSA-222}
	- xpdf-i 2.01-2
	- xpdf 2.01-2
	- cupsys 1.1.18-1
CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to ...)
	- flashplugin-nonfree 6.0.69-1
CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...)
	- exim4 4.11-0.0.1
	- exim 3.36-14
CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service ...)
	{DSA-336}
	- kernel-source-2.2.25 2.2.25-2
	- kernel-image-2.2.25-i386 2.2.25-2
CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to ...)
	- vim 6.1.263-1
	NOTE: woody seems to be still vulnerable
	NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003
	NOTE: but no advisory (nor fixed package) have been published yet.
	NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this.
	NOTE: No response from maintainer, I have mailed security team.
	NOTE: Martin Schulze don't consider this as an issue for updating woody.
CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...)
	{DSA-232}
	- cupsys 1.1.18-1
CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not ...)
	{DSA-216}
	- fetchmail 6.2.0-1
CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...)
	{DSA-213}
	- libpng 1.0.12-7
	- libpng3 1.2.5-8
CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of ...)
	{DSA-211}
	- micq 0.4.9.4-1
CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...)
	NOT-FOR-US: sun
CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...)
	{DSA-206}
	- tcpdump 3.7.2-1
	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
	- gtetrinet 0.4.4-1
CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...)
	NOT-FOR-US: PC-cillin
CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...)
	{DSA-257}
	- sendmail 8.13.0.PreAlpha4-0
	- sendmail-wine <removed>
	NOTE: problem in sendmail 8.12, sarge uses 8.13
CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...)
	- tightvnc 1.2.6-1
CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...)
	NOT-FOR-US: windows
CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows ...)
	NOT-FOR-US: windows
CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may ...)
	{DSA-208}
	- perl 5.8.0-14
CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: pine not in Debian
CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 ...)
	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...)
	{DSA-200}
	- samba 2.2.7
CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...)
	NOT-FOR-US: solaris
CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...)
	{DSA-198}
	- nullmailer 1.00RC5-17
CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...)
	{DSA-197}
	- courier 0.40.0-1
CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote ...)
	- mozilla 2:1.2-1
	NOTE: woody is vulnerable see #237422
CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...)
	{DSA-199}
	- mhonarc 2.5.13-1
CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the ...)
	- kdeutils 4:3.2.1-1
CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...)
	NOTE: Linuxconf not in testing/unstable
CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...)
	{DSA-190}
	- wmaker 0.80.1-4
CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...)
	NOT-FOR-US: Alcatel
CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...)
	{DSA-386}
	- libmailtools-perl 1.51 (bug #168381)
CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...)
	NOTE: don't know which version of glibc fix this
	NOTE: I've mailed maintainers.
CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...)
	NOT-FOR-US: oracle
CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...)
	NOT-FOR-US: Microsoft Windows
CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...)
	NOT-FOR-US: PeopleSoft
CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...)
	{DSA-186}
	- log2mail 0.2.6-1
CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ...)
	{DSA-189}
	- luxman 0.41-19
CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...)
	NOT-FOR-US: Pablo FTP Server
CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke not in Debian
CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...)
	NOT-FOR-US: QNX
CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast ...)
	NOT-FOR-US: Linksys
CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS ...)
	{DSA-180}
	- nis 3.9-6.2
CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a ...)
	NOT-FOR-US: SCO
CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows ...)
	NOT-FOR-US: Windows NT
CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) ...)
	{DSA-177}
	- pam 0.76-6
CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE ...)
	- kdenetwork 4:3.1.0-1
CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView ...)
	- kdegraphics 4:3.1.0-1
CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst ...)
	NOT-FOR-US: CISCO
CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Prometheus not in Debian
CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...)
	{DSA-175}
	- syslog-ng 1.5.21-1
CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary ...)
	NOT-FOR-US: ypxfrd not in Debian
CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282500
CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282501
CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before ...)
	{DSA-173}
	- bugzilla 2.16.0-2.1
CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ...)
	{DSA-169}
	- htcheck 1:1.1-1.2
CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite ...)
	{DSA-172}
	- tkmail <removed>
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...)
	NOT-FOR-US: CISCO
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
	NOT-FOR-US: Microsoft
CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...)
	NOT-FOR-US: Microsoft
CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain ...)
	NOT-FOR-US: Microsoft
CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default ...)
	NOT-FOR-US: Microsoft
CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2002-1180 (A typographical error in the script source access permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ...)
	- jetty 4.1.0
CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...)
	- net-snmp 5.0.6
CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before ...)
	NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server
CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...)
	NOT-FOR-US: pam_xauth
CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...)
	{DSA-181}
	- libapache-mod-ssl 2.8.9-2.3
CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...)
	- apache2 2.0.43
CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...)
	- analog 2:5.23
CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...)
	- konqueror 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
	{DSA-167}
	- kdelibs 4:2.2.2-14
CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...)
	{DSA-170}
	- tomcat4 4.1.12-1
CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...)
	NOT-FOR-US: HP Procurve 4000M Switch firmware
CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
	- glibc 2.3
	- bind 1:8.3.3
CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...)
	NOT-FOR-US: Microsoft
CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...)
	NOT-FOR-US: Microsoft
CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...)
	NOT-FOR-US: Microsoft
CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...)
	NOT-FOR-US: Microsoft
CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...)
	- mozilla 2:1.2
CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner ...)
	NOT-FOR-US: Microsoft
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...)
	{DSA-159}
	- python1.5 1.5.2-24
	- python2.1 2.1.3-6a
	- python2.2 2.2.1-8
	- python2.3 <not-affected>
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
	NOT-FOR-US: Oracle
CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2002-1116 (The &quot;View Bugs&quot; page (view_all_bug_page.php) in Mantis 0.17.4a and ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...)
	NOTE: old amavis shell script
CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...)
	NOT-FOR-US: Cisco
CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ...)
	NOT-FOR-US: Cisco
CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...)
	NOT-FOR-US: Cisco
CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...)
	NOT-FOR-US: Cisco
CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when ...)
	NOT-FOR-US: Cisco
CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...)
	- mozilla 2:1.0.2
CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...)
	NOT-FOR-US: Novell GroupWise
CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems ...)
	NOT-FOR-US: CacheFlow CacheOS
CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...)
	NOT-FOR-US: Van Dyke SecureCRT SSH client
CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...)
	NOT-FOR-US: SmartMax MailMax POP3 daemon
CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...)
	NOT-FOR-US: Microsoft
CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...)
	NOT-FOR-US: Pablo FTP server
CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...)
	NOT-FOR-US: W3C Jigsaw Proxy Server
CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
	NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
	- dcl 20020706
CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Omnicron OmniHTTPd
CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...)
	NOT-FOR-US: KeyFocus (KF) web server
CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code ...)
	NOT-FOR-US: JRun
CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold ...)
	NOT-FOR-US: Real
CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...)
	NOT-FOR-US: Real
CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 ...)
	NOT-FOR-US: Inktomi
CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to ...)
	NOT-FOR-US: Betsie
CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote ...)
	NOT-FOR-US: AnalogX SimpleServer:Shout
CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges ...)
	NOT-FOR-US: PHPAuction
CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 ...)
	NOT-FOR-US: Symantec
CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...)
	{DSA-158}
	- gaim 1:0.59.1-2
CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...)
	NOT-FOR-US: Xsco
CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...)
	NOT-FOR-US: Xsco
CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...)
	{DSA-156}
	- epic4-script-light 1:2.7.30p5-2
CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...)
	NOT-FOR-US: ndcfg
CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...)
	NOT-FOR-US: Help and Support Center for Windows XP
CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...)
	{DSA-155}
	- kdelibs 4:2.2.2-14
CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...)
	NOTE: mysql problem only affects Windows
CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...)
	NOT-FOR-US: AnalogX SimpleServer:WWW
CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote ...)
	NOT-FOR-US: eDonkey
CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on ...)
	NOT-FOR-US: Oracle
CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Half Life
CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) ...)
	NOT-FOR-US: PHP Reactor
CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen ...)
	NOT-FOR-US: PHP Address
CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server ...)
	NOT-FOR-US: Oracle
CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and ...)
	NOT-FOR-US: Java on Windows
CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows ...)
	NOT-FOR-US: Cisco
CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, ...)
	- tomcat4 4.1.9-1
CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...)
	- squid 2.4.7
CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...)
	- courier-mta 0.46
CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...)
	NOT-FOR-US: Caldera Volution Manager
CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...)
	- sendmail 8.12.5
CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers ...)
	- kismet 2.2.2-1
CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows ...)
	NOT-FOR-US: pks
CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: LocalWEB2000
CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote ...)
	NOT-FOR-US: MatuFtpServer
CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows ...)
	NOT-FOR-US: NewAtlanta ServletExec ISAPI
CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local ...)
	- qpopper 4.0.5-1
CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...)
	NOT-FOR-US: scoadmin
CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...)
	{DSA-154}
	- fam 2.6.8-1
CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...)
	{DSA-151}
	- xinetd 1:2.3.7-1
CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...)
	NOT-FOR-US: Microsoft
CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) ...)
	- isdnutils 1:3.2
CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...)
	NOT-FOR-US: PGP corporate desktop
CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, ...)
	NOT-FOR-US: Cisco
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
	{DSA-145}
	- tinyproxy 1.4.3-3
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...)
	- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...)
	NOT-FOR-US: Sun ONE
CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...)
	- cvs 1:1.11.2
CVE-2002-0842 (Format string vulnerability in certain third party modifications to ...)
	NOTE: mod_dav for apache not vulnerable according to
	NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html
CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...)
	{DSA-195 DSA-188 DSA-187}
	- apache2 2.0.43-1
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...)
	{DSA-207}
	- tetex-bin 1.0.7+20021025-4
CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...)
	NOT-FOR-US: RedHat/Intel PXE daemon
	NOTE: this is not the one in Debian
CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, ...)
	NOT-FOR-US: BSD/NFS
CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...)
	NOT-FOR-US: WS FTP server
CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary ...)
	NOT-FOR-US: BSD/pppd
CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute ...)
	NOT-FOR-US: Windows
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...)
	{DSA-144}
	- wwwoffle 2.7d-1
CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...)
	{DSA-139}
	- super 3.18.0-3
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...)
	NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...)
	NOT-FOR-US: VMware
CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...)
	- bugzilla 2.16.0
CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...)
	- bugzilla 2.16.0
CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...)
	- bugzilla 2.16.0
CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows ...)
	- bugzilla 2.16.0
CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...)
	- bugzilla 2.16.0
CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...)
	- bugzilla 2.16.0
CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding ...)
	- postgresql 7.2
CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...)
	NOT-FOR-US: Macromedia / Windows
CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...)
	NOT-FOR-US: AIX
CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...)
	- mnogosearch 3.1.19-3
CVE-2002-0788 (An interaction between PGP 7.0.3 with the &quot;wipe deleted files&quot; option, ...)
	NOT-FOR-US: windows
CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...)
	NOT-FOR-US: AOL AIM
CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and ...)
	NOT-FOR-US: CISCO
CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and ...)
	NOT-FOR-US: Ipswitch not in Debian
CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...)
	NOT-FOR-US: Hosting Controller 2002
CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and ...)
	- lukemftp 1.5-7
CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...)
	- openssh 1:3.3p1-0.0woody1
CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...)
	NOT-FOR-US: Labview
CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: psyBNC
CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...)
	{DSA-163}
	- mhonarc 2.5.11-1
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...)
	NOT-FOR-US: Sambar web server
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...)
	NOT-FOR-US: Microsoft
CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...)
	NOT-FOR-US: B2
CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...)
	- thttpd 2.21
CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...)
	NOT-FOR-US: Microsoft
CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0719 (SQL injection vulnerability in the function that services for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...)
	NOT-FOR-US: Microsoft
CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...)
	NOT-FOR-US: SCO OpenServer
CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...)
	- squid 2.4.6
CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier ...)
	NOT-FOR-US: sendform.cgi
CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...)
	NOTE: kernel netfilter bug, not in user space
	NOTE: this is fixed in kernel 2.4.20
	- kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant)
CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...)
	- perl 5.8.0-7 (bug #282527)
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
	NOT-FOR-US: BSD
CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files ...)
	NOT-FOR-US: Microsoft
CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...)
	{DSA-490}
	- zope 2.6.0-0.1
CVE-2002-0687 (The &quot;through the web code&quot; capability for Zope 2.0 through 2.5.1 b1 ...)
	- zope 2.5.1b2
CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...)
	NOT-FOR-US: PGP Outlook Encryption Plug-In
CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows ...)
	- tomcat 4.0.4
CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC ...)
	NOT-FOR-US: CDE
CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to ...)
	NOT-FOR-US: CDE ToolTalk
CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...)
	NOT-FOR-US: MacOS
CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...)
	NOT-FOR-US: Norton
CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...)
	{DSA-160}
	- scrollkeeper 0.3.11-2
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
	{DSA-137}
	- mm 1.1.3-7
CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ...)
	{DSA-135}
	- libapache-mod-ssl 2.8.9-2
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
	- glibc 2.2.5-8
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2002-0648 (The legacy &lt;script&gt; data-island capability for XML in Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...)
	NOT-FOR-US: microsoft
CVE-2002-0642 (The registry key containing the SQL Server service account information ...)
	NOT-FOR-US: microsoft
CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...)
	- openssh 1:3.4 (high)
CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...)
	- openssh 1:3.4 (high)
CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...)
	NOT-FOR-US: SGI
CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer ...)
	NOT-FOR-US: Microsoft
CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote ...)
	NOT-FOR-US: DNSTools
CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 ...)
	NOT-FOR-US: Flash
CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...)
	NOT-FOR-US: ISS
CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Blahz
CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner ...)
	NOT-FOR-US: Foundstone
CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...)
	NOT-FOR-US: ColdFusion
CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access ...)
	NOT-FOR-US: Oracle
CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...)
	NOT-FOR-US: Oracle
CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...)
	NOT-FOR-US: Oracle
CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows ...)
	NOT-FOR-US: SunShop
CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...)
	NOT-FOR-US: Winamp
CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server ...)
	NOT-FOR-US: Aprelium
CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...)
	NOT-FOR-US: Demarc
CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 ...)
	NOT-FOR-US: Symantec
CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...)
	NOT-FOR-US: EMU
CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...)
	NOT-FOR-US: EMU
CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...)
	NOT-FOR-US: popper_mod
CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework ...)
	NOT-FOR-US: Cisco
CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ...)
	NOT-FOR-US: Posadis
CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: csSearch
CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...)
	NOT-FOR-US: WebSight
CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...)
	NOT-FOR-US: Instant Web Mail
CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote ...)
	NOT-FOR-US: Linux Directory Penguin
CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...)
	NOT-FOR-US: ARSC
CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone ...)
	NOT-FOR-US: Big Sam
CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote ...)
	NOT-FOR-US: PHProjekt
CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to ...)
	NOT-FOR-US: PHP FirstPost
CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial ...)
	NOT-FOR-US: Windows
CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that ...)
	NOT-FOR-US: Windows
CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...)
	NOT-FOR-US: PHP Imglist
CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.2.20 <removed>
CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...)
	NOT-FOR-US: mIRC
CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...)
	NOT-FOR-US: SPHERE
CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...)
	NOT-FOR-US: Red-M
CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, ...)
	NOT-FOR-US: Red-M
CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...)
	NOT-FOR-US: Red-M
CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be ...)
	NOT-FOR-US: Red-M
CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, ...)
	NOT-FOR-US: Red-M
CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...)
	- apache2 2.0.37
CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...)
	{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
	- acm 5.0-10
	- glibc 2.2.5-13
	- dietlibc 0.20-0cvs20020808
	- krb5 1.2.5-2
	- openafs 1.2.6-1
CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...)
	NOT-FOR-US: Sun
CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...)
	NOT-FOR-US: Apple
CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows ...)
	NOT-FOR-US: AOL
CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which ...)
	NOT-FOR-US: IRIX
CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows ...)
	NOT-FOR-US: MediaMail
CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...)
	NOT-FOR-US: SGI
CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) ...)
	NOT-FOR-US: Cisco
CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin ...)
	NOT-FOR-US: OpenBB
CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ...)
	NOT-FOR-US: Snitz
CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...)
	NOT-FOR-US: Essentia
CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the ...)
	NOT-FOR-US: Symantec
CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops ...)
	NOT-FOR-US: Symantec
CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code ...)
	NOT-FOR-US: CatchUp
CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...)
	NOT-FOR-US: WebNews
CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, ...)
	NOT-FOR-US: pforum
CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to ...)
	NOT-FOR-US: Falcon
CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before ...)
	NOT-FOR-US: SIPS
CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...)
	NOT-FOR-US: Sawmill
CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through ...)
	NOT-FOR-US: HP
CVE-2002-0246 (Format string vulnerability in the message catalog library functions ...)
	NOT-FOR-US: UnixWare
CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...)
	NOT-FOR-US: Cisco
CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE ...)
	NOT-FOR-US: ISS
CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...)
	NOT-FOR-US: DCForum
CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ...)
	NOT-FOR-US: Xinet
CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...)
	NOT-FOR-US: Tarantella
CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing ...)
	NOT-FOR-US: Nortel
CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows ...)
	NOT-FOR-US: Real Networks
CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof ...)
	NOT-FOR-US: psyBNC
CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the ...)
	NOT-FOR-US: ACD
CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0160 (The administration function in Cisco Secure Access Control Server ...)
	NOT-FOR-US: Cisco
CVE-2002-0159 (Format string vulnerability in the administration function in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...)
	NOT-FOR-US: Microsoft
CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail ...)
	NOT-FOR-US: Microsoft
CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new ...)
	NOT-FOR-US: Microsoft
CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives &quot;Everyone&quot; group ...)
	NOT-FOR-US: Microsoft
CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...)
	NOT-FOR-US: Microsoft
CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the ...)
	NOT-FOR-US: Microsoft
CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...)
	NOT-FOR-US: Microsoft
CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with &quot;Bugs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0004 (Heap corruption vulnerability in the &quot;at&quot; program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1407 (Bugzilla before 2.14 allows Bugzilla users to bypass group security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1406 (process_bug.cgi in Bugzilla before 2.14 does not set the &quot;groupset&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1391 (Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1386 (WFTPD 3.00 allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1385 (The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1383 (initscript in setserial 2.17-4 and earlier uses predictable temporary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1382 (The &quot;echo simulation&quot; traffic analysis countermeasure in OpenSSH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1380 (OpenSSH before 2.9.9, while using keypairs and multiple keys of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1378 (fetchmailconf in fetchmail before 5.7.4 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1375 (tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1374 (expect before 5.32 searches for its libraries in /var/tmp before other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1373 (MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1372 (Oracle 9i Application Server 1.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1371 (The default configuration of Oracle Application Server 9iAS 1.0.2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1370 (prepend.php3 in PHPLib before 7.2d, when register_globals is enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1369 (Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1367 (The checkAccess function in PHPSlice 0.1.4, and all other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1359 (Volution clients 1.0.7 and earlier attempt to contact the computer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1352 (Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1351 (Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1350 (Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1349 (Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1347 (Windows 2000 allows local users to cause a denial of service and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1345 (bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1342 (Apache before 1.3.20 on Windows and OS/2 systems allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1334 (Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1328 (Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1327 (pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1322 (xinetd 2.1.8 and earlier runs with a default umask of 0, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1303 (The default configuration of SecuRemote for Check Point Firewall-1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1302 (The change password option in the Windows Security interface for ...)
	NOT-FOR-US: Microsoft
CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1296 (More.groupware PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1295 (Directory traversal vulnerability in Cerberus FTP Server 1.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1291 (The telnet server for 3Com hardware such as PS40 SuperStack II does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1279 (Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1277 (makewhatis in the man package before 1.5i2 allows an attacker in group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1276 (ispell before 3.1.20 allows local users to overwrite files of other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1266 (Directory traversal vulnerability in Doug Neal's HTTPD Daemon ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1252 (Network Associates PGP Keyserver 7.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1251 (SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1247 (PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1246 (PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1240 (The default configuration of sudo in Engarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1237 (Phormation PHP script 0.9.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1236 (myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1235 (pSlash PHP script 0.7 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1215 (Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1203 (Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1201 (Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1200 (Microsoft Windows XP allows local users to bypass a locked screen and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1199 (Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1193 (Directory traversal vulnerability in EFTP 2.0.8.346 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2001-1180 (FreeBSD 4.3 does not properly clear shared signal handlers when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1177 (ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1176 (Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1175 (vipw in the util-linux package before 2.10 causes /etc/shadow to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1174 (Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1172 (OmniSecure HTTProtect 1.1.1 allows a superuser without omnish ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1166 (linprocfs on FreeBSD 4.3 and earlier does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1162 (Directory traversal vulnerability in the %m macro in the smb.conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1161 (Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1160 (udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1158 (Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1155 (TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1153 (lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1149 (Panda Antivirus Platinum before 6.23.00 allows a remore attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1147 (The PAM implementation in /bin/login of the util-linux package before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1146 (AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1145 (fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1144 (Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1141 (The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1121 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1118 (A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1117 (LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1116 (Identix BioLogon 2.03 and earlier does not lock secondary displays on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1113 (Buffer overflow in TrollFTPD 1.26 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1108 (Directory traversal vulnerability in SnapStream PVS 1.2a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1106 (The default configuration of Sambar Server 5 and earlier uses a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1103 (FTP Voyager ActiveX control before 8.0, when it is marked as safe for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange ...)
	NOT-FOR-US: Norton
CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in ...)
	NOT-FOR-US: Cisco
CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...)
	NOT-FOR-US: AIX
CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execute ...)
	NOT-FOR-US: AIX
CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1081 (Format string vulnerabilities in Livingston/Lucent RADIUS before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1080 (diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable ...)
	NOT-FOR-US: AIX
CVE-2001-1079 (create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates ...)
	NOT-FOR-US: AIX
CVE-2001-1075 (poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1074 (Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1072 (Apache with mod_rewrite enabled on most UNIX systems allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1071 (Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) ...)
	NOT-FOR-US: Cisco
CVE-2001-1069 (libCoolType library as used in Adobe Acrobat (acroread) on Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1067 (Buffer overflow in AOLserver 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1066 (ns6install installation script for Netscape 6.01 on Solaris, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1063 (Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1062 (Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1059 (VMWare creates a temporary file vmware-log.USERNAME with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1056 (IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1055 (The Microsoft Windows network stack allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1054 (PHPAdsNew PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1053 (AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1049 (Phorecast PHP script before 0.40 allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1048 (AWOL PHP script allows remote attackers to include arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1046 (Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1043 (ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1038 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2001-1037 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2001-1036 (GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1035 (Binary decoding feature of slrn 0.9 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1032 (admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1030 (Squid before 2.3STABLE5 in HTTP accelerator mode does not enable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1029 (libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1028 (Buffer overflow in ultimate_source function of man 1.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1027 (Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1022 (Format string vulnerability in pic utility in groff 1.16.1 and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1020 (edit_image.php in Vibechild Directory Manager before 0.91 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1017 (rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1016 (PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1011 (index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1010 (Directory traversal vulnerability in pagecount CGI script in Sambar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1008 (Java Plugin 1.4 for JRE 1.3 executes signed applets even if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1002 (The default configuration of the DVI print filter (dvips) in Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0998 (IBM HACMP 4.4 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0995 (PHProjekt before 2.4a allows remote attackers to perform actions as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0993 (sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0987 (Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0982 (Directory traversal vulnerability in IBM Tivoli WebSEAL Policy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0981 (HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the &quot;unix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0980 (docview before 1.0-15 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0978 (login in HP-UX 10.26 does not record failed login attempts in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0977 (slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0973 (BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0969 (ipfw in FreeBSD does not properly handle the use of &quot;me&quot; in its rules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0965 (glFTPD 1.23 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0963 (Directory traversal vulnerability in SpoonFTP 1.1 allows local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0962 (IBM WebSphere Application Server 3.02 through 3.53 uses predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0961 (Buffer overflow in tab expansion capability of the most program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0960 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0959 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0954 (Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0951 (Windows 2000 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Microsoft
CVE-2001-0946 (apmscript in Apmd in Red Hat 7.2 &quot;Enigma&quot; allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0940 (Buffer overflow in the GUI authentication code of Check Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0939 (Lotus Domino 5.08 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0936 (Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0929 (Cisco IOS Firewall Feature set, aka Context Based Access Control ...)
	NOT-FOR-US: Cisco
CVE-2001-0921 (Netscape 4.79 and earlier for MacOS allows an attacker with access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0920 (Format string vulnerability in auto nice daemon (AND) 1.0.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0918 (Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0917 (Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0914 (Linux kernel before 2.4.11pre3 in multiple Linux distributions allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0912 (Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0909 (Buffer overflow in helpctr.exe program in Microsoft Help Center for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0907 (Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0905 (Race condition in signal handling of procmail 3.20 and earlier, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0902 (Microsoft IIS 5.0 allows remote attackers to spoof web log entries via ...)
	NOT-FOR-US: Microsoft
CVE-2001-0901 (Hypermail allows remote attackers to execute arbitrary commands on a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0900 (Directory traversal vulnerability in modules.php in Gallery before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0899 (Network Tools 0.2 for PHP-Nuke allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0896 (Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0895 (Multiple Cisco networking products allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0894 (Vulnerability in Postfix SMTP server before 20010228-pl07, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0891 (Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0889 (Exim 3.22 and earlier, in some configurations, does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0888 (Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0887 (xSANE 0.81 and earlier allows local users to modify files of other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0886 (Buffer overflow in glob function of glibc allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0884 (Cross-site scripting vulnerability in Mailman email archiver before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0879 (Format string vulnerability in the C runtime functions in SQL Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0877 (Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0876 (Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0875 (Internet Explorer 5.5 and 6.0 allows remote attackers to cause the ...)
	NOT-FOR-US: Microsoft
CVE-2001-0874 (Internet Explorer 5.5 and 6.0 allow remote attackers to read certain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0873 (uuxqt in Taylor UUCP package does not properly remove dangerous long ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0869 (Format string vulnerability in the default logging callback function ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0867 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0866 (Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0865 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0864 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0863 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...)
	NOT-FOR-US: Microsoft
CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0857 (Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0852 (TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0851 (Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0850 (A configuration error in the libdb1 package in OpenLinux 3.1 uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0846 (Lotus Domino 5.x allows remote attackers to read files or execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0843 (Squid proxy server 2.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0837 (DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0836 (Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0834 (htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0833 (Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0830 (6tunnel 0.08 and earlier does not properly close sockets that were ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0828 (A cross-site scripting vulnerability in Caucho Technology Resin before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0825 (Buffer overflow in internal string handling routines of xinetd before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0823 (The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0822 (FPF kernel module 1.0 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0819 (A buffer overflow in Linux fetchmail before 5.8.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0816 (OpenSSH before 2.9.9, when running sftp using sftp-server and using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0815 (Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0806 (Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0805 (Directory traversal vulnerability in ttawebtop.cgi in Tarantella ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0804 (Directory traversal vulnerability in story.pl in Interactive Story 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0803 (Buffer overflow in the client connection routine of libDtSvc.so.1 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0801 (lpstat in IRIX 6.5.13f and earlier allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0797 (Buffer overflow in login in various System V based operating systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0796 (SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0792 (Format string vulnerability in XChat 1.2.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0787 (LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0784 (Directory traversal vulnerability in Icecast 1.3.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0779 (Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0774 (Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0773 (Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0770 (Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0769 (Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0765 (BisonFTP V4R1 allows local users to access directories outside of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0764 (Buffer overflow in ntping in scotty 2.1.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0763 (Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0760 (Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0757 (Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC ...)
	NOT-FOR-US: Cisco
CVE-2001-0754 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0752 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use ...)
	NOT-FOR-US: Cisco
CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other ...)
	NOT-FOR-US: Cisco
CVE-2001-0745 (Netscape 4.7x allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0741 (Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0740 (3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0739 (Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0738 (LogLine function in klogd in sysklogd 1.3 in various Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0733 (The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0731 (Apache 1.3.20 with Multiviews enabled allows remote attackers to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0730 (split-logfile in Apache 1.3.20 allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0728 (Buffer overflow in Compaq Management Agents before 5.2, included in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0727 (Internet Explorer 6.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2001-0726 (Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used ...)
	NOT-FOR-US: Microsoft
CVE-2001-0724 (Internet Explorer 5.5 allows remote attackers to bypass security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0723 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0722 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0720 (Internet Explorer 5.1 for Macintosh on Mac OS X allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0719 (Buffer overflow in Microsoft Windows Media Player 6.4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0718 (Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) ...)
	NOT-FOR-US: Microsoft
CVE-2001-0717 (Format string vulnerability in ToolTalk database server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0716 (Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0710 (NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0706 (Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0701 (Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0700 (Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0699 (Buffer overflow in cb_reset in the System Service Processor (SSP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0698 (Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0697 (NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0696 (NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0692 (SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0690 (Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0686 (Buffer overflow in mail included with SunOS 5.8 for x86 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0685 (Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0682 (ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0680 (Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0677 (Eudora 5.0.2 allows a remote attacker to read arbitrary files via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0676 (Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0675 (Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2001-0670 (Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0668 (Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0667 (Internet Explorer 6 and earlier, when used with the Telnet client in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0666 (Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2001-0665 (Internet Explorer 6 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0664 (Internet Explorer 5.5 and 5.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2001-0663 (Terminal Server in Windows NT and Windows 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0662 (RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0660 (Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0659 (Buffer overflow in IrDA driver providing infrared data exchange on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0658 (Cross-site scripting (CSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0650 (Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0648 (Directory traversal vulnerability in PHProjekt 2.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when it is ...)
	NOT-FOR-US: Microsoft
CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0635 (Red Hat Linux 7.1 sets insecure permissions on swap files created ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0634 (Sun Chili!Soft ASP has weak permissions on various configuration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0631 (Centrinity First Class Internet Services 5.50 allows for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0630 (Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0629 (HP Event Correlation Service (ecsd) as included with OpenView Network Node  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0628 (Microsoft Word 2000 does not check AutoRecovery (.asd) files for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0627 (vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0625 (ftpdownload in Computer Associates InoculateIT 6.0 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0622 (The web management service on Cisco Content Service series 11000 ...)
	NOT-FOR-US: Cisco
CVE-2001-0621 (The FTP server on Cisco Content Service 11000 series switches (CSS) ...)
	NOT-FOR-US: Cisco
CVE-2001-0616 (Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0615 (Directory traversal vulnerability in Faust Informatics Freestyle Chat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0613 (Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0612 (McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0611 (Becky! 2.00.05 and earlier can allow a remote attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0596 (Netscape Communicator before 4.77 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0590 (Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0589 (NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0586 (TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0585 (Gordano NTMail 6.0.3c allows a remote attacker to create a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0574 (Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0573 (lsfs in AIX 4.x allows a local user to gain additional privileges by ...)
	NOT-FOR-US: AIX
CVE-2001-0567 (Digital Creations Zope 2.3.2 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0565 (Buffer overflow in mailx in Solaris 8 and earlier allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0564 (APC Web/SNMP Management Card prior to Firmware 310 only supports one ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0563 (ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0560 (Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0559 (crontab in Vixie cron 3.0.1 and earlier does not properly drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0558 (T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0554 (Buffer overflow in BSD-based telnetd telnet daemon on various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0553 (SSH Secure Shell 3.0.0 on Unix systems does not properly perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0550 (wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0549 (Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0548 (Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...)
	NOT-FOR-US: Microsoft
CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows ...)
	NOT-FOR-US: AIX
CVE-2001-0530 (Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0529 (OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0528 (Oracle E-Business Suite Release 11i Applications Desktop Integrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0527 (DCScripts DCForum versions 2000 and earlier allow a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0526 (Buffer overflow in the Xview library as used by mailtool in Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0525 (Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0522 (Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0518 (Oracle listener before Oracle 9i allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0517 (Oracle listener in Oracle 8i on Solaris allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0514 (SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run ...)
	NOT-FOR-US: Microsoft
CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0502 (Running Windows 2000 LDAP Server over SSL, a function does not ...)
	NOT-FOR-US: Microsoft
CVE-2001-0501 (Microsoft Word 2002 and earlier allows attackers to automatically ...)
	NOT-FOR-US: Microsoft
CVE-2001-0500 (Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0497 (dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0495 (Directory traversal in DataWizard WebXQ server 1.204 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0494 (Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0493 (Small HTTP server 2.03 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0489 (Format string vulnerability in gftp prior to 2.0.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0488 (pcltotiff in HP-UX 10.x has unnecessary set group id permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0487 (AIX SNMP server snmpd allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AIX
CVE-2001-0486 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0485 (Unknown vulnerability in netprint in IRIX 6.2, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0482 (Configuration error in Argus PitBull LX allows root users to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0481 (Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0475 (index.php in Jelsoft vBulletin does not properly initialize a PHP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0474 (Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0473 (Format string vulnerability in Mutt before 1.2.5 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0469 (rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0467 (Directory traversal vulnerability in RobTex Viking Web server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0465 (TurboTax saves passwords in a temporary file when a user imports ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0463 (Directory traversal vulnerability in cal_make.pl in PerlCal allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0462 (Directory traversal vulnerability in Perl web server 0.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0461 (template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0457 (man2html before 1.5-22 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0456 (postinst installation script for Proftpd in Debian 2.2 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0455 (Cisco Aironet 340 Series wireless bridge before 8.55 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2001-0449 (Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0444 (Cisco CBOS 2.3.0.053 sends output of the &quot;sh nat&quot; (aka &quot;show nat&quot;) ...)
	NOT-FOR-US: Cisco
CVE-2001-0442 (Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0440 (Buffer overflow in logging functions of licq before 1.0.3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0439 (licq before 1.0.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0434 (The LogDataListToFile ActiveX function used in (1) Knowledge Center ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0430 (Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0429 (Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an ...)
	NOT-FOR-US: Cisco
CVE-2001-0428 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0427 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0423 (Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0422 (Buffer overflow in Xsun in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0416 (sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0414 (Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0413 (BinTec X4000 Access router, and possibly other versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0412 (Cisco Content Services (CSS) switch products 11800 and earlier, aka ...)
	NOT-FOR-US: Cisco
CVE-2001-0409 (vim (aka gvim) allows local users to modify files being edited by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0408 (vim (aka gvim) processes VIM control codes that are embedded in a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0407 (Directory traversal vulnerability in MySQL before 3.23.36 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0405 (ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0402 (IPFilter 3.4.16 and earlier does not include sufficient session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0394 (Remote manager service in Website Pro 3.0.37 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0388 (time server daemon timed allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0387 (Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0386 (AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0383 (banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0379 (Vulnerability in the newgrp program included with HP9000 servers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0378 (readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa ...)
	NOT-FOR-US: Cisco
CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0368 (Directory traversal vulnerability in BearShare 2.2.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0366 (saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0365 (Eudora before 5.1 allows a remote attacker to execute arbitrary code, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0364 (SSH Communications Security sshd 2.4 for Windows allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0361 (Implementations of SSH version 1.5, including (1) OpenSSH up to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0353 (Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0351 (Microsoft Windows 2000 telnet service allows a local user to make a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0348 (Microsoft Windows 2000 telnet service allows attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0347 (Information disclosure vulnerability in Microsoft Windows 2000 telnet ...)
	NOT-FOR-US: Microsoft
CVE-2001-0346 (Handle leak in Microsoft Windows 2000 telnet service allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0345 (Microsoft Windows 2000 telnet service allows attackers to prevent idle ...)
	NOT-FOR-US: Microsoft
CVE-2001-0344 (An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using ...)
	NOT-FOR-US: Microsoft
CVE-2001-0341 (Buffer overflow in Microsoft Visual Studio RAD Support sub-component ...)
	NOT-FOR-US: Microsoft
CVE-2001-0340 (An interaction between the Outlook Web Access (OWA) service in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0339 (Internet Explorer 5.5 and earlier allows remote attackers to display a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digital ...)
	NOT-FOR-US: Microsoft
CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...)
	NOT-FOR-US: Microsoft
CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0327 (iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0326 (Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0321 (opendir.php script in PHP-Nuke allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0319 (orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0318 (Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0317 (Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0316 (Linux kernel 2.4 and 2.2 allows local users to read kernel memory and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0311 (Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0310 (sort in FreeBSD 4.1.1 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0309 (inetd in Red Hat 6.2 does not properly close sockets for internal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0301 (Buffer overflow in Analog before 4.16 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0299 (Buffer overflow in Voyager web administration server for Nokia IP440 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0295 (Directory traversal vulnerability in War FTP 1.67.04 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0290 (Vulnerability in Mailman 2.0.1 and earlier allows list administrators ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0289 (Joe text editor 2.8 searches the current working directory (CWD) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0288 (Cisco switches and routers running IOS 12.1 and earlier produce ...)
	NOT-FOR-US: Cisco
CVE-2001-0287 (VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0284 (Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0280 (Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0279 (Buffer overflow in sudo earlier than 1.6.3p6 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0278 (Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0276 (ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0274 (kicq IRC client 1.0.0, and possibly later versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0266 (Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0265 (ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0260 (Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0259 (ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0252 (iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0245 (Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0244 (Buffer overflow in Microsoft Index Server 2.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0243 (Windows Media Player 7 and earlier stores Internet shortcuts in a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0241 (Buffer overflow in Internet Printing ISAPI extension in Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0240 (Microsoft Word before Word 2002 allows attackers to automatically ...)
	NOT-FOR-US: Microsoft
CVE-2001-0239 (Microsoft Internet Security and Acceleration (ISA) Server 2000 Web ...)
	NOT-FOR-US: Microsoft
CVE-2001-0238 (Microsoft Data Access Component Internet Publishing Provider ...)
	NOT-FOR-US: Microsoft
CVE-2001-0237 (Memory leak in Microsoft 2000 domain controller allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0236 (Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0235 (Vulnerability in crontab allows local users to read crontab files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0234 (NewsDaemon before 0.21b allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0233 (Buffer overflow in micq client 0.4.6 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0230 (Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0222 (webmin 0.84 and earlier allows local users to overwrite and create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0221 (Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0219 (Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0218 (Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0215 (ROADS search.pl program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0207 (Buffer overflow in bing allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0204 (Watchguard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0203 (Watchguard Firebox II firewall allows users with read-only access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0197 (Format string vulnerability in print_client in icecast 1.3.8beta2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0193 (Format string vulnerability in man in some Linux distributions allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0191 (gnuserv before 3.12, as shipped with XEmacs, does not properly check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0190 (Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0189 (Directory traversal vulnerability in LocalWEB2000 HTTP server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0187 (Format string vulnerability in wu-ftp 2.6.1 and earlier, when running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0185 (Netopia R9100 router version 4.6 allows authenticated users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0183 (ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0182 (FireWall-1 4.1 with a limited-IP license allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0179 (Allaire JRun 3.0 allows remote attackers to list contents of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0178 (kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0176 (The setuid doroot program in Voyant Sonata 3.x executes arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0175 (The caching module in Netscape Fasttrack Server 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0174 (Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0170 (glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0169 (When using the LD_PRELOAD environmental variable in SUID or SGID ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0166 (Macromedia Shockwave Flash plugin version 8 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0165 (Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0164 (Buffer overflow in Netscape Directory Server 4.12 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0157 (Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0156 (VShell SSH gateway 1.0.1 and earlier has a default port forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0155 (Format string vulnerability in VShell SSH gateway 1.0.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0154 (HTML e-mail feature in Internet Explorer 5.5 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...)
	NOT-FOR-US: Microsoft
CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0148 (The WMP ActiveX Control in Windows Media Player 7 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0147 (Buffer overflow in Windows 2000 event viewer snap-in allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0144 (CORE SDI SSH1 CRC-32 compensation attack detector allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0143 (vpop3d program in linuxconf 1.23r and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0142 (squid 2.3 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0141 (mgetty 1.1.22 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0140 (arpwatch 2.1a4 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0139 (inn 2.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0138 (privatepw program in wu-ftpd before 2.6.1-6 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0137 (Windows Media Player 7 allows remote attackers to execute malicious ...)
	NOT-FOR-US: Microsoft
CVE-2001-0136 (Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0130 (Buffer overflow in HTML parser of the Lotus R5 Domino Server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0129 (Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0128 (Zope before 2.2.4 does not properly compute local roles, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0126 (Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0125 (exmh 2.2 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0124 (Buffer overflow in exrecover in Solaris 2.6 and earlier possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0123 (Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0122 (Kernel leak in AfpaCache module of the Fast Response Cache Accelerator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0121 (ImageCast Control Center 4.1.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0120 (useradd program in shadow-utils program may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0119 (getty_ps 2.0.7j allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0118 (rdist 6.1.5 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0117 (sdiff 2.7 in the diffutils package allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0116 (gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0115 (Buffer overflow in arp command in Solaris 7 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0111 (Format string vulnerability in splitvt before 1.6.5 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0110 (Buffer overflow in jaZip Zip/Jaz drive manager allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0109 (rctab in SuSE 7.0 and earlier allows local users to create or overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0108 (PHP Apache module 4.0.4 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0106 (Vulnerability in inetd server in HP-UX 11.04 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0105 (Vulnerability in top in HP-UX 11.04 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0100 (bslist.cgi mailing list script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0092 (A function in Internet Explorer 5.0 through 5.5 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2001-0091 (The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0090 (The Print Templates feature in Internet Explorer 5.5 executes ...)
	NOT-FOR-US: Microsoft
CVE-2001-0089 (Internet Explorer 5.0 through 5.5 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2001-0085 (Buffer overflow in Kermit communications software in HP-UX 11.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0078 (in.mond in Sun Cluster 2.x allows local users to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0077 (The clustmon service in Sun Cluster 2.x does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0072 (gpg (aka GnuPG) 1.0.4 and other versions imports both public and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0063 (procfs in FreeBSD and possibly other operating systems allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0062 (procfs in FreeBSD and possibly other operating systems allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0061 (procfs in FreeBSD and possibly other operating systems does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0060 (Format string vulnerability in stunnel 3.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0059 (patchadd in Solaris allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0058 (The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0057 (Cisco 600 routers running CBOS 2.4.1 and earlier allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0056 (The Cisco Web Management interface in routers running CBOS 2.4.1 and ...)
	NOT-FOR-US: Cisco
CVE-2001-0055 (CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0054 (Directory traversal vulnerability in FTP Serv-U before 2.5i allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0053 (One-byte buffer overflow in replydirname function in BSD-based ftpd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0050 (Buffer overflow in BitchX IRC client allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0043 (phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0042 (PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0041 (Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches ...)
	NOT-FOR-US: Cisco
CVE-2001-0040 (APC UPS daemon, apcupsd, saves its process ID in a world-writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0039 (IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0036 (KTH Kerberos IV allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0035 (Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0034 (KTH Kerberos IV allows local users to specify an alternate proxy using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0033 (KTH Kerberos IV allows local users to change the configuration of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0028 (Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0026 (rp-pppoe PPPoE client allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content ...)
	NOT-FOR-US: Cisco
CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced ...)
	NOT-FOR-US: Microsoft
CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0016 (NTLM Security Support Provider (NTLMSSP) service does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0015 (Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users ...)
	NOT-FOR-US: Microsoft
CVE-2001-0014 (Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not ...)
	NOT-FOR-US: Microsoft
CVE-2001-0013 (Format string vulnerability in nslookupComplain function in BIND 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0012 (BIND 4 and BIND 8 allow remote attackers to access sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0011 (Buffer overflow in nslookupComplain function in BIND 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0010 (Buffer overflow in transaction signature (TSIG) handling code in BIND ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0009 (Directory traversal vulnerability in Lotus Domino 5.0.5 web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0008 (Backdoor account in Interbase database server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0007 (Buffer overflow in NetScreen Firewall WebUI allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has ...)
	NOT-FOR-US: Microsoft
CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0001 (cookiedecode function in PHP-Nuke 4.4 allows users to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1212 (Zope 2.2.0 through 2.2.4 does not properly protect a data updating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1211 (Zope 2.2.0 through 2.2.4 does not properly perform security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1210 (Directory traversal vulnerability in source.jsp of Apache Tomcat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1203 (Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1200 (Windows NT allows remote attackers to list all users in a domain by ...)
	NOT-FOR-US: Microsoft
CVE-2000-1196 (PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1195 (telnet daemon (telnetd) from the Linux netkit package before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1193 (Performance Metrics Collector Daemon (PMCD) in Performance Copilot in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1190 (imwheel-solo in imwheel package allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1189 (Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1187 (Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1184 (telnetd in FreeBSD 4.2 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1182 (WatchGuard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1178 (Joe text editor follows symbolic links when creating a rescue copy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1174 (Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1171 (Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1170 (Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1169 (OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1167 (ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1166 (Twig webmail system does not properly set the &quot;vhosts&quot; variable if it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1165 (Balabit syslog-ng allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1164 (WinVNC installs the WinVNC3 registry key with permissions that give ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1163 (ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1162 (ghostscript before 5.10-16 allows local users to overwrite files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1149 (Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1148 (The installation of VolanoChatPro chat server sets world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1146 (Recourse ManTrap 1.6 allows attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1145 (Recourse ManTrap 1.6 allows attackers who have gained root access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1144 (Recourse ManTrap 1.6 sets up a chroot environment to hide the fact ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1143 (Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1142 (Recourse ManTrap 1.6 generates an error when an attacker cd's to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1141 (Recourse ManTrap 1.6 modifies the kernel so that &quot;..&quot; does not appear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1140 (Recourse ManTrap 1.6 does not properly hide processes from attackers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates a ...)
	NOT-FOR-US: Microsoft
CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1131 (Bill Kendrick web site guestbook (GBook) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1124 (Buffer overflow in piobe command in IBM AIX 4.3.x allows local users ...)
	NOT-FOR-US: AIX
CVE-2000-1123 (Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may ...)
	NOT-FOR-US: AIX
CVE-2000-1122 (Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may ...)
	NOT-FOR-US: AIX
CVE-2000-1121 (Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow ...)
	NOT-FOR-US: AIX
CVE-2000-1120 (Buffer overflow in digest command in IBM AIX 4.3.x and earlier ...)
	NOT-FOR-US: AIX
CVE-2000-1119 (Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows ...)
	NOT-FOR-US: AIX
CVE-2000-1115 (Buffer overflow in remote web administration component (webprox.dll) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1113 (Buffer overflow in Microsoft Windows Media Player allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-1112 (Microsoft Windows Media Player 7 executes scripts in custom skin ...)
	NOT-FOR-US: Microsoft
CVE-2000-1111 (Telnet Service for Windows 2000 Professional does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2000-1109 (Midnight Commander (mc) 4.5.51 and earlier does not properly process ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1108 (cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1107 (in.identd ident server in SuSE Linux 6.x and 7.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1106 (Trend Micro InterScan VirusWall creates an &quot;Intscan&quot; share to the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1101 (Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1099 (Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1097 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1096 (crontab by Paul Vixie uses predictable file names for a temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1095 (modprobe in the modutils 2.3.x package on Linux systems allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1094 (Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1089 (Buffer overflow in Microsoft Phone Book Service allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2000-1080 (Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1077 (Buffer overflow in the SHTML logging functionality of iPlanet Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1075 (Directory traversal vulnerability in iPlanet Certificate Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1074 (csstart program in iCal 2.1 Patch 2 uses relative pathnames to install ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1073 (csstart program in iCal 2.1 Patch 2 searches for the cshttpd program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1072 (iCal 2.1 Patch 2 installs many files with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1071 (The GUI installation for iCal 2.1 Patch 2 disables access control for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1070 (pollit.cgi in Poll It 2.01 and earlier uses data files that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1069 (pollit.cgi in Poll It 2.01 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1068 (pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1061 (Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-1060 (The default configuration of XFCE 3.5.1 bypasses the Xauthority access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1059 (The default configuration of the Xsession file in Mandrake Linux 7.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1058 (Buffer overflow in OverView5 CGI program in HP OpenView Network Node ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1057 (Vulnerabilities in database configuration scripts in HP OpenView ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1056 (CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2000-1055 (Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2000-1054 (Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and ...)
	NOT-FOR-US: Cisco
CVE-2000-1051 (Directory traversal vulnerability in Allaire JRun 2.3 server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1050 (Allaire JRun 3.0 http servlet server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1049 (Allaire JRun 3.0 http servlet server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1047 (Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1045 (nss_ldap earlier than 121, when run with nscd (name service caching ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1044 (Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1043 (Format string vulnerability in ypserv in Mandrake Linux 7.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1042 (Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1041 (Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1040 (Format string vulnerability in logging function of ypbind 3.3, while ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1038 (The web administration interface for IBM AS/400 Firewall allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1036 (Directory traversal vulnerability in Extent RBS ISP web server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine ...)
	NOT-FOR-US: Cisco
CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1022 (The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier ...)
	NOT-FOR-US: Cisco
CVE-2000-1019 (Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1018 (shred 1.0 file wiping utility does not properly open a file for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1016 (The default configuration of Apache (httpd.conf) on SuSE 6.4 includes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1014 (Format string vulnerability in the search97.cgi CGI script in SCO help ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1011 (Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1010 (Format string vulnerability in talkd in OpenBSD and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1007 (I-gear 3.5.7 and earlier does not properly process log entries in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1006 (Microsoft Exchange Server 5.5 does not properly handle a MIME header ...)
	NOT-FOR-US: Microsoft
CVE-2000-1005 (Directory traversal vulnerability in html_web_store.cgi and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1004 (Format string vulnerability in OpenBSD photurisd allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1003 (NETBIOS client in Windows 95 and Windows 98 allows a remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2000-1002 (POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1001 (add_2_basket.asp in Element InstantShop allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1000 (Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0996 (Format string vulnerability in OpenBSD su program (and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0995 (Format string vulnerability in OpenBSD yp_passwd program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0994 (Format string vulnerability in OpenBSD fstat program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...)
	{CVE-2004-0175}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0981 (MySQL Database Engine uses a weak authentication method which leaks ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0980 (NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink ...)
	NOT-FOR-US: Microsoft
CVE-2000-0979 (File and Print Sharing service in Windows 95, Windows 98, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0978 (bbd server in Big Brother System and Network Monitor before 1.5c2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0977 (mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0976 (Buffer overflow in xlib in XFree 3.3.x possibly allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0975 (Directory traversal vulnerability in apexec.pl in Anaconda Foundation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0974 (GnuPG (gpg) 1.0.3 does not properly check all signatures of a file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0973 (Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure ...)
	NOT-FOR-US: Microsoft
CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0967 (PHP 3 and 4 do not properly cleanse user-injected format strings, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0966 (Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0965 (The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0964 (Buffer overflow in the web administration service for the HiNet LP5100 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0962 (The IPSEC implementation in OpenBSD 2.7 does not properly handle empty ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0961 (Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0960 (The POP3 server in Netscape Messaging Server 4.15p1 generates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0959 (glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of a web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before 0.4.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0953 (Shambala Server 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index ...)
	NOT-FOR-US: Microsoft
CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0947 (Format string vulnerability in cfd daemon in GNU CFEngine before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0946 (Compaq Easy Access Keyboard software 1.3 does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0945 (The web configuration interface for Catalyst 3500 XL switches allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0944 (CGI Script Center News Update 1.1 does not properly validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0943 (Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0942 (The CiWebHitsFile component in Microsoft Indexing Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0941 (Kootenay Web KW Whois 1.0 CGI program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0938 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0937 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0936 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0935 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0934 (Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0933 (The Input Method Editor (IME) in the Simplified Chinese version of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0932 (MAILsweeper for SMTP 3.x does not properly handle corrupt CDA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0930 (Pegasus Mail 3.12 allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0929 (Microsoft Windows Media Player 7 allows attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0928 (WQuinn QuotaAdvisor 4.1 allows users to list directories and files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0927 (WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0926 (SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0925 (The default installation of SmartWin CyberOffice Shopping Cart 2 (aka ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0924 (Directory traversal vulnerability in search.cgi CGI script in Armada ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0923 (authenticate.cgi CGI program in Aplio PRO allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0922 (Directory traversal vulnerability in Bytes Interactive Web Shopper ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0921 (Directory traversal vulnerability in Hassan Consulting shop.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0920 (Directory traversal vulnerability in BOA web server 0.94.8.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0919 (Directory traversal vulnerability in PHPix Photo Album 1.0.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0917 (Format string vulnerability in use_syslog() function in LPRng 3.6.24 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0915 (fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0914 (OpenBSD 2.6 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0913 (mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0912 (MultiHTML CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0911 (IMP 2.2 and earlier allows attackers to read and delete arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0910 (Horde library 1.02 allows attackers to execute arbitrary commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0909 (Buffer overflow in the automatic mail checking component of Pine 4.21 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0908 (BrowseGate 2.80 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0901 (Format string vulnerability in screen 3.9.5 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0900 (Directory traversal vulnerability in ssi CGI program in thttpd 2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0897 (Small HTTP Server 2.03 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0896 (WatchGuard SOHO firewall allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0895 (Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0894 (HTTP server on the WatchGuard SOHO firewall does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0892 (Some telnet clients allow remote telnet servers to request environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0891 (A default ECL in Lotus Notes before 5.02 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0890 (periodic in FreeBSD 4.1.1 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0888 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0877 (mailform.pl CGI script in MailForm 2.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0876 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0875 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0874 (Eudora mail client includes the absolute path of the sender's host ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0873 (netstat in AIX 4.x.x does not properly restrict access to the -Zi ...)
	NOT-FOR-US: AIX
CVE-2000-0871 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0870 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0869 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0868 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0867 (Kernel logging daemon (klogd) in Linux does not properly cleanse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0865 (Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0864 (Race condition in the creation of a Unix domain socket in GNOME esound ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0863 (Buffer overflow in listmanager earlier than 2.105.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0862 (Vulnerability in an administrative interface utility for Allaire ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0861 (Mailman 1.1 allows list administrators to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0860 (The file upload capability in PHP versions 3 and 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0859 (The web configuration server for NTMail V5 and V6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0858 (Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0856 (Buffer overflow in SunFTP build 9(1) allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0854 (When a Microsoft Office 2000 document is launched, the directory of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0853 (YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0852 (Multiple buffer overflows in eject on FreeBSD and possibly other OSes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0851 (Buffer overflow in the Still Image Service in Windows 2000 allows local ...)
	NOT-FOR-US: Microsoft
CVE-2000-0850 (Netegrity SiteMinder before 4.11 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0849 (Race condition in Microsoft Windows Media server allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0848 (Buffer overflow in IBM WebSphere web application server (WAS) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0847 (Buffer overflow in University of Washington c-client library (used by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0846 (Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0844 (Some functions that implement the locale subsystem on Unix do not  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0839 (WinCOM LPD 1.00.90 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0838 (Fastream FUR HTTP server 1.0b allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0837 (FTP Serv-U 2.5e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0834 (The Windows 2000 telnet client attempts to perform NTLM authentication ...)
	NOT-FOR-US: Microsoft
CVE-2000-0830 (annclist.exe in webTV for Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0829 (The tmpwatch utility in Red Hat Linux forks a new process for each ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0825 (Ipswitch Imail 6.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0824 (The unsetenv function in glibc 2.1.1 does not properly unset an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0818 (The default installation for the Oracle listener program 7.3.4, 8.0.6, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0816 (Linux tmpwatch --fuser option allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0813 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0811 (Auction Weaver 1.0 through 1.04 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0810 (Auction Weaver 1.0 through 1.04 does not properly validate the names ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0809 (Buffer overflow in Getkey in the protocol checker in the inter-module ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0808 (The seed generation mechanism in the inter-module S/Key authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0807 (The OPSEC communications authentication mechanism (fwn1) in Check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0806 (The inter-module authentication mechanism (fwa1) in Check Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0805 (Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0804 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0803 (GNU Groff uses the current working directory to find a device ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0799 (inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0797 (Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0796 (Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0795 (Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0792 (Gnome Lokkit firewall package before 0.41 does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0790 (The web-based folder display capability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-0788 (The Mail Merge tool in Microsoft Word does not prompt the user before ...)
	NOT-FOR-US: Microsoft
CVE-2000-0787 (IRC Xchat client versions 1.4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0786 (GNU userv 1.0.0 and earlier does not properly perform file descriptor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0783 (Watchguard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0782 (netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0781 (uagentsetup in ARCServeIT Client Agent 6.62 does not properly check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0780 (The web server in IPSWITCH IMail 6.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...)
	NOT-FOR-US: Microsoft
CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...)
	NOT-FOR-US: Microsoft
CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0766 (Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0765 (Buffer overflow in the HTML interpreter in Microsoft Office 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0764 (Intel Express 500 series switches allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0763 (xlockmore and xlockf do not properly cleanse user-injected format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0762 (The default installation of eTrust Access Control (formerly SeOS) uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0761 (OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0758 (The web interface for Lyris List Manager 3 and 4 allows list ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0754 (Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0753 (The Microsoft Outlook mail client identifies the physical path of the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0751 (mopd (Maintenance Operations Protocol loader daemon) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0750 (Buffer overflow in mopd (Maintenance Operations Protocol loader ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0749 (Buffer overflow in the Linux binary compatibility module in FreeBSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0747 (The logrotate script for OpenLDAP before 1.2.11 in Conectiva ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0745 (admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0744 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0742 (The IPX protocol implementation in Microsoft Windows 95 and 98 allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0741 (Format string vulnerability in strong.exe program in NAI Net Tools PKI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0740 (Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0739 (Directory traversal vulnerability in strong.exe program in NAI Net ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0738 (WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0737 (The Service Control Manager (SCM) in Windows 2000 creates predictable ...)
	NOT-FOR-US: Microsoft
CVE-2000-0733 (Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0732 (Worm HTTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0731 (Directory traversal vulnerability in Worm HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0730 (Vulnerability in newgrp command in HP-UX 11.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0729 (FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0728 (xpdf PDF viewer client earlier than 0.91 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0727 (xpdf PDF viewer client earlier than 0.91 does not properly launch a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0726 (CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0725 (Zope before 2.2.1 does not properly restrict access to the getRoles ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0720 (news.cgi in GWScripts News Publisher does not properly authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0718 (A race condition in MandrakeUpdate allows local users to modify RPM ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0717 (GoodTech FTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0716 (WorldClient email client in MDaemon 2.8 includes the session ID in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0712 (Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0711 (Netscape Communicator does not properly prevent a ServerSocket object ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0708 (Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0707 (PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0706 (Buffer overflows in ntop running in web mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0705 (ntop running in web mode allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0703 (suidperl (aka sperl) does not properly cleanse the escape sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0702 (The net.init rc script in HP-UX 11.00 (S008net.init) allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0700 (Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit ...)
	NOT-FOR-US: Cisco
CVE-2000-0699 (Format string vulnerability in ftpd in HP-UX 10.20 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0698 (Minicom 1.82.1 and earlier on some Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0694 (pgxconfig in the Raptor GFX configuration tool allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0693 (pgxconfig in the Raptor GFX configuration tool uses a relative path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0685 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0684 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0683 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0682 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0681 (Buffer overflow in BEA WebLogic server proxy plugin allows remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0679 (The CVS 1.10.8 client trusts pathnames that are provided by the CVS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0678 (PGP 5.5.x through 6.5.3 does not properly check if an Additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0677 (Buffer overflow in IBM Net.Data db2www CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0676 (Netscape Communicator and Navigator 4.04 through 4.74 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0675 (Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0674 (ftp.pl CGI program for Virtual Visions FTP browser allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0673 (The NetBIOS Name Server (NBNS) protocol does not perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0672 (The default configuration of Jakarta Tomcat does not restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0671 (Roxen web server earlier than 2.0.69 allows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0670 (The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0669 (Novell NetWare 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0668 (pam_console PAM module in Linux systems allows a user to access the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0666 (rpc.statd in the nfs-utils package in various Linux distributions does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0665 (GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0664 (AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0663 (The registry entry for the Windows Shell executable (Explorer.exe) in ...)
	NOT-FOR-US: Microsoft
CVE-2000-0662 (Internet Explorer 5.x and Microsoft Outlook allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0661 (WircSrv IRC Server 5.07s allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0655 (Netscape Communicator 4.73 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0654 (Microsoft Enterprise Manager allows local users to obtain database ...)
	NOT-FOR-US: Microsoft
CVE-2000-0652 (IBM WebSphere allows remote attackers to read source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0651 (The ClientTrust program in Novell BorderManager does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0650 (The default installation of VirusScan 4.5 and NetShield 4.5 has ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0644 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0643 (Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0642 (The default configuration of WebActive HTTP Server 1.00 stores the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0641 (Savant web server allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0640 (Guild FTPd allows remote attackers to determine the existence of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2000-0636 (HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0635 (The view_page.html sample page in the MiniVend shopping cart program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0634 (The web administration interface for CommuniGate Pro 3.2.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0633 (Vulnerability in Mandrake Linux usermode package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source ...)
	NOT-FOR-US: Microsoft
CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0624 (Buffer overflow in Winamp 2.64 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0622 (Buffer overflow in Webfind CGI program in O'Reilly WebSite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0621 (Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0620 (libX11 X library allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0619 (Top Layer AppSwitch 2500 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0616 (Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0615 (LPRng 3.6.x improperly installs lpd as setuid root, which can allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0613 (Cisco Secure PIX Firewall does not properly identify forged TCP Reset ...)
	NOT-FOR-US: Cisco
CVE-2000-0611 (The default configuration of NetWin dMailWeb and cwMail trusts all POP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0604 (gkermit in Red Hat Linux is improperly installed with setgid uucp, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0603 (Microsoft SQL Server 7.0 allows a local user to bypass permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2000-0602 (Secure Locate (slocate) in Red Hat Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0601 (LeafChat 1.7 IRC client allows a remote IRC server to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0600 (Netscape Enterprise Server in NetWare 5.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0599 (Buffer overflow in iMesh 1.02 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0598 (Fortech Proxy+ allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0597 (Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are ...)
	NOT-FOR-US: Microsoft
CVE-2000-0596 (Internet Explorer 5.x does not warn a user before opening a Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2000-0595 (libedit searches for the .editrc file in the current directory instead ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0594 (BitchX IRC client does not properly cleanse an untrusted format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0593 (WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0591 (Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0590 (Poll It 2.0 CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0588 (SawMill 5.0.21 CGI program allows remote attackers to read the first ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0587 (The privpath directive in glftpd 1.18 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0586 (Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0585 (ISC DHCP client program dhclient allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0584 (Buffer overflow in Canna input system allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0583 (vchkpw program in vpopmail before version 4.8 does not properly cleanse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0582 (Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0581 (Windows 2000 Telnet Server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2000-0579 (IRIX crontab creates temporary files with predictable file names and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0577 (Netscape Professional Services FTP Server 1.3.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0576 (Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows ...)
	NOT-FOR-US: AIX
CVE-2000-0575 (SSH 1.2.27 with Kerberos authentication support stores Kerberos ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0573 (The lreply function in wu-ftpd 2.6.0 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0571 (LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0570 (FirstClass Internet Services server 5.770, and other versions before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0569 (Sybergen Sygate allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0568 (Sybergen Secure Desktop 2.1 does not properly protect against false ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0567 (Buffer overflow in Microsoft Outlook and Outlook Express allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0566 (makewhatis in Linux man package allows local users to overwrite files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0565 (SmartFTP Daemon 0.2 allows a local user to access arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0561 (Buffer overflow in WebBBS 1.15 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0558 (Buffer overflow in HP Openview Network Node Manager 6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0557 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0556 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0555 (Ceilidh allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0553 (Race condition in IPFilter firewall 3.4.3 and earlier, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0552 (ICQwebmail client for ICQ 2000A creates a world readable temporary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0551 (The file transfer mechanism in Danware NetOp 6.0 does not provide ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0550 (Kerberos 4 KDC program improperly frees memory twice (aka ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0549 (Kerberos 4 KDC program does not properly check for null termination of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0548 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0542 (Tigris remote access server before 11.5.4.22 does not properly record ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0541 (The Panda Antivirus console on port 2001 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0540 (JSP sample files in Allaire JRun 2.3.x allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0539 (Servlet examples in Allaire JRun 2.3.x allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0538 (ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0537 (BRU backup software allows local users to append data to arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0536 (xinetd 2.1.8.x does not properly restrict connections if hostnames are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0534 (The apsfilter software in the FreeBSD ports package does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0533 (Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0532 (A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0530 (The KApplication class in the KDE 1.1.2 configuration file management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0529 (Net Tools PKI Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0528 (Net Tools PKI Server does not properly restrict access to remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0525 (OpenSSH does not properly drop privileges when the UseLogin option is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0523 (Buffer overflow in the logging feature of EServ 2.9.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0522 (RSA ACE/Server allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0521 (Savant web server allows remote attackers to read source code of CGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0519 (Internet Explorer 4.x and 5.x does not properly re-validate an SSL ...)
	NOT-FOR-US: Microsoft
CVE-2000-0518 (Internet Explorer 4.x and 5.x does not properly verify all contents of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0517 (Netscape 4.73 and earlier does not properly warn users about a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0516 (When configured to store configuration information in an LDAP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0515 (The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0514 (GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0513 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0512 (CUPS (Common Unix Printing System) 1.04 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0511 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0510 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0508 (rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0507 (Imate Webmail Server 2.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0506 (The &quot;capabilities&quot; feature in Linux before 2.2.16 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0505 (The Apache 1.3.x HTTP server for Windows platforms allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0504 (libICE in XFree86 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0502 (Mcafee VirusScan 4.03 does not properly restrict access to the alert ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0501 (Race condition in MDaemon 2.8.5.0 POP server allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0500 (The default configuration of BEA WebLogic 5.1.0 allows a remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0499 (The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0495 (Microsoft Windows Media Encoder allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0494 (Veritas Volume Manager creates a world writable .server_pids file, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0493 (Buffer overflow in Simple Network Time Sync (SMTS) daemon allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0490 (Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0489 (FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote ...)
	NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords ...)
	NOT-FOR-US: Microsoft
CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0482 (Check Point Firewall-1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0481 (Buffer overflow in KDE Kmail allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0478 (In some cases, Norton Antivirus for Exchange (NavExchange) enters a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0477 (Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0475 (Windows 2000 allows a local user process to access another user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0474 (Real Networks RealServer 7.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0472 (Buffer overflow in innd 2.2.2 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0471 (Buffer overflow in ufsrestore in Solaris 8 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0470 (Allegro RomPager HTTP server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0469 (Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0468 (man in HP-UX 10.20 and 11 allows local attackers to overwrite files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0467 (Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell ...)
	NOT-FOR-US: AIX
CVE-2000-0465 (Internet Explorer 4.x and 5.x does properly verify the domain of a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2000-0463 (BeOS 5.0 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0462 (ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0461 (The undocumented semconfig system call in BSD freezes the state of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0460 (Buffer overflow in KDE kdesud on Linux allows local uses to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0459 (IMP does not remove files properly if the MSWordView application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file ...)
	NOT-FOR-US: Microsoft
CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0454 (Buffer overflow in Linux cdrecord allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0453 (XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0452 (Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0451 (The Intel express 8100 ISDN router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0448 (The WebShield SMTP Management Tool version 4.5.44 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0447 (Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0446 (Buffer overflow in MDBMS database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0445 (The pgpk command in PGP 5.x on Unix systems uses an insufficiently ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0443 (The web interface server in HP Web JetAdmin 5.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0442 (Qpopper 2.53 and earlier allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0441 (Vulnerability in AIX 3.2.x and 4.x allows local users to gain write ...)
	NOT-FOR-US: AIX
CVE-2000-0440 (NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0439 (Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2000-0438 (Buffer overflow in fdmount on Linux systems allows local users in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0437 (Buffer overflow in the CyberPatrol daemon &quot;cyberdaemon&quot; used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0436 (MetaProducts Offline Explorer 1.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0435 (The allmanageup.pl file upload CGI script in the Allmanage Website ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0432 (The calender.pl and the calendar_admin.pl calendar scripts by Matt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0431 (Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0430 (Cart32 allows remote attackers to access sensitive debugging ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0428 (Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0427 (The Aladdin Knowledge Systems eToken device allows attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0426 (UltraBoard 1.6 and other versions allow remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0425 (Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0424 (The CGI counter 4.0.7 by George Burgyan allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0421 (The process_bug.cgi script in Bugzilla allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0419 (The Office 2000 UA ActiveX Control is marked as &quot;safe for scripting,&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0418 (The Cayman 3220-H DSL router allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0417 (The HTTP administration interface to the Cayman 3220-H DSL router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0416 (NTMail 5.x allows network users to bypass the NTMail proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0414 (Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0411 (Matt Wright's FormMail CGI script allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0410 (ColdFusion Server 4.5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0405 (Buffer overflow in L0pht AntiSniff allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0404 (The CIFS Computer Browser service allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0403 (The CIFS Computer Browser service on Windows NT 4.0 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0402 (The Mixed Mode authentication capability in Microsoft SQL Server 7.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0399 (Buffer overflow in MDaemon POP server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0398 (Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0397 (The EMURL web-based email account software encodes predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0396 (The add.exe program in the Carello shopping cart software allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0395 (Buffer overflow in CProxy 3.3 allows remote users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0394 (NetProwler 3.0 allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0393 (The KDE kscd program does not drop privileges when executing a program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0392 (Buffer overflow in ksu in Kerberos 5 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0391 (Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0390 (Buffer overflow in krb425_conv_principal function in Kerberos 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0389 (Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0388 (Buffer overflow in FreeBSD libmytinfo library allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0387 (The makelev program in the golddig game from the FreeBSD ports ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0382 (ColdFusion ClusterCATS appends stale query string arguments to a URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0381 (The Gossamer Threads DBMan db.cgi CGI script allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0380 (The IOS HTTP service in Cisco routers and switches running IOS 11.1 ...)
	NOT-FOR-US: Cisco
CVE-2000-0379 (The Netopia R9100 router does not prevent authenticated users from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0378 (The pam_console PAM module in Linux systems performs a chown on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0377 (The Remote Registry server in Windows NT 4.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0376 (Buffer overflow in the HTTP proxy server for the i-drive Filo software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates core ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0372 (Vulnerability in Caldera rmt command in the dump package 0.4b4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0371 (The libmediatool library used for the KDE mediatool allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0370 (The debug option in Caldera Linux smail allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the ...)
	NOT-FOR-US: Cisco
CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0362 (Buffer overflows in Linux cdwtools 093 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0361 (The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0360 (Buffer overflow in INN 2.2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0359 (Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0356 (Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0354 (mirror 2.8.x in Linux systems allows remote attackers to create files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0353 (Pine 4.x allows a remote attacker to execute arbitrary commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0352 (Pine before version 4.21 does not properly filter shell metacharacters ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0351 (Some packaging commands in SCO UnixWare 7.1.0 have insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0350 (A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0349 (Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0348 (A vulnerability in the Sendmail configuration file sendmail.cf as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0347 (Windows 95 and Windows 98 allow a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0346 (AppleShare IP 6.1 and later allows a remote attacker to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0344 (The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0342 (Eudora 4.x allows remote attackers to bypass the user warning for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0341 (ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0340 (Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0339 (ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0338 (Concurrent Versions Software (CVS) uses predictable temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0337 (Buffer overflow in Xsun X server in Solaris 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0336 (Linux OpenLDAP server allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0335 (The resolver in glibc 2.1.3 uses predictable IDs, which allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0334 (The Allaire Spectra container editor preview tool does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0332 (UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0331 (Buffer overflow in Microsoft command processor (CMD.EXE) for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0330 (The networking software in Windows 95 and Windows 98 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0329 (A Microsoft ActiveX control allows a remote attacker to execute a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0328 (Windows NT 4.0 generates predictable random TCP initial sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0327 (Microsoft Virtual Machine (VM) allows remote attackers to escape the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0324 (pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0323 (The Microsoft Jet database engine allows an attacker to modify text ...)
	NOT-FOR-US: Microsoft
CVE-2000-0322 (The passwd.php3 CGI script in the Red Hat Piranha Virtual Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0320 (Qpopper 2.53 and 3.0 does not properly identify the \n string which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0319 (mail.local in Sendmail 8.10.x does not properly identify the .\n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0318 (Atrium Mercur Mail Server 3.2 allows local attackers to read other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0316 (Buffer overflow in Solaris 7 lp allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0315 (traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0314 (traceroute in NetBSD 1.3.3 and Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0313 (Vulnerability in OpenBSD 2.6 allows a local user to change interface ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0311 (The Windows 2000 domain controller allows a malicious user to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0310 (IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0309 (The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0308 (Insecure file permissions for Netscape FastTrack Server 2.x, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0307 (Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0306 (Buffer overflow in calserver in SCO OpenServer allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0305 (Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0304 (Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory ...)
	NOT-FOR-US: Microsoft
CVE-2000-0303 (Quake3 Arena allows malicious server operators to read or modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0302 (Microsoft Index Server allows remote attackers to view the source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0301 (Ipswitch IMAIL server 6.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0298 (The unattended installation of Windows 2000 with the OEMPreinstall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0297 (Allaire Forums 2.0.5 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0296 (fcheck allows local users to gain privileges by embedding shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0294 (Buffer overflow in healthd for FreeBSD allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0292 (The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0290 (Buffer overflow in Webstar HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0289 (IP masquerading in Linux 2.2.x allows remote attackers to route UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0287 (The BizDB CGI script bizdb-search.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0285 (Buffer overflow in XFree86 3.3.x allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0283 (The default installation of IRIX Performance Copilot allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0282 (TalentSoft webpsvr daemon in the Web+ shopping cart application allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0279 (BeOS allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0278 (The SalesLogix Eviewer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0277 (Microsoft Excel 97 and 2000 does not warn the user when executing ...)
	NOT-FOR-US: Microsoft
CVE-2000-0276 (BeOS 4.5 and 5.0 allow local users to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0274 (The Linux trustees kernel patch allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0273 (PCAnywhere allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0272 (RealNetworks RealServer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0268 (Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2000-0267 (Cisco Catalyst 5.4.x allows a user to gain access to the &quot;enable&quot; mode ...)
	NOT-FOR-US: Cisco
CVE-2000-0265 (Panda Security 3.0 allows users to uninstall the Panda software via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0264 (Panda Security 3.0 with registry editing disabled allows users to edit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0263 (The X font server xfs in Red Hat Linux 6.x allows an attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0262 (The AVM KEN! ISDN Proxy server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0254 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0253 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0252 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0251 (HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0249 (The AIX Fast Response Cache Accelerator (FRCA) allows local users to ...)
	NOT-FOR-US: AIX
CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing ...)
	NOT-FOR-US: Microsoft
CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0240 (vqSoft vqServer program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0238 (Buffer overflow in the web server for Norton AntiVirus for Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0237 (Netscape Enterprise Server with Web Publishing enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0236 (Netscape Enterprise Server with Directory Indexing enabled allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0235 (Buffer overflow in the huh program in the orville-write package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0234 (The default configuration of Cobalt RaQ2 and RaQ3 as specified in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0233 (SuSE Linux IMAP server allows remote attackers to bypass IMAP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0232 (Microsoft TCP/IP Printing Services, aka Print Services for Unix, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0231 (Linux kreatecd trusts a user-supplied path that is used to find the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0223 (Buffer overflow in the wmcdplay CD player program for the WindowMaker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0222 (The installation for Windows 2000 does not activate the Administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0221 (The Nautica Marlin bridge allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0218 (Buffer overflow in Linux mount and umount allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0217 (The default configuration of SSH allows X forwarding, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0212 (InterAccess TelnetID Server 4.0 allows remote attackers to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0210 (The lit program in Sun Flex License Manager (FlexLM) follows symlinks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0209 (Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0208 (The htdig (ht://Dig) CGI program htsearch allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0207 (SGI InfoSearch CGI program infosrch.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0206 (The installation of Oracle 8.1.5.x on Linux follows symlinks and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0202 (Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow ...)
	NOT-FOR-US: Microsoft
CVE-2000-0201 (The window.showHelp() method in Internet Explorer 5.x does not ...)
	NOT-FOR-US: Microsoft
CVE-2000-0200 (Buffer overflow in Microsoft Clip Art Gallery allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0196 (Buffer overflow in mhshow in the Linux nmh package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0195 (setxconf in Corel Linux allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0194 (buildxconf in Corel Linux allows local users to modify or create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0193 (The default configuration of Dosemu in Corel Linux 1.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0192 (The default installation of Caldera OpenLinux 2.3 includes the CGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0191 (Axis StorPoint CD allows remote attackers to access administrator URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0189 (ColdFusion Server 4.x allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0186 (Buffer overflow in the dump utility in the Linux ext2fs backup package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0185 (RealMedia RealServer reveals the real IP address of a Real Server, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0184 (Linux printtool sets the permissions of printer configuration files to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0183 (Buffer overflow in ircII 4.4 IRC client allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0182 (iPlanet Web Server 4.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0181 (Firewall-1 3.0 and 4.0 leaks packets with private IP address ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0180 (Sojourn search engine allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0179 (HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0178 (ServerIron switches by Foundry Networks have predictable TCP/IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0175 (Buffer overflow in StarOffice StarScheduler web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0174 (StarOffice StarScheduler web server allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0172 (The mtr program only uses a seteuid call when attempting to drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0171 (atsadc in the atsar package for Linux does not properly check the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0170 (Buffer overflow in the man program in Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0169 (Batch files in the Oracle web listener ows-bin directory allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0168 (Microsoft Windows 9x operating systems allow an attacker to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0166 (Buffer overflow in the InterAccess telnet server TelnetD allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0165 (The Delegate application proxy has several buffer overflows which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0164 (The installation of Sun Internet Mail Server (SIMS) creates a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0162 (The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0161 (Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not ...)
	NOT-FOR-US: Microsoft
CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to access ...)
	NOT-FOR-US: Microsoft
CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0149 (Zeus web server allows remote attackers to view the source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0148 (MySQL 3.22 allows remote attackers to bypass password authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement Pack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0141 (Infopop Ultimate Bulletin Board (UBB) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0140 (Internet Anywhere POP3 Mail Server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0139 (Internet Anywhere POP3 Mail Server allows local users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0131 (Buffer overflow in War FTPd 1.6x allows users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0130 (Buffer overflow in SCO scohelp program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0128 (The Finger Server 0.82 allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0127 (The Webspeed configuration program does not properly disable access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0121 (The Recycle Bin utility in Windows NT and Windows 2000 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0120 (The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0117 (The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0116 (Firewall-1 does not properly filter script tags, which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0113 (The SyGate Remote Management program does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure Master ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0111 (The RightFax web client uses predictable session numbers, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0107 (Linux apcd program allows local attackers to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0100 (The SMS Remote Control program is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0099 (Buffer overflow in UnixWare ppptalk command allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0098 (Microsoft Index Server allows remote attackers to determine the real ...)
	NOT-FOR-US: Microsoft
CVE-2000-0097 (The WebHits ISAPI filter in Microsoft Index Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0095 (The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0094 (procfs in BSD systems allows local users to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0092 (The BSD make program allows local users to modify files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0091 (Buffer overflow in vchkpw/vpopmail POP authentication package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0090 (VMWare 1.1.2 allows local users to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0089 (The rdisk utility in Microsoft Terminal Server Edition and Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2000-0088 (Buffer overflow in the conversion utilities for Japanese, Korean and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0087 (Netscape Mail Notification (nsnotify) utility in Netscape Communicator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0083 (HP asecure creates the Audio Security File audio.sec with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0080 (AIX techlibss allows local users to overwrite files via a symlink ...)
	NOT-FOR-US: AIX
CVE-2000-0076 (nviboot boot script in the Debian nvi package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0075 (Super Mail Transfer Package (SMTP), later called MsgCore, has a memory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0073 (Buffer overflow in Microsoft Rich Text Format (RTF) reader allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0072 (Visual Casel (Vcasel) does not properly prevent users from executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0070 (NtImpersonateClientOfPort local procedure call in Windows NT 4.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0065 (Buffer overflow in InetServ 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0064 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0063 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0062 (The DTML implementation in the Z Object Publishing Environment (Zope) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0060 (Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0057 (Cold Fusion CFCACHE tag places temporary cache files within the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0056 (IMail IMONITOR status.cgi CGI script allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0053 (Microsoft Commercial Internet System (MCIS) IMAP server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0052 (Red Hat userhelper program in the usermode package allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0051 (The Allaire Spectra Configuration Wizard allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0050 (The Allaire Spectra Webtop allows authenticated users to access other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0048 (get_it program in Corel Linux Update allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0045 (MySQL allows local users to modify passwords for arbitrary MySQL users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0044 (Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0043 (Buffer overflow in CamShot WebCam HTTP server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0042 (Buffer overflow in CSM mail server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0041 (Macintosh systems generate large ICMP datagrams in response to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0040 (glFtpD allows local users to gain privileges via metacharacters in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0039 (AltaVista search engine allows remote attackers to read files above ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0037 (Majordomo wrapper allows local users to gain privileges by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0036 (Outlook Express 5 for Macintosh downloads attachments to HTML mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0034 (Netscape 4.7 records user passwords in the preferences.js file during ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0033 (InterScan VirusWall SMTP scanner does not properly scan messages with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0032 (Solaris dmi_cmd allows local users to crash the dmispd daemon by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0031 (The initscripts package in Red Hat Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0030 (Solaris dmispd dmi_cmd allows local users to fill up restricted disk ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0029 (UnixWare pis and mkpis commands allow local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0027 (IBM Network Station Manager NetStation allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0020 (DNS PRO allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0018 (wmmon in FreeBSD allows local users to gain privileges via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0015 (CascadeView TFTP server allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0014 (Denial of service in Savant web server via a null character in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0013 (IRIX soundplayer program allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0012 (Buffer overflow in w3-msql CGI program in miniSQL package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0011 (Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0010 (WebWho+ whois.cgi program allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0009 (The bna_pass program in Optivity NETarchitect uses the PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0007 (Trend Micro PC-Cillin does not restrict access to its internal proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0006 (strace allows local users to read arbitrary files via memory mapped ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0004 (ZBServer Pro allows remote attackers to read source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring ...)
	NOT-FOR-US: Microsoft
CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1530 (cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1520 (A configuration problem in the Ad Server Sample directory (AdSamples) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1512 (The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1507 (Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1494 (colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1490 (xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1488 (sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1486 (sadc in IBM AIX 4.1 through 4.3, when called from programs such as ...)
	NOT-FOR-US: AIX
CVE-1999-1481 (Squid 2.2.STABLE5 and below, when using external authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1478 (The Sun HotSpot Performance Engine VM allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1473 (When a Web site redirects the browser to another site, Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text ...)
	NOT-FOR-US: Microsoft
CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1455 (RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1452 (GINA in Windows NT 4.0 allows attackers with physical access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1437 (ePerl 2.2.12 allows remote attackers to read arbitrary files and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1433 (HP JetAdmin D.01.09 on Solaris allows local users to change the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1432 (Power management (Powermanagement) on Solaris 2.4 through 2.6 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1423 (ping in Solaris 2.3 through 2.6 allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1407 (ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1384 (Indigo Magic System Tour in the SGI system tour package (systour) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1382 (NetWare NFS mode 1 and 2 implements the &quot;Read Only&quot; flag in Unix by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1380 (Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1379 (DNS allows remote attackers to use DNS name servers as traffic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1365 (Windows NT searches a user's home directory (%systemroot% by default) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1363 (Windows NT 3.51 and 4.0 allow local users to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1362 (Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1360 (Windows NT 4.0 allows local users to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1359 (When the Ntconfig.pol file is used on a server whose name is longer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1358 (When an administrator in Windows NT or Windows 2000 changes a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1356 (Compaq Integration Maintenance Utility as used in Compaq Insight ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1351 (Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1341 (Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1339 (Vulnerability when Network Address Translation (NAT) is enabled in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1337 (FTP client in Midnight Commander (mc) before 4.5.11 stores usernames ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1336 (3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1335 (snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1328 (linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1327 (Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1326 (wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1325 (SAS System 5.18 on VAX/VMS is installed with insecure permissions for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1324 (VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1321 (Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1320 (Vulnerability in Novell NetWare 3.x and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1318 (/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1317 (Windows NT 4.0 SP4 and earlier allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1316 (Passfilt.dll in Windows NT SP2 allows users to create a password that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1309 (Sendmail before 8.6.7 allows local users to gain root access via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1301 (A design flaw in the Z-Modem protocol allows the remote sender of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1298 (Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1297 (cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1294 (Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1290 (Buffer overflow in nftp FTP client version 1.40 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize ...)
	NOT-FOR-US: Microsoft
CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain ...)
	NOT-FOR-US: Microsoft
CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...)
	NOT-FOR-US: Microsoft
CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1208 (Buffer overflow in ping in AIX 4.2 and earlier allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-1205 (nettune in HP-UX 10.01 and 10.00 is installed setuid root, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1204 (Check Point Firewall-1 does not properly handle certain restricted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1203 (Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1201 (Windows 95 and Windows 98 systems, when configured with multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1199 (Apache WWW server 1.3.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1198 (BuildDisk program on NeXT systems before 2.0 does not prompt users for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1197 (TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1194 (chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1193 (The &quot;me&quot; user in NeXT NeXTstep 2.1 and earlier has wheel group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1192 (Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1191 (Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1189 (Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1188 (mysqld in MySQL 3.21 creates log files with world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1181 (Vulnerability in On-Line Customer Registration software for IRIX 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1177 (Directory traversal vulnerability in nph-publish before 1.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1175 (Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-1999-1167 (Cross-site scripting vulnerability in Third Voice Web annotation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1163 (Vulnerability in HP Series 800 S/X/V Class servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1162 (Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1161 (Vulnerability in ppl in HP-UX 10.x and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1160 (Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1159 (SSH 2.0.11 and earlier allows local users to request remote forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1157 (Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1145 (Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1139 (Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1138 (SCO UNIX System V/386 Release 3.2, and other SCO products, installs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1137 (The permissions for the /dev/audio device on Solaris 2.2 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1136 (Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1132 (Windows NT 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1131 (Buffer overflow in OSF Distributed Computing Environment (DCE) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1127 (Windows NT 4.0 does not properly shut down invalid named pipe RPC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1122 (Vulnerability in restore in SunOS 4.0.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1121 (The default configuration for UUCP in AIX before 3.2 allows local ...)
	NOT-FOR-US: AIX
CVE-1999-1120 (netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1119 (FTP installation script anon.ftp in AIX insecurely configures ...)
	NOT-FOR-US: AIX
CVE-1999-1118 (ndd in Solaris 2.6 allows local users to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1117 (lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files ...)
	NOT-FOR-US: AIX
CVE-1999-1116 (Vulnerability in runpriv in Indigo Magic System Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1115 (Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1114 (Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1111 (Vulnerability in StackGuard before 1.21 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1109 (Sendmail before 8.10.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1105 (Windows 95, when Remote Administration and File Sharing for NetWare ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1104 (Windows 95 uses weak encryption for the password list (.pwl) file used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1103 (dxconsole in DEC OSF/1 3.2C and earlier allows local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1102 (lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1100 (Cisco PIX Private Link 4.1.6 and earlier does not properly process ...)
	NOT-FOR-US: Cisco
CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number (&quot;dotless IP address&quot;) in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1074 (Webmin before 0.5 does not restrict the number of invalid passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&amp;T TCP/IP 4.0 for various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet ...)
	NOT-FOR-US: Microsoft
CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1045 (pnserver in RealServer 5.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1044 (Vulnerability in Advanced File System Utility (advfs) in Digital UNIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1034 (Vulnerability in login in AT&amp;T System V Release 4 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1028 (Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1027 (Solaris 2.6 HW3/98 installs admintool with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1021 (NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data ...)
	NOT-FOR-US: Microsoft
CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the &quot;none&quot; cipher, even if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1008 (xsoldier program allows local users to gain root access via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1007 (Buffer overflow in VDO Live Player allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1005 (Groupwise web server GWWEB.EXE allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1004 (Buffer overflow in the POP server POProxy for the Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a null ...)
	NOT-FOR-US: Cisco
CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...)
	NOT-FOR-US: Cisco
CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...)
	NOT-FOR-US: Cisco
CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...)
	{DSA-377}
	- wu-ftpd 2.6.2-15
CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) ...)
	NOT-FOR-US: Microsoft
CVE-1999-0987 (Windows NT does not properly download a system policy if the domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create ...)
	NOT-FOR-US: Microsoft
CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0978 (htdig allows remote attackers to execute commands via filenames with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0977 (Buffer overflow in Solaris sadmind allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0976 (Sendmail allows local users to reinitialize the aliases database via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0975 (The Windows help system can allow a local user to execute commands as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0974 (Buffer overflow in Solaris snoop allows remote attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0973 (Buffer overflow in Solaris snoop program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0972 (Buffer overflow in Xshipwars xsw program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0971 (Buffer overflow in Exim allows local users to gain root privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...)
	NOT-FOR-US: Microsoft
CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0962 (Buffer overflow in HPUX passwd command allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0961 (HPUX sysdiag allows local users to gain root privileges via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0960 (IRIX cdplayer allows local users to create directories in arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0959 (IRIX startmidi program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0958 (sudo 1.5.x allows local users to execute arbitrary commands via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0954 (WWWBoard has a default username and default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0940 (Buffer overflow in mutt mail client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0939 (Denial of service in Debian IRC Epic/epic4 client via a long string. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0938 (MBone SDR Package allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0937 (BNBForm allows remote attackers to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0936 (BNBSurvey survey.cgi program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0935 (classifieds.cgi allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0934 (classifieds.cgi allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0933 (TeamTrack web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0932 (Mediahouse Statistics Server allows remote attackers to read the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0931 (Buffer overflow in Mediahouse Statistics Server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0930 (wwwboard allows a remote attacker to delete message board articles via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0928 (Buffer overflow in SmartDesk WebSuite allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0927 (NTMail allows remote attackers to read arbitrary files via a .. (dot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0924 (The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0922 (An example application in ColdFusion Server 4.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0921 (BMC Patrol allows any remote attacker to flood its UDP port, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0916 (WebTrends software stores account names and passwords in a file which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0914 (Buffer overflow in the FTP client in the Debian GNU/Linux netstd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0912 (FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0909 (Multihomed Windows systems allow a remote attacker to bypass IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0908 (Denial of service in Solaris TCP streams driver via a malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0907 (sccw allows local users to read arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0906 (Buffer overflow in sccw allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0905 (Denial of service in Axent Raptor firewall via malformed zero-length ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0904 (Buffer overflow in BFTelnet allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0903 (genfilt in the AIX Packet Filtering Module does not properly filter ...)
	NOT-FOR-US: AIX
CVE-1999-0902 (ypserv allows local administrators to modify password tables. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0901 (ypserv allows a local user to modify the GECOS and login shells ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0900 (Buffer overflow in rpc.yppasswdd allows a local user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0899 (The Windows NT 4.0 print spooler allows a local user to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0898 (Buffer overflows in Windows NT 4.0 print spooler allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0897 (iChat ROOMS Webserver allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0896 (Buffer overflow in RealNetworks RealServer administration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0895 (Firewall-1 does not properly restrict access to LDAP attributes. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0894 (Red Hat Linux screen program does not use Unix98 ptys, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0891 (The &quot;download behavior&quot; in Internet Explorer 5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...)
	NOT-FOR-US: Cisco
CVE-1999-0888 (dbsnmp in Oracle Intelligent Agent allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0887 (FTGate web interface server allows remote attackers to read files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0886 (The security descriptor for RASMAN allows users to point to an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0884 (The Zeus web server administrative interface uses weak encryption for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0883 (Zeus web server allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0881 (Falcon web server allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0880 (Denial of service in WU-FTPD via the SITE NEWER command, which does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ...)
	NOT-FOR-US: Microsoft
CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert ...)
	NOT-FOR-US: Microsoft
CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...)
	NOT-FOR-US: Microsoft
CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0864 (UnixWare programs that dump core allow a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may ...)
	NOT-FOR-US: Microsoft
CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...)
	NOT-FOR-US: Microsoft
CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0853 (Buffer overflow in Netscape Enterprise Server and Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0851 (Denial of service in BIND named via naptr. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0849 (Denial of service in BIND named via maxdname. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0848 (Denial of service in BIND named via consuming more than &quot;fdmax&quot; file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xboard. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0836 (UnixWare uidadmin allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0835 (Denial of service in BIND named via malformed SIG records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0834 (Buffer overflow in RSAREF2 via the encryption and decryption functions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0833 (Buffer overflow in BIND 8.2 via NXT records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0832 (Buffer overflow in NFS server on Linux allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0831 (Denial of service in Linux syslogd via a large number of connections. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0826 (Buffer overflow in FreeBSD angband allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0824 (A Windows NT user can use SUBST to map a drive letter to a folder, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0823 (Buffer overflow in FreeBSD xmindpath allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0820 (FreeBSD seyon allows users to gain privileges via a modified PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0819 (NTMail does not disable the VRFY command, even if the administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0817 (Lynx WWW client allows a remote attacker to specify command-line ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0815 (Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0814 (Red Hat pump DHCP client allows remote attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0813 (Cfingerd with ALLOW_EXECUTION enabled does not properly drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0812 (Race condition in Samba smbmnt allows local users to mount file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0811 (Buffer overflow in Samba smbd program via a malformed message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0810 (Denial of service in Samba NETBIOS name service daemon (nmbd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0809 (Netscape Communicator 4.x with Javascript enabled does not warn a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0807 (The Netscape Directory Server installation procedure leaves sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0806 (Buffer overflow in Solaris dtprintinfo program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packets ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0799 (Buffer overflow in bootpd 2.4.3 and earlier via a long boot file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...)
	NOT-FOR-US: Microsoft
CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0789 (Buffer overflow in AIX ftpd in the libc library. ...)
	NOT-FOR-US: AIX
CVE-1999-0788 (Arkiea nlservd allows remote attackers to conduct a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0787 (The SSH authentication agent follows symlinks via a UNIX domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0786 (The dynamic linker in Solaris allows a local user to create arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0785 (The INN inndstart program allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0783 (FreeBSD allows local users to conduct a denial of service by creating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0782 (KDE kppp allows local users to create a directory in an arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0781 (KDE allows local users to execute arbitrary commands by setting the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0780 (KDE klock allows local users to kill arbitrary processes by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0779 (Denial of service in HP-UX SharedX recserv program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...)
	NOT-FOR-US: Microsoft
CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0773 (Buffer overflow in Solaris lpset program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0772 (Denial of service in Compaq Management Agents and the Compaq Survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0771 (The web components of Compaq Management Agents and the Compaq Survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0770 (Firewall-1 sets a long timeout for connections that begin with ACK or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to ...)
	NOT-FOR-US: Microsoft
CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0763 (NetBSD on a multi-homed host allows ARP packets on one network to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0762 (When Javascript is embedded within the TITLE tag, Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0761 (Buffer overflow in FreeBSD fts library routines allows local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0760 (Undocumented ColdFusion Markup Language (CFML) tags and functions in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0759 (Buffer overflow in FuseMAIL POP service via long USER and PASS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0758 (Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0756 (ColdFusion Administrator with Advanced Security enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0755 (Windows NT RRAS and RAS clients cache a user's password even if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0754 (The INN inndstart program allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0753 (The w3-msql CGI script provided with Mini SQL allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer overflow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0745 (Buffer overflow in Source Code Browser Program Database Name Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0744 (Buffer overflow in Netscape Enterprise Server and FastTrask Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0743 (Trn allows local users to overwrite other users' files via symlinks. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0742 (The Debian mailman package uses weak authentication, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0740 (Remote attackers can cause a denial of service on Linux in.telnetd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0735 (KDE K-Mail allows local users to gain privileges via a symlink attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS) ...)
	NOT-FOR-US: Cisco
CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0731 (The KDE klock program allows local users to unlock a session using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0730 (The zsoelim program in the Debian man-db package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0729 (Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0728 (A Windows NT user can disable the keyboard or mouse by directly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0727 (A kernel leak in the OpenBSD kernel allows IPsec packets to be sent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or ...)
	NOT-FOR-US: Microsoft
CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0722 (The default configuration of Cobalt RaQ2 servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0721 (Denial of service in Windows NT Local Security Authority (LSA) through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0720 (The pt_chown command in Linux allows local users to modify TTY ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0714 (Vulnerability in Compaq Tru64 UNIX edauth command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...)
	{DSA-576-1}
	- squid 2.5.7-1
CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0707 (The default FTP configuration in HP Visualize Conference allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0706 (Linux xmonisdn package allows local users to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0705 (Buffer overflow in INN inews program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging facility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ...)
	NOT-FOR-US: Microsoft
CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed ...)
	NOT-FOR-US: Microsoft
CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0694 (Denial of service in AIX ptrace system call allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0693 (Buffer overflow in TT_SESSION environment variable in ToolTalk shared ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0692 (The default configuration of the Array Services daemon (arrayd) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0691 (Buffer overflow in the AddSuLog function of the CDE dtaction utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0690 (HP CDE program includes the current directory in root's PATH variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0689 (The CDE dtspcd daemon allows local users to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0688 (Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0687 (The ToolTalk ttsession daemon uses weak RPC authentication, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0686 (Denial of service in Netscape Enterprise Server (NES) in HP Virtual ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email ...)
	NOT-FOR-US: Microsoft
CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) ...)
	NOT-FOR-US: Microsoft
CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0675 (Check Point FireWall-1 can be subjected to a denial of service via UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0674 (The BSD profil system call allows a local user to modify the internal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0672 (Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0671 (Buffer overflow in ToxSoft NextFTP client through CWD command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0668 (The scriptlet.typelib ActiveX control is marked as &quot;safe for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0628 (The rwho/rwhod service is running, which exposes machine status ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0627 (The rexd service is running, which uses weak authentication that can ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0626 (A version of rusers is running that exposes valid user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0612 (A version of finger is running that exposes valid user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0608 (An incorrect configuration of the PDG Shopping Cart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0566 (An attacker can write to syslog files from any location, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0551 (HP OpenMail can be misconfigured to allow users to run arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0526 (An X server's access control is disabled (e.g. through an &quot;xhost +&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0514 (UDP messages to broadcast addresses are allowed, allowing for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0513 (ICMP messages to broadcast addresses are allowed, allowing for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0496 (A Windows NT 4.0 user can gain administrative rights by forcing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0494 (Denial of service in WinGate proxy through a buffer overflow in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0483 (OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0482 (OpenBSD kernel crash through TSS handling, as caused by the crashme ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0481 (Denial of service in &quot;poll&quot; in OpenBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0479 (Denial of service Netscape Enterprise Server with VirtualVault on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0478 (Denial of service in HP-UX sendmail 8.8.6 related to accepting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0475 (A race condition in how procmail handles .procmailrc files allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0474 (The ICQ Webserver allows remote attackers to use .. to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0473 (The rsync command before rsync 2.3.1 may inadvertently change the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0472 (The SNMP default community name &quot;public&quot; is not properly removed in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0463 (Remote attackers can perform a denial of service using IRIX fcagent. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...)
	NOT-FOR-US: Microsoft
CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0445 (In Cisco routers under some versions of IOS 12.0 running NAT, some ...)
	NOT-FOR-US: Cisco
CVE-1999-0442 (Solaris ff.core allows local users to modify files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0441 (Remote attackers can perform a denial of service in WinGate machines ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0440 (The byte code verifier component of the Java Virtual Machine (JVM) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0439 (Buffer overflow in procmail before version 3.12 allows remote or local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0438 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0437 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0436 (Domain Enterprise Server Management System (DESMS) in HP-UX allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0433 (XFree86 startx command is vulnerable to a symlink attack, allowing local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0432 (ftp on HP-UX 11.00 allows local users to gain privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0430 (Cisco Catalyst LAN switches running Catalyst 5000 supervisor software ...)
	NOT-FOR-US: Cisco
CVE-1999-0429 (The Lotus Notes 4.5 client may send a copy of encrypted mail in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0428 (OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0425 (talkback in Netscape 4.5 allows a local user to kill an arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0424 (talkback in Netscape 4.5 allows a local user to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0423 (Vulnerability in hpterm on HP-UX 10.20 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0422 (In some cases, NetBSD 1.3.3 mount allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0421 (During a reboot after an installation of Linux Slackware 3.6, a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0420 (umapfs allows local users to gain root privileges by changing their ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0417 (64 bit Solaris 7 procfs allows local users to perform a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0416 (Vulnerability in Cisco 7xx series routers allows a remote attacker to ...)
	NOT-FOR-US: Cisco
CVE-1999-0415 (The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled ...)
	NOT-FOR-US: Cisco
CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as ...)
	NOT-FOR-US: Microsoft
CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains ...)
	NOT-FOR-US: Microsoft
CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0403 (A bug in Cyrix CPUs on Linux allows local users to perform a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0402 (wget 1.5.3 follows symlinks to change permissions of the target file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0396 (A race condition between the select() and accept() calls in NetBSD TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0395 (A race condition in the BackWeb Polite Agent Protocol allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0393 (Remote attackers can cause a denial of service in Sendmail 8.8.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0392 (Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0391 (The cryptographic challenge of SMB authentication in Windows 95 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0390 (Buffer overflow in Dosemu Slang library in Linux. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in ...)
	NOT-FOR-US: Microsoft
CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0383 (ACC Tigris allows public access without a login. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0382 (The screen saver in Windows NT does not verify that its security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the ...)
	NOT-FOR-US: Microsoft
CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0373 (Buffer overflow in the &quot;Super&quot; utility in Debian GNU/Linux, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0372 (The installer for BackOffice Server includes account names and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0371 (Lynx allows a local user to overwrite sensitive files through /tmp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0369 (The Sun sdtcm_convert calendar utility for OpenWindows has a buffer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0368 (Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0367 (NetBSD netstat command allows local users to access kernel memory. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0366 (In some cases, Service Pack 4 for Windows NT 4.0 can allow access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0365 (The metamail package allows remote command execution using shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0363 (SuSE 5.2 PLP lpc program has a buffer overflow that leads to root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0353 (rpc.pcnfsd in HP gives remote root access by changing the permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0351 (FTP PASV &quot;Pizza Thief&quot; denial of service and unauthorized data ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two ...)
	NOT-FOR-US: Microsoft
CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0344 (NT users can gain debug-level access on a system process using the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0343 (A malicious Palace server can force a client to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0342 (Linux PAM modules allow local users to gain root access using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0341 (Buffer overflow in the Linux mail program &quot;deliver&quot; allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0340 (Buffer overflow in Linux Slackware crond program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0339 (Buffer overflow in the libauth library in Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0335 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0332 (Buffer overflow in NetMeeting allows denial of service and remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0329 (SGI mediad program allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0328 (SGI permissions program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0327 (SGI syserr program allows local users to corrupt files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0326 (Vulnerability in HP-UX mediainit program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0325 (vhe_u_mnt program in HP-UX allows local users to create root files through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0324 (ppl program in HP-UX allows local users to create root files through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0323 (FreeBSD mmap function allows users to modify append-only or immutable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0322 (The open() function in FreeBSD allows local attackers to write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0321 (Buffer overflow in Solaris kcms_configure command allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0320 (SunOS rpc.cmsd allows attackers to obtain root access by overwriting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0318 (Buffer overflow in xmcd 2.0p12 allows local users to gain access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0311 (fpkg2swpk in HP-UX allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0310 (SSH 1.2.25 on HP-UX allows access to new user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0303 (Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0302 (SunOS/Solaris FTP clients can be forced to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0301 (Buffer overflow in SunOS/Solaris ps command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0300 (nis_cachemgr for Solaris NIS+ allows attackers to add malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0299 (Buffer overflow in FreeBSD lpd through long DNS hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0297 (Buffer overflow in Vixie Cron library up to version 3.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0296 (Solaris volrmmount program allows attackers to read any file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0295 (Solaris sysdef command allows local users to read kernel memory, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0294 (All records in a WINS database can be deleted through SNMP for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0293 (AAA authentication on Cisco systems allows attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-1999-0292 (Denial of service through Winpopup using large user names. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0291 (The WinGate proxy is installed without a password, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0281 (Denial of service in IIS using long URLs. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...)
	NOT-FOR-US: Microsoft
CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0275 (Denial of service in Windows NT DNS servers by flooding port 53 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0274 (Denial of service in Windows NT DNS servers through malicious packet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices query. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0266 (The info2www CGI script allows remote file access or remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0265 (ICMP redirect messages may crash or lock up a host. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0259 (cfingerd lists all users on a system via search.**@target. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0256 (Buffer overflow in War FTP allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0252 (Buffer overflow in listserv allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0251 (Denial of service in talk program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0248 (A race condition in the authentication agent mechanism of sshd 1.2.17 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0247 (Buffer overflow in nnrpd program in INN up to version 1.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0245 (Some configurations of NIS+ in Linux allowed attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0244 (Livingston RADIUS code has a buffer overflow which can allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0239 (Netscape FastTrack Web server lists files when a lowercase &quot;get&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0237 (Remote execution of arbitrary commands through Guestbook CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd ...)
	NOT-FOR-US: Microsoft
CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...)
	NOT-FOR-US: Cisco
CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0227 (Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0225 (Windows NT 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0224 (Denial of service in Windows NT messenger service through a long ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0217 (Malicious option settings in UDP packets could force a reboot in SunOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0215 (Routed allows attackers to append data to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0214 (Denial of service by sending forged ICMP unreachable packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0212 (Solaris rpc.mountd generates error messages that allow a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0211 (Extra long export lists over 256 characters in some mount daemons ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0210 (Automount daemon automountd allows local or remote users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0209 (The SunView (SunTools) selection_svc facility allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0208 (rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0207 (Remote attacker can execute commands through Majordomo using the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0206 (MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0204 (Sendmail 8.6.9 allows remote attackers to execute root commands, using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0203 (In Sendmail, attackers can gain root privileges via SMTP by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0188 (The passwd command in Solaris can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0185 (In SunOS or Solaris, a remote user could connect from an FTP server's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0184 (When compiled with the -DALLOW_UPDATES option, bind allows dynamic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0183 (Linux implementations of TFTP would allow access to files outside the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0182 (Samba has a buffer overflow which allows a remote attacker to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0181 (The wall daemon can be used for denial of service, social engineering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a &quot;cd ..&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0177 (The uploader program in the WebSite web server allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0176 (The Webgais program allows a remote user to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0175 (The convert.bas program in the Novell web server allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0174 (The view-source CGI program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0173 (FormMail CGI program can be used by web servers other than the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0172 (FormMail CGI program allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0170 (Remote attackers can mount an NFS file system in Ultrix or OSF, even ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0168 (The portmapper may act as a proxy and redirect service requests from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0167 (In SunOS, NFS file handles could be guessed, giving unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0166 (NFS allows users to use a &quot;cd ..&quot; command to access other directories ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0164 (A race condition in the Solaris ps command allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0162 (The &quot;established&quot; keyword in some Cisco IOS software allowed ...)
	NOT-FOR-US: Cisco
CVE-1999-0161 (In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended ...)
	NOT-FOR-US: Cisco
CVE-1999-0160 (Some classic Cisco IOS devices have a vulnerability in the PPP CHAP ...)
	NOT-FOR-US: Cisco
CVE-1999-0159 (Attackers can crash a Cisco IOS router or device, provided they can ...)
	NOT-FOR-US: Cisco
CVE-1999-0158 (Cisco PIX firewall manager (PFM) on Windows NT allows attackers to ...)
	NOT-FOR-US: Cisco
CVE-1999-0157 (Cisco PIX firewall and CBAC IP fragmentation attack results in a ...)
	NOT-FOR-US: Cisco
CVE-1999-0155 (The ghostscript command with the -dSAFER option allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0153 (Windows 95/NT out of band (OOB) data denial of service through NETBIOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0152 (The DG/UX finger daemon allows remote command execution through shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0151 (The SATAN session key may be disclosed if the user points the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0150 (The Perl fingerd program allows arbitrary command execution from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0149 (The wrap CGI program in IRIX allows remote attackers to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0148 (The handler CGI program in IRIX allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0147 (The aglimpse CGI program of the Glimpse package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0146 (The campas CGI program provided with some NCSA web servers allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0145 (Sendmail WIZ command enabled, allowing root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0143 (Kerberos 4 key servers allow a user to masquerade as another by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0142 (The Java Applet Security Manager implementation in Netscape Navigator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0141 (Java Bytecode Verifier allows malicious applets to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0139 (Buffer overflow in Solaris x86 mkcookie allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0138 (The suidperl and sperl program do not give up root privileges when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0137 (The dip program on many Linux systems allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0136 (Kodak Color Management System (KCMS) on Solaris allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0135 (admintool in Solaris allows a local user to write to arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0130 (Local users can start Sendmail in daemon mode and gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0129 (Sendmail allows local users to write to a file and gain group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0128 (Oversized ICMP ping packets can result in a denial of service, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0126 (SGI IRIX buffer overflow in xterm and Xaw allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0125 (Buffer overflow in SGI IRIX mailx program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0124 (Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0122 (Buffer overflow in AIX lchangelv gives root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0120 (Sun/Solaris utmp file allows local users to gain root access if it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0118 (AIX infod allows local users to gain root access through an X display. ...)
	NOT-FOR-US: AIX
CVE-1999-0117 (AIX passwd allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0116 (Denial of service when an attacker sends many SYN packets to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...)
	NOT-FOR-US: AIX
CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0103 (Echo and chargen, or other combinations of UDP services, can be used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0102 (Buffer overflow in SLmail 3.x allows attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0101 (Buffer overflow in AIX and Solaris &quot;gethostbyname&quot; library call allows ...)
	NOT-FOR-US: AIX
CVE-1999-0100 (Remote access in AIX innd 1.5.1, using control messages. ...)
	NOT-FOR-US: AIX
CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious ...)
	NOT-FOR-US: AIX
CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0094 (AIX piodmgrsu command allows local users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0093 (AIX nslookup command allows local users to obtain root access by not ...)
	NOT-FOR-US: AIX
CVE-1999-0091 (Buffer overflow in AIX writesrv command allows local users to obtain ...)
	NOT-FOR-US: AIX
CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain ...)
	NOT-FOR-US: AIX
CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent ...)
	NOT-FOR-US: AIX
CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows ...)
	NOT-FOR-US: AIX
CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0077 (Predictable TCP sequence numbers allow spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0075 (PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0074 (Listening TCP ports are sequentially allocated, allowing spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0073 (Telnet allows a remote client to specify environment variables including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0067 (phf CGI program allows remote command execution through shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0066 (AnyForm CGI remote execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0064 (Buffer overflow in AIX lquerylv program gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0063 (Cisco IOS 12.0 and other versions can be crashed by malicious UDP ...)
	NOT-FOR-US: Cisco
CVE-1999-0062 (The chpass command in OpenBSD allows a local user to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0060 (Attackers can cause a denial of service in Ascend MAX and Pipeline ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0059 (IRIX fam service allows an attacker to obtain a list of all files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0058 (Buffer overflow in PHP cgi program, php.cgi allows shell access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0057 (Vacation program allows command execution by remote users through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0056 (Buffer overflow in Sun's ping program can give root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0048 (Talkd, when given corrupt DNS information, can be used to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0042 (Buffer overflow in University of Washington's implementation of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0037 (Arbitrary command execution via metamail package using message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creation or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0027 (root privileges via buffer overflow in eject command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0026 (root privileges via buffer overflow in pset command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0025 (root privileges via buffer overflow in df command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0024 (DNS cache poisoning via BIND, by predictable query IDs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0023 (Local user gains root privileges via buffer overflow in rdist, via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0022 (Local user gains root privileges via buffer overflow in rdist, via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0021 (Arbitrary command execution via buffer overflow in Count.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0019 (Delete or create a file via rpc.statd, due to invalid information. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0016 (Land IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0005 (Arbitrary command execution via IMAP buffer overflow in authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0003 (Execute commands as root via buffer overflow in Tooltalk database ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0002 (Buffer overflow in NFS mountd gives root access to remote attackers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
	- apache2 2.0.40
CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
	NOT-FOR-US: IRIX
CVE-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-0646
	REJECTED
CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
	NOT-FOR-US: InterScan
CVE-2002-0636
	RESERVED
CVE-2002-0635
	RESERVED
CVE-2002-0634
	RESERVED
CVE-2002-0633
	RESERVED
CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
	NOT-FOR-US: SGI
CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
	NOT-FOR-US: Polycom
CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...)
	NOT-FOR-US: Polycom
CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...)
	NOT-FOR-US: Microsoft
CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...)
	NOT-FOR-US: PHP-Survey
CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: FileSeek
CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...)
	NOT-FOR-US: FileSeek
CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...)
	NOT-FOR-US: HP
CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...)
	NOT-FOR-US: Matu
CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...)
	NOT-FOR-US: Snitz
CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...)
	NOT-FOR-US: 3Cdaemon
CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...)
	NOT-FOR-US: Snapgear
CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Snapgear
CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...)
	NOT-FOR-US: Snapgear
CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...)
	NOT-FOR-US: WebTrends
CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...)
	NOT-FOR-US: WebTrends
CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...)
	NOT-FOR-US: AOL
CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...)
	NOT-FOR-US: AOL
CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...)
	NOT-FOR-US: IncrediBB
CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...)
	NOT-FOR-US: PVote
CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
	NOT-FOR-US: PVote
CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
	NOT-FOR-US: HP-UX
CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
	NOT-FOR-US: 4D WebServer
CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...)
	NOT-FOR-US: HP-UX
CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...)
	NOT-FOR-US: Oracle
CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...)
	NOT-FOR-US: Oracle
CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
	NOT-FOR-US: Oracle
CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
	NOT-FOR-US: Oracle
CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...)
	NOT-FOR-US: Oracle
CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...)
	NOT-FOR-US: Oracle
CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...)
	NOT-FOR-US: TYPSoft
CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
	NOT-FOR-US: Quik-Serv
CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...)
	NOT-FOR-US: IBM
CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...)
	NOT-FOR-US: IBM
CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...)
	NOT-FOR-US: Melange
CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
	NOT-FOR-US: Anthill
CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...)
	NOT-FOR-US: Anthill
CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
	NOT-FOR-US: Winamp
CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...)
	NOT-FOR-US: Aprelium
CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...)
	NOT-FOR-US: Tivoli
CVE-2002-0540 (Nortel CVX 1800 is installed with a default &quot;public&quot; community string, ...)
	NOT-FOR-US: Nortel
CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...)
	NOT-FOR-US: SWS
CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...)
	NOT-FOR-US: PostBoard
CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...)
	NOT-FOR-US: PostBoard
CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...)
	NOT-FOR-US: Novell
CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...)
	NOT-FOR-US: HP/Apple
CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...)
	NOT-FOR-US: Watchguard
CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...)
	NOT-FOR-US: Watchguard
CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...)
	NOT-FOR-US: Oracle
CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: wwwisis
CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...)
	NOT-FOR-US: Microsoft
CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...)
	NOT-FOR-US: Citrix
CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...)
	NOT-FOR-US: Citrix
CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...)
	NOT-FOR-US: Citrix
CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the &quot;Skip scanning ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0421 (IIS 4.0 allows local users to bypass the &quot;User cannot change password&quot; ...)
	NOT-FOR-US: Microsoft
CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0418 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...)
	NOT-FOR-US: Microsoft
CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0390
	RESERVED
CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0383
	RESERVED
CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0365
	RESERVED
CVE-2002-0361
	RESERVED
CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the &quot;halt&quot; user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return (&quot;CR&quot;) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0270 (Opera, when configured with the &quot;Determine action by MIME type&quot; option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...)
	NOT-FOR-US: Microsoft
CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0253 (PHP, when not configured with the &quot;display_errors = Off&quot; setting in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...)
	NOT-FOR-US: Microsoft
CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...)
	NOT-FOR-US: Cisco
CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0195
	RESERVED
CVE-2002-0194
	RESERVED
CVE-2002-0192
	REJECTED
CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0182
	RESERVED
CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0161
	RESERVED
CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...)
	NOT-FOR-US: Microsoft
CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...)
	NOT-FOR-US: Microsoft
CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0035
	RESERVED
CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
	{DSA-196}
	- bind9 <not-affected>
	- bind 1:8.3.3-3
CVE-2002-0019
	RESERVED
CVE-2002-0016
	RESERVED
CVE-2002-0015
	RESERVED
CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...)
	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
	NOTE: discussion at:
	NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html
	NOTE: listed sarge version contains a fix like the patch from Gentoo
	- ncompress 4.2.4-15
CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...)
	NOT-FOR-US: Microsoft
CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the &quot;--reject-with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
	NOT-FOR-US: AIX
CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
	NOT-FOR-US: AIX
CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1273 (The &quot;mxcsr P4&quot; vulnerability in the Linux kernel before 2.2.17-14, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...)
	NOT-FOR-US: Microsoft
CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...)
	NOT-FOR-US: Cisco
CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1167
	REJECTED
CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...)
	NOT-FOR-US: Cisco
CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...)
	NOT-FOR-US: Cisco
CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...)
	NOT-FOR-US: Cisco
CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...)
	NOT-FOR-US: Cisco
CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...)
	NOT-FOR-US: AIX
CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...)
	{DSA-301}
	- libgtop 1.0.13-4
CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with &quot;Prompt to allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
	NOT-FOR-US: Microsoft
CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0885
	RESERVED
CVE-2001-0883
	RESERVED
CVE-2001-0882
	RESERVED
CVE-2001-0881
	RESERVED
CVE-2001-0880
	RESERVED
CVE-2001-0878
	RESERVED
CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0814
	RESERVED
CVE-2001-0813
	RESERVED
CVE-2001-0812
	RESERVED
CVE-2001-0811
	RESERVED
CVE-2001-0810
	RESERVED
CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0802
	RESERVED
CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0798
	RESERVED
CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Cisco
CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
	{DSA-695-1}
	- xli 1.17.0-17
CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
	NOT-FOR-US: Cisco
CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...)
	- cfingerd 1.4.3-1.1 (bug #104394)
	NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates
	NOTE: its changes.
CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0725
	RESERVED
CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...)
	NOT-FOR-US: Microsoft
CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0673
	RESERVED
CVE-2001-0672
	RESERVED
CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0661
	RESERVED
CVE-2001-0657
	RESERVED
CVE-2001-0656
	RESERVED
CVE-2001-0655
	RESERVED
CVE-2001-0654
	RESERVED
CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0539
	RESERVED
CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0532
	RESERVED
CVE-2001-0531
	RESERVED
CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0418 (content.pl script in NCM Content Management System allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
	NOT-FOR-US: Microsoft
CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
	NOT-FOR-US: Microsoft
CVE-2001-0343
	RESERVED
CVE-2001-0342
	RESERVED
CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
	NOT-FOR-US: Microsoft
CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0168 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0167 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...)
	NOT-FOR-US: Cisco
CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0159
	RESERVED
CVE-2001-0158
	RESERVED
CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the &quot;lock ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0102 (&quot;Multiple Users&quot; Control Panel in Mac OS 9 allows Normal users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0048 (The &quot;Configure Your Server&quot; tool in Microsoft 2000 domain controllers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1209 (The &quot;sa&quot; account is installed with a default null password on (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1161 (The installation of AdCycle banner management system leaves the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1127 (registrar in the HP resource monitor service allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1104 (Variant of the &quot;IIS Cross-Site Scripting&quot; vulnerability as originally ...)
	NOT-FOR-US: Microsoft
CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1100 (The default configuration for PostACI webmail system installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1030 (CS&amp;T CorporateTime for the Web returns different error messages for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0998 (Format string vulnerability in top program allows local attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...)
	NOT-FOR-US: Cisco
CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0842 (The search97cgi/vtopic&quot; in the UnixWare 7 scohelphttp webserver allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...)
	NOT-FOR-US: Microsoft
CVE-2000-0812 (The administration module in Sun Java web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0774 (The sample Java servlet &quot;test&quot; in Bajie HTTP web server 0.30a reveals ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...)
	NOT-FOR-US: Microsoft
CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...)
	NOT-FOR-US: Microsoft
CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
	NOT-FOR-US: Microsoft
CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
	NOT-FOR-US: Microsoft
CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...)
	- kdebase 4:2.2.2-14.6
CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...)
	NOT-FOR-US: Microsoft
CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0434 (The administrative password for the Allmanage web site administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
	NOT-FOR-US: Microsoft
CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
	NOT-FOR-US: Cisco
CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...)
	NOT-FOR-US: Microsoft
CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...)
	NOT-FOR-US: Microsoft
CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...)
	NOT-FOR-US: Microsoft
CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0134 (The Check It Out shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...)
	NOT-FOR-US: Microsoft
CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0108 (The Intellivend shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...)
	NOT-FOR-US: Microsoft
CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
	{DSA-664-1}
	- cpio 2.5-1.2 (bug #293379)
CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1560 (Vulnerability in a script in Texas A&amp;M University (TAMU) Tiger allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...)
	NOT-FOR-US: AIX
CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...)
	NOT-FOR-US: AIX
CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...)
	NOT-FOR-US: Cisco
CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...)
	NOT-FOR-US: Cisco
CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...)
	NOT-FOR-US: Cisco
CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1454 (Macromedia &quot;The Matrix&quot; screen saver on Windows 95 with the &quot;Password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...)
	NOT-FOR-US: Microsoft
CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
	NOT-FOR-US: Microsoft
CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the &quot;Run only allowed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1429 (DIT TransferPro installs devices with world-readable and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1418 (ICQ99 ICQ web server build 1701 with &quot;Active Homepage&quot; enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
	NOT-FOR-US: AIX
CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...)
	NOT-FOR-US: AIX
CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1400 (The Economist screen saver 1999 with the &quot;Password Protected&quot; option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1393 (Control Panel &quot;Password Security&quot; option for Apple Powerbooks allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...)
	NOT-FOR-US: Microsoft
CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...)
	NOT-FOR-US: Microsoft
CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1310
	REJECTED
CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
	NOT-FOR-US: Cisco
CVE-1999-1305 (Vulnerability in &quot;at&quot; program in SCO UNIX 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1302 (Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a &quot;nobody&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...)
	NOT-FOR-US: Microsoft
CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...)
	NOT-FOR-US: Microsoft
CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1228 (Various modems that do not implement a guard time, or are configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
	NOT-FOR-US: Cisco
CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
	NOT-FOR-US: Microsoft
CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...)
	NOT-FOR-US: Cisco
CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-1999-1108
	REJECTED
CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1084 (The &quot;AEDebug&quot; registry key is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...)
	NOT-FOR-US: AIX
CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...)
	NOT-FOR-US: AIX
CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1056
	REJECTED
CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...)
	NOT-FOR-US: Cisco
CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...)
	NOT-FOR-US: Microsoft
CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...)
	NOT-FOR-US: AIX
CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
	NOT-FOR-US: Microsoft
CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
	NOT-FOR-US: Cisco
CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...)
	NOT-FOR-US: Microsoft
CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0677 (The WebRamp web administration utility has a default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0669 (The Eyedog ActiveX control is marked as &quot;safe for scripting&quot; for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0663 (A system-critical program, library, or file has a checksum or other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0662 (A system-critical program or library does not have the appropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0661 (A system is running a version of software that was replaced with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0658 (DCOM is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0657 (WinGate is being used. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0656 (The ugidd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0655 (A service may include useful information in its banner or help ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0653 (A component service related to NIS+ is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0651 (The rsh/rlogin service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0650 (The netstat service is running, which provides sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0649 (The FSP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0648 (The X25 service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0647 (The bootparam (bootparamd) service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0646 (The LDAP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0645 (The IRC service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0644 (The NNTP news service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0643 (The IMAP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0642 (A POP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0641 (The UUCP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0640 (The Gopher service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0639 (The chargen service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0638 (The daytime service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0637 (The systat service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0636 (The discard service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0635 (The echo service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0634 (The SSH service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0633 (The HTTP/WWW service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0632 (The RPC portmapper service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0631 (The NFS service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0629 (The ident/identd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0625 (The rpc.rquotad service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0624 (The rstat/rstatd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0623 (The X Windows service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0622 (A component service related to DNS service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0621 (A component service related to NETBIOS is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0620 (A component service related to NIS is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0619 (The Telnet service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0618 (The rexec service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0617 (The SMTP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0616 (The TFTP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0615 (The SNMP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0614 (The FTP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0613 (The rpc.sprayd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0610 (An incorrect configuration of the Webcart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0607 (quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0602 (A network intrusion detection system (IDS) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0595 (A Windows NT system does not clear the system page file during ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0593 (The default setting for the Winlogon key entry ShutdownWithoutLogon in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0586 (A network service is running on a nonstandard port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0585 (A Windows NT administrator account has the default name of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0584 (A Windows NT file system is not NTFS. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0572 (.reg files are associated with the Windows NT registry editor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0571 (A router's configuration service or management interface (such as a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...)
	- webmin 1.160-1
CVE-1999-0556 (Two or more Unix accounts have the same UID. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0555 (A Unix account with a name other than &quot;root&quot; has UID 0, i.e. root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0546 (The Windows NT guest account is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
	NOT-FOR-US: Microsoft
CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0533 (A DNS server allows inverse queries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0532 (A DNS server allows zone transfers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0530 (A system is operating in &quot;promiscuous&quot; mode which allows it to perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0521 (An NIS domain name is easily guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0516 (An SNMP community name is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0508 (An account on a router, firewall, or other network device has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0507 (An account on a router, firewall, or other network device has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0504 (A Windows NT local user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0503 (A Windows NT local user or administrator account has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0501 (A Unix account has a guessable password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0497 (Anonymous FTP is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0495 (A remote attacker can gain access to a file system using ..  (dot dot) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...)
	NOT-FOR-US: Microsoft
CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...)
	NOT-FOR-US: Microsoft
CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
	NOT-FOR-US: Cisco
CVE-1999-0452 (A service or application has a backdoor password that was placed there ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
	NOT-FOR-US: HP-UX
CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
	NOT-FOR-US: Eudora
CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
	NOT-FOR-US: Microsoft
CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
	NOT-FOR-US: SCO
CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
	NOT-FOR-US: DEC UNIX
CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
	NOT-FOR-US: Mirc
CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
	NOT-FOR-US: Sun
CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
	NOT-FOR-US: NetWare
CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
	NOT-FOR-US: Windows
CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
	NOT-FOR-US: Windows
CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...)
	NOT-FOR-US: Windows
CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
	NOT-FOR-US: Windows
CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
	NOT-FOR-US: HP
CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
	NOT-FOR-US: HP
CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
	NOT-FOR-US: Windows
CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
	NOT-FOR-US: HP
CVE-1999-0306 (buffer overflow in HP xlock program. ...)
	NOT-FOR-US: HP
CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
	NOT-FOR-US: Windows
CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
	NOT-FOR-US: Windows
CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
	NOT-FOR-US: Windows
CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0282
	REJECTED
CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
	NOT-FOR-US: HP
CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
	NOT-FOR-US: Windows
CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
	NOT-FOR-US: HP
CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
	NOT-FOR-US: Windows
CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
	NOT-FOR-US: Windows
CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
	NOT-FOR-US: Cisco
CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
	NOT-FOR-US: Solaris
CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
	NOT-FOR-US: Windows
CVE-1999-0198 (finger .@host on some systems may print information on some user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
	NOT-FOR-US: Ascend/3com
CVE-1999-0187
	REJECTED
CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
	NOT-FOR-US: Solaris
CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0165 (NFS cache poisoning. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
	NOT-FOR-US: Windows
CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
	NOT-FOR-US: Windows
CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
	NOT-FOR-US: HP-UX
CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
	NOT-FOR-US: Windows
CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0110
	REJECTED
CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0106 (Finger redirection allows finger bombs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
	NOT-FOR-US: AIX
CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
	NOT-FOR-US: AIX
CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
	NOT-FOR-US: AIX
CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
	NOT-FOR-US: AIX
CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
	NOT-FOR-US: SGI
CVE-1999-0020
	REJECTED
CVE-1999-0015 (Teardrop IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker