diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
| commit | b52483e988b611ffa7ff016030b0a61101f28219 (patch) | |
| tree | 440ead7c2c2cb0bf02ecc5929bee37f271401d72 /data/CVE/2005.list | |
| parent | 48e42f485f4e01f92211c58abc88e5304d6a9667 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2005.list')
| -rw-r--r-- | data/CVE/2005.list | 9228 |
1 files changed, 4614 insertions, 4614 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index fa7b91d6a2..f7539708eb 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,4 +1,4 @@ -CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for ...) +CVE-2005-4900 NOT-FOR-US: Generic protocol issue CVE-2005-4899 RESERVED @@ -11,7 +11,7 @@ CVE-2005-4896 CVE-2005-XXXX [more related to CVE-2005-4890] - shadow <unfixed> (unimportant; bug #628843) NOTE: only affects the su executable, so if you use sudo you're not affected -CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools ...) +CVE-2005-4895 - google-perftools 0.7-1 CVE-2005-4894 RESERVED @@ -29,256 +29,256 @@ CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008 - sudo 1.7.4p4 (low; bug #657784) NOTE: sudo might be fixed earlier, use_pty present in stable -CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...) +CVE-2005-4889 - rpm 4.7.0-1 (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager -CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...) +CVE-2005-4888 NOT-FOR-US: Novell NetWare -CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...) +CVE-2005-4887 NOT-FOR-US: Novell NetWare -CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...) +CVE-2005-4886 - linux-2.6 2.6.12-1 - linux-2.6.24 <not-affected> (fixed before 2.6.24) -CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) ...) +CVE-2005-4885 NOT-FOR-US: Sun StorEdge 6130 -CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) +CVE-2005-4884 NOT-FOR-US: Oracle Database Server -CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote ...) +CVE-2005-4883 NOT-FOR-US: Tftpd32 -CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse ...) +CVE-2005-4882 NOT-FOR-US: Tftpd32 -CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...) +CVE-2005-4881 - linux-2.6 2.6.13-1 (low) - linux-2.6.24 <not-affected> (fixed prior to first upload of 2.6.24) -CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web ...) +CVE-2005-4880 NOT-FOR-US: Jax Guestbook -CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-4879 NOT-FOR-US: Jax Guestbook -CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2005-4878 - acidbase 1.2.1-1 -CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) +CVE-2005-4877 NOT-FOR-US: Openfire -CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) +CVE-2005-4876 NOT-FOR-US: Openfire -CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...) +CVE-2005-4875 - typo3-src 4.0.2-1 -CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...) +CVE-2005-4874 - iceweasel <not-affected> (old version and CVE) -CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...) +CVE-2005-4873 - cups 1.1.23-10sarge1 - cupsys 1.1.23-10sarge1 -CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...) +CVE-2005-4872 - pcre3 6.2-1 [sarge] - pcre3 4.5+7.4-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 -CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 ...) +CVE-2005-4871 NOT-FOR-US: IBM DB2 -CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) ...) +CVE-2005-4870 NOT-FOR-US: IBM DB2 -CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local ...) +CVE-2005-4869 NOT-FOR-US: IBM DB2 -CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default ...) +CVE-2005-4868 NOT-FOR-US: IBM DB2 -CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...) +CVE-2005-4867 NOT-FOR-US: IBM DB2 -CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 ...) +CVE-2005-4866 NOT-FOR-US: IBM DB2 -CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows ...) +CVE-2005-4865 NOT-FOR-US: IBM DB2 -CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...) +CVE-2005-4864 NOT-FOR-US: IBM DB2 -CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows ...) +CVE-2005-4863 NOT-FOR-US: IBM DB2 -CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...) +CVE-2005-4862 NOT-FOR-US: Xwiki -CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...) +CVE-2005-4861 NOT-FOR-US: Ragnarok -CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography ...) +CVE-2005-4860 NOT-FOR-US: Spectrum Cash Receipting System -CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...) +CVE-2005-4859 NOT-FOR-US: mimicboard2 -CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...) +CVE-2005-4858 NOT-FOR-US: mimicboard2 -CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...) +CVE-2005-4857 - ezpublish <removed> -CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...) +CVE-2005-4856 - ezpublish <removed> -CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...) +CVE-2005-4855 - ezpublish <removed> (bug #424790) -CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...) +CVE-2005-4854 - ezpublish <removed> (bug #424790) -CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...) +CVE-2005-4853 - ezpublish <removed> (bug #424790) -CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...) +CVE-2005-4852 - ezpublish <removed> (bug #424790) -CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...) +CVE-2005-4851 - ezpublish <removed> (bug #424790) -CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...) +CVE-2005-4850 - ezpublish <removed> (bug #424790) -CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...) +CVE-2005-4849 - derby <not-affected> (Fixed before initial upload to Debian) NOTE: http://issues.apache.org/jira/browse/DERBY-530 NOTE: http://issues.apache.org/jira/browse/DERBY-559 -CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...) +CVE-2005-4848 NOT-FOR-US: BlackBerry Enterprise Server -CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...) +CVE-2005-4847 NOT-FOR-US: Spey -CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows ...) +CVE-2005-4846 NOT-FOR-US: Spey -CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and ...) +CVE-2005-4845 NOT-FOR-US: Sun Java on Microsoft Windows -CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a ...) +CVE-2005-4844 NOT-FOR-US: Microsoft -CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a ...) +CVE-2005-4843 NOT-FOR-US: Microsoft -CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers ...) +CVE-2005-4842 NOT-FOR-US: Microsoft -CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...) +CVE-2005-4841 NOT-FOR-US: Microsoft -CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...) +CVE-2005-4840 NOT-FOR-US: Microsoft -CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...) +CVE-2005-4839 NOT-FOR-US: PureTLS -CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...) +CVE-2005-4838 - tomcat5.5 5.5.15-1 (low) -CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...) +CVE-2005-4837 - net-snmp 5.2.2-1 (medium) -CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...) +CVE-2005-4836 [sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only) -CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...) +CVE-2005-4835 - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi <no-dsa> (Non-free not supported) -CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...) +CVE-2005-4834 NOT-FOR-US: IBM WebSphere Application Server -CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when ...) +CVE-2005-4833 NOT-FOR-US: IBM WebSphere Application Server -CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...) +CVE-2005-4832 NOT-FOR-US: Oracle Database Server -CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...) +CVE-2005-4831 - viewvc 0.9.4+svn20060318-1 (low) -CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...) +CVE-2005-4830 - viewvc 0.9.4+svn20060318-1 (low) NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this NOTE: has been fixed in cvs for 0.9.3 -CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...) +CVE-2005-4829 NOT-FOR-US: VirtueMart -CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...) +CVE-2005-4828 - kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian) -CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...) +CVE-2005-4827 NOT-FOR-US: Microsoft -CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...) +CVE-2005-4826 NOT-FOR-US: Cisco -CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) +CVE-2005-4825 NOT-FOR-US: Cisco -CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...) +CVE-2005-4824 NOT-FOR-US: siteframe -CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...) +CVE-2005-4823 NOT-FOR-US: HP -CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger ...) +CVE-2005-4822 NOT-FOR-US: Digger Solutions Intranet Open Source (IOS) -CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 ...) +CVE-2005-4821 NOT-FOR-US: Land Down Under -CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...) +CVE-2005-4820 NOT-FOR-US: SMC -CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions ...) +CVE-2005-4819 NOT-FOR-US: Lotus Domino -CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow ...) +CVE-2005-4818 NOT-FOR-US: Copernicus Europa -CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) ...) +CVE-2005-4817 - tmsnc 0.2.5-1 -CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...) +CVE-2005-4816 {DSA-1245-1} - proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium) -CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...) +CVE-2005-4815 NOT-FOR-US: SAP -CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...) +CVE-2005-4814 NOT-FOR-US: Segue CMS -CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...) +CVE-2005-4813 NOT-FOR-US: Business Objects Crystal Reports -CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...) +CVE-2005-4812 NOT-FOR-US: SISCO OSI stack for Windows -CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...) +CVE-2005-4811 {DSA-1304} - linux-2.6 2.6.14 -CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...) +CVE-2005-4810 NOT-FOR-US: Microsoft -CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...) +CVE-2005-4809 - mozilla <removed> (low) - firefox <not-affected> (at least 1.5.0.6 is not vulnerable) - xulrunner <not-affected> [sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport) -CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...) +CVE-2005-4808 - binutils 2.17-1 (low) [sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations) -CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...) +CVE-2005-4807 - binutils 2.17-1 (low) [sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations) -CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...) +CVE-2005-2468 NOT-FOR-US: MySQL Eventum -CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...) +CVE-2005-2467 NOT-FOR-US: MySQL Eventum -CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...) +CVE-2005-2466 NOT-FOR-US: OpenBook -CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...) +CVE-2005-2465 NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS -CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...) +CVE-2005-2464 NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS -CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...) +CVE-2005-2463 NOT-FOR-US: Kayako liveResponse -CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...) +CVE-2005-2462 NOT-FOR-US: Kayako liveResponse -CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...) +CVE-2005-2461 NOT-FOR-US: Kayako liveResponse -CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...) +CVE-2005-2460 NOT-FOR-US: Kayako liveResponse -CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...) +CVE-2005-4806 NOT-FOR-US: Sun Java System Web Proxy Server -CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...) +CVE-2005-4805 NOT-FOR-US: Sun Java System Application Server -CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...) +CVE-2005-4804 NOT-FOR-US: Sun Java System Application Server -CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll ...) +CVE-2005-1755 NOT-FOR-US: PHP Poll Creator -CVE-2005-1754 (** DISPUTED ** ...) +CVE-2005-1754 NOT-FOR-US: JavaMail API NOTE: vulnerable file not in Debian -CVE-2005-1753 (** DISPUTED ** ...) +CVE-2005-1753 NOT-FOR-US: JavaMail API NOTE: vulnerable file not in Debian -CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...) +CVE-2005-1752 - gforge 3.1-30 NOTE: viewFile.php disabled in 3.1-30 -CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...) +CVE-2005-4803 {DSA-857-1} - graphviz 2.2.1-1sarge1 (bug #336985; low) -CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...) +CVE-2005-4802 {DSA-1216} - flexbackup 1.2.1-3 (bug #334350; low) -CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...) +CVE-2005-4801 NOT-FOR-US: YaPIG -CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...) +CVE-2005-4800 NOT-FOR-US: YaPIG -CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...) +CVE-2005-4799 NOT-FOR-US: YaPIG -CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...) +CVE-2005-4798 {DSA-1184-2 DSA-1183-1} - linux-2.6 <not-affected> -CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...) +CVE-2005-4797 NOT-FOR-US: Solaris -CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...) +CVE-2005-4796 - xview <not-affected> (xview on Solaris) NOTE: Is only relevant for suid binaries, but xview is not really suitable for NOTE: those anyway. Exact information is not available, but a similar problem NOTE: is already fixed in the Debian package. -CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library ...) +CVE-2005-4795 NOT-FOR-US: Solaris -CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...) +CVE-2005-4794 NOT-FOR-US: Cisco -CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...) +CVE-2005-4793 NOT-FOR-US: Hitachi -CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...) +CVE-2005-4792 NOT-FOR-US: phpWebSite -CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...) +CVE-2005-4791 {DTSA-107-1} - beagle 0.2.13-1 (low) [etch] - beagle <no-dsa> (Minor issue) @@ -288,417 +288,417 @@ CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 - blam 1.8.4-1 (low) [etch] - blam <no-dsa> (Minor issue) NOTE: lintian bug filed: #451559 -CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...) +CVE-2005-4790 - tomboy 0.8.1-2 (low) [etch] - tomboy <no-dsa> (Minor issue) -CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...) +CVE-2005-4789 - resmgr <not-affected> -CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...) +CVE-2005-4788 - resmgr <not-affected> -CVE-2005-4787 (** DISPUTED ** ...) +CVE-2005-4787 NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart -CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...) +CVE-2005-4786 NOT-FOR-US: HAURI anti-virus -CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...) +CVE-2005-4785 NOT-FOR-US: QuickBlogger -CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...) +CVE-2005-4784 NOTE: this does not affect linux -CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...) +CVE-2005-4783 NOT-FOR-US: NetBSD -CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...) +CVE-2005-4782 NOT-FOR-US: NetBSD -CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...) +CVE-2005-4781 NOT-FOR-US: SergiD Top Music module -CVE-2005-4780 (** DISPUTED ** ...) +CVE-2005-4780 NOT-FOR-US: LightHouse CMS -CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...) +CVE-2005-4779 NOT-FOR-US: NetBSD -CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...) +CVE-2005-4778 - powersave 0.12.7-1 NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find -CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...) +CVE-2005-4777 NOT-FOR-US: Tashcom ASPEdit -CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...) +CVE-2005-4776 NOT-FOR-US: NetBSD -CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...) +CVE-2005-4775 NOT-FOR-US: Contineo -CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...) +CVE-2005-4774 NOT-FOR-US: Xerver -CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...) +CVE-2005-4773 NOT-FOR-US: VMware -CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...) +CVE-2005-4772 NOT-FOR-US: YaST -CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...) +CVE-2005-4771 NOT-FOR-US: Trusted Mobility Agent -CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise ...) +CVE-2005-4770 NOT-FOR-US: Accelerated E Solutions -CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...) +CVE-2005-4769 NOT-FOR-US: Belchior Foundry vCard -CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...) +CVE-2005-4768 NOT-FOR-US: Tux Racer TuxBank -CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...) +CVE-2005-4767 NOT-FOR-US: BEA WebLogic -CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) +CVE-2005-4766 NOT-FOR-US: BEA WebLogic -CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 ...) +CVE-2005-4765 NOT-FOR-US: BEA WebLogic -CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out ...) +CVE-2005-4764 NOT-FOR-US: BEA WebLogic -CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) +CVE-2005-4763 NOT-FOR-US: BEA WebLogic -CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) +CVE-2005-4762 NOT-FOR-US: BEA WebLogic -CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...) +CVE-2005-4761 NOT-FOR-US: BEA WebLogic -CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...) +CVE-2005-4760 NOT-FOR-US: BEA WebLogic -CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a ...) +CVE-2005-4759 NOT-FOR-US: BEA WebLogic -CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...) +CVE-2005-4758 NOT-FOR-US: BEA WebLogic -CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...) +CVE-2005-4757 NOT-FOR-US: BEA WebLogic -CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) +CVE-2005-4756 NOT-FOR-US: BEA WebLogic -CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) ...) +CVE-2005-4755 NOT-FOR-US: BEA WebLogic -CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow ...) +CVE-2005-4754 NOT-FOR-US: BEA WebLogic -CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) +CVE-2005-4753 NOT-FOR-US: BEA WebLogic -CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) +CVE-2005-4752 NOT-FOR-US: BEA WebLogic -CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) +CVE-2005-4751 NOT-FOR-US: BEA WebLogic -CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...) +CVE-2005-4750 NOT-FOR-US: BEA WebLogic -CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and ...) +CVE-2005-4749 NOT-FOR-US: BEA WebLogic -CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in ...) +CVE-2005-4748 NOT-FOR-US: Virtual War -CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...) +CVE-2005-4747 NOT-FOR-US: WebHost Automation Ltd Helm -CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...) +CVE-2005-4746 {DSA-1145-1} - freeradius 1.0.5-1 -CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...) +CVE-2005-4745 {DSA-1145-1} - freeradius 1.0.5-1 -CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...) +CVE-2005-4744 {DSA-1089-1} - freeradius 1.0.5-1 -CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp ...) +CVE-2005-4743 NOT-FOR-US: NeLogic Nephp Publisher -CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to ...) +CVE-2005-4742 NOT-FOR-US: Echelog -CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...) +CVE-2005-4741 NOT-FOR-US: NetBSD -CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...) +CVE-2005-4740 NOT-FOR-US: IBM DB2 -CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 ...) +CVE-2005-4739 NOT-FOR-US: IBM DB2 -CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...) +CVE-2005-4738 NOT-FOR-US: IBM DB2 -CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows ...) +CVE-2005-4737 NOT-FOR-US: IBM DB2 -CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote ...) +CVE-2005-4736 NOT-FOR-US: IBM DB2 -CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote ...) +CVE-2005-4735 NOT-FOR-US: IBM DB2 -CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...) +CVE-2005-4734 NOT-FOR-US: RSA Authentication Agent for Web -CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...) +CVE-2005-4733 NOT-FOR-US: NetBSD -CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2005-4732 NOT-FOR-US: TuxBank CVE-2005-XXXX [xsupplicant information leak] - xsupplicant 1.0.1-5 (bug #317703; low) -CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...) +CVE-2005-4731 NOT-FOR-US: PEAR HTML_QuickForm_Controller -CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...) +CVE-2005-4730 NOT-FOR-US: PEAR Text_Password -CVE-2005-4729 (SQL injection vulnerability in show.php in VBZooM Forum allows remote ...) +CVE-2005-4729 NOT-FOR-US: VBZooM -CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...) +CVE-2005-4728 - amaya 9.4-1 (bug #341424) [sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set) -CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...) +CVE-2005-4727 NOT-FOR-US: gBook -CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...) +CVE-2005-4726 NOT-FOR-US: MUTE -CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...) +CVE-2005-4725 NOT-FOR-US: Geeklog -CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...) +CVE-2005-4724 NOT-FOR-US: PhpTagCool -CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...) +CVE-2005-4723 NOT-FOR-US: D-Link hardware -CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...) +CVE-2005-4722 NOT-FOR-US: tmsPUBLISHER -CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...) +CVE-2005-4721 NOT-FOR-US: tmsPUBLISHER -CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...) +CVE-2005-4720 {DSA-1044-1} - mozilla-firefox 1.5.dfsg+1.5.0.2 (low) - firefox 1.5.dfsg-1 -CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...) +CVE-2005-4719 NOT-FOR-US: Sysbotz Systems Panel -CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-4718 NOT-FOR-US: Opera -CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...) +CVE-2005-4717 NOT-FOR-US: Microsoft -CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...) +CVE-2005-4716 NOT-FOR-US: Hitachi TP1 -CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...) +CVE-2005-4715 NOT-FOR-US: PHP-Nuke -CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...) +CVE-2005-4714 NOT-FOR-US: OpenVMPS -CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...) +CVE-2005-4713 - pam-mysql 0.6.2-1 (bug #353589; low) [sarge] - pam-mysql <not-affected> (Vulnerable code not present) -CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...) +CVE-2005-4712 NOT-FOR-US: Handicapper -CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...) +CVE-2005-4711 NOT-FOR-US: Land Down Under -CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...) +CVE-2005-4710 NOT-FOR-US: AutoCAD -CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...) +CVE-2005-4709 NOT-FOR-US: JBoss Enterprise Java Beans -CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...) +CVE-2005-4708 NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client) -CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) +CVE-2005-4707 NOT-FOR-US: PHP GEN -CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...) +CVE-2005-4706 NOT-FOR-US: Solaris 10 -CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) +CVE-2005-4705 NOT-FOR-US: BEA WebLogic -CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) +CVE-2005-4704 NOT-FOR-US: BEA WebLogic -CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...) +CVE-2005-4703 NOT-FOR-US: Windows Tomcat vulnerability -CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...) +CVE-2005-4702 NOT-FOR-US: IPBProArcade -CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...) +CVE-2005-4701 NOT-FOR-US: Solaris 10 -CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...) +CVE-2005-4700 NOT-FOR-US: TellMe -CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...) +CVE-2005-4699 NOT-FOR-US: TellMe -CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...) +CVE-2005-4698 NOT-FOR-US: TellMe -CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...) +CVE-2005-4697 NOT-FOR-US: Microsoft -CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...) +CVE-2005-4696 NOT-FOR-US: Microsoft -CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...) +CVE-2005-4695 NOT-FOR-US: Symantec Brightmail AntiSpam -CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) +CVE-2005-4694 NOT-FOR-US: WebGUI -CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) +CVE-2005-4693 - gaim-encryption 3.0~beta5-3 (low; bug #337127) [sarge] - gaim-encryption <no-dsa> (Minor issue) -CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) +CVE-2005-4692 NOT-FOR-US: mroovca -CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) +CVE-2005-4691 NOT-FOR-US: NetBSD -CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...) +CVE-2005-4690 NOT-FOR-US: Six Apart Movable Type -CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...) +CVE-2005-4689 NOT-FOR-US: Six Apart Movable Type -CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...) +CVE-2005-4688 NOT-FOR-US: PunBB -CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's ...) +CVE-2005-4687 NOT-FOR-US: PunBB -CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...) +CVE-2005-4686 NOT-FOR-US: PunBB -CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...) +CVE-2005-4685 NOTE: see CVE-2005-4684 - firefox <removed> (unimportant) - iceweasel <removed> (unimportant) - mozilla <removed> (unimportant) [sarge] - mozilla <no-dsa> (Hardly exploitable) - xulrunner <unfixed> (unimportant) -CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...) +CVE-2005-4684 NOTE: http://www.redhat.com/archives/fedora-extras-commits/2006-August/msg01104.html says "ignore (kdebase) not fixed upstream, low, can't fix" - kdebase <unfixed> (unimportant) [sarge] - kdebase <no-dsa> (Hardly exploitable) -CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...) +CVE-2005-4683 - migrationtools 46-2.1 (bug #338920; unimportant) NOTE: The temp fix makes use of TMPDIR -CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...) +CVE-2005-4682 NOT-FOR-US: AudienceView -CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...) +CVE-2005-4681 NOT-FOR-US: mIRC -CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...) +CVE-2005-4680 NOT-FOR-US: Sophos Anti-Virus -CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...) +CVE-2005-4679 NOT-FOR-US: Internet Explorer 6 -CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...) +CVE-2005-4678 NOT-FOR-US: Apple -CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...) +CVE-2005-4677 NOT-FOR-US: osCommerce -CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...) +CVE-2005-4676 - exiv2 0.9 -CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...) +CVE-2005-4675 NOT-FOR-US: Complete PHP Counter -CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...) +CVE-2005-4674 NOT-FOR-US: Complete PHP Counter -CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...) +CVE-2005-4673 NOT-FOR-US: ioFTPD -CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...) +CVE-2005-4672 NOT-FOR-US: CityPost Simple Image-Editor -CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...) +CVE-2005-4671 NOT-FOR-US: CityPost Simple PHP Upload -CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...) +CVE-2005-4670 NOT-FOR-US: CityPost Simple PHP Upload -CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...) +CVE-2005-4669 NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin -CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...) +CVE-2005-4668 NOT-FOR-US: ParoxProxy -CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted ...) +CVE-2005-4667 {DSA-1012-1} - unzip 5.52-7 (low; bug #349794) -CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...) +CVE-2005-4666 NOT-FOR-US: PHlyMail -CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...) +CVE-2005-4665 NOT-FOR-US: PunBB -CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...) +CVE-2005-4664 NOT-FOR-US: OcoMon -CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...) +CVE-2005-4663 NOT-FOR-US: OcoMon -CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...) +CVE-2005-4662 NOT-FOR-US: OcoMon -CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...) +CVE-2005-4661 NOT-FOR-US: Campsite -CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...) +CVE-2005-4660 NOT-FOR-US: IPCop -CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...) +CVE-2005-4659 NOT-FOR-US: IPCop -CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-4658 NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase -CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...) +CVE-2005-4657 NOT-FOR-US: Ocean12 -CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...) +CVE-2005-4656 NOT-FOR-US: TClanPortal -CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...) +CVE-2005-4655 NOT-FOR-US: PHP-Fusion -CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...) +CVE-2005-4654 NOT-FOR-US: Oracle -CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...) +CVE-2005-4653 NOT-FOR-US: AL-Caricatier -CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...) +CVE-2005-4652 NOT-FOR-US: PHlyMail -CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...) +CVE-2005-4651 NOT-FOR-US: AlstraSoft EPay Pro -CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which ...) +CVE-2005-4650 NOT-FOR-US: Joomla! -CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...) +CVE-2005-4649 NOT-FOR-US: Advanced Guestbook -CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...) +CVE-2005-4648 NOT-FOR-US: Illustrate dBpowerAMP Music Converter -CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...) +CVE-2005-4647 NOT-FOR-US: PEARLINGER Pearl Forums -CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...) +CVE-2005-4646 NOT-FOR-US: PEARLINGER Pearl Forums -CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...) +CVE-2005-4645 NOT-FOR-US: 3CFR -CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...) +CVE-2005-4644 {DSA-951-2} - trac 0.9.3-1 [sarge] - trac 0.8.1-3sarge4 (medium) -CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...) +CVE-2005-4643 NOT-FOR-US: Antharia OnContent -CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...) +CVE-2005-4642 NOT-FOR-US: HydroBB -CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote ...) +CVE-2005-4641 NOT-FOR-US: eazyCMS -CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...) +CVE-2005-4640 NOT-FOR-US: class-1 Poll -CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...) +CVE-2005-4639 - linux-2.6 2.6.15-1 (low) -CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote ...) +CVE-2005-4638 NOT-FOR-US: Kayako SupportSuite -CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2005-4637 NOT-FOR-US: Kayako SupportSuite -CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...) +CVE-2005-4636 - openoffice.org <unfixed> (unimportant) NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser. NOTE: If the admin doesn't web browsing, why is one installed/enabled? -CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...) +CVE-2005-4635 NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms -CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...) +CVE-2005-4634 NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-4633 REJECTED -CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...) +CVE-2005-4632 NOT-FOR-US: Vote!Pro -CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...) +CVE-2005-4631 NOT-FOR-US: Zina -CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...) +CVE-2005-4630 NOT-FOR-US: ClientExec -CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...) +CVE-2005-4629 NOT-FOR-US: SMBCMS -CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...) +CVE-2005-4628 NOT-FOR-US: HelpDeskPoint -CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...) +CVE-2005-4627 NOT-FOR-US: GmailSite -CVE-2005-4626 (The default configuration of Recruitment Software installs ...) +CVE-2005-4626 NOT-FOR-US: Recruitment Software -CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...) +CVE-2005-4625 NOT-FOR-US: Strange Windows drivers -CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...) +CVE-2005-4624 NOT-FOR-US: PTnet ircd -CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...) +CVE-2005-4623 NOT-FOR-US: eFileGo -CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...) +CVE-2005-4622 NOT-FOR-US: eFileGo -CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...) +CVE-2005-4621 NOT-FOR-US: vBulletin -CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...) +CVE-2005-4620 NOT-FOR-US: WinRAR -CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...) +CVE-2005-4619 NOT-FOR-US: phpoutsourcing Zorum Forum -CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...) +CVE-2005-4618 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.15-1 CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution] - b2evolution 0.9.1b-4 (bug #344000) -CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...) +CVE-2005-4617 NOT-FOR-US: cSupport -CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...) +CVE-2005-4616 NOT-FOR-US: iSupport -CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...) +CVE-2005-4615 NOT-FOR-US: DapperDesk -CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...) +CVE-2005-4614 NOT-FOR-US: digiSHOP -CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...) +CVE-2005-4613 NOT-FOR-US: VUBB alpha -CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...) +CVE-2005-4612 NOT-FOR-US: VUBB alpha -CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...) +CVE-2005-4611 NOT-FOR-US: Free ClickBank -CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...) +CVE-2005-4610 - dopewars <not-affected> (According to upstream Windows-specific) -CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...) +CVE-2005-4609 NOT-FOR-US: BugPort -CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...) +CVE-2005-4608 NOT-FOR-US: BugPort -CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...) +CVE-2005-4607 NOT-FOR-US: BugPort -CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...) +CVE-2005-4606 NOT-FOR-US: Web Wiz -CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...) +CVE-2005-4605 {DSA-1017-1} - linux-2.6 2.6.15-1 - kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check) CVE-2005-XXXX [xshisen follows symlinks for shared gid games files] - xshisen 1.51-1-2 (bug #291613) -CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...) +CVE-2005-4604 - mtink <not-affected> (mtink not installed SUID root) -CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...) +CVE-2005-4603 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...) +CVE-2005-4602 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...) +CVE-2005-4600 - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) - moodle <not-affected> (has newer version) - wordpress 2.5.1-3 @@ -706,133 +706,133 @@ CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress NOTE: uses the system copy of tinymce and the exact fixed version is not NOTE: really determinably anymore -CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...) +CVE-2005-4599 - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) -CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...) +CVE-2005-4598 NOT-FOR-US: OoApp Guestbook -CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...) +CVE-2005-4597 NOT-FOR-US: iPei Guestbook -CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...) +CVE-2005-4596 NOT-FOR-US: AdesGuestbook -CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView ...) +CVE-2005-4595 NOT-FOR-US: NView and XnView, different from nview from nvi -CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers ...) +CVE-2005-4594 NOT-FOR-US: TUGZip -CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...) +CVE-2005-4593 NOT-FOR-US: phpDocumentor -CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows ...) +CVE-2005-4592 - bogofilter 0.96.3 [sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected) -CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...) +CVE-2005-4591 - bogofilter 0.96.3 [sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode) -CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...) +CVE-2005-4590 NOT-FOR-US: Spb Kiosk Engine -CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...) +CVE-2005-4589 NOT-FOR-US: Spb Kiosk Engine -CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote ...) +CVE-2005-4588 NOT-FOR-US: Koobi -CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...) +CVE-2005-4587 NOT-FOR-US: Juniper -CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 ...) +CVE-2005-4586 NOT-FOR-US: PHPSurveyor CVE-2005-XXXX [snort: DoS in verbose mode] - snort 2.3.3-2 (bug #328134; low) [woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134) [sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134) -CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers ...) +CVE-2005-4601 {DSA-957-2} - imagemagick 6:6.2.4.5-0.6 (bug #345238; medium) NOTE: Exploitable through Gnus and Thunderbird. - graphicsmagick 1.1.7-1 -CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...) +CVE-2005-4585 - ethereal 0.10.14-1 (bug #345243; low) NOTE: This affects Woody and Sarge -CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...) +CVE-2005-4584 - bzflag 2.0.6.20060412-1 (bug #345245; low) [sarge] - bzflag <no-dsa> (Minor DoS against a game) -CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...) +CVE-2005-4583 NOT-FOR-US: VMWare -CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity ...) +CVE-2005-4582 - electricsheep 2.6.3+cvs20051206-1 (unimportant) NOTE: Even an authenticated server might serve unwanted content, so NOTE: this can't be considered a real vulnerability. -CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to ...) +CVE-2005-4581 - electricsheep 2.6.3+cvs20051206-1 (unimportant) NOTE: This does not seem to be exploitable. -CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...) +CVE-2005-4580 NOT-FOR-US: Day Communique -CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...) +CVE-2005-4579 NOT-FOR-US: Hitachi Business Logic -CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...) +CVE-2005-4578 NOT-FOR-US: Hitachi Business Logic -CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) +CVE-2005-4577 NOT-FOR-US: Hitachi Business Logic -CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2005-4576 NOT-FOR-US: Fatwire Update Engine -CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote ...) +CVE-2005-4575 NOT-FOR-US: CommonSpot Content Server -CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin ...) +CVE-2005-4574 {DSA-1201-1} NOT-FOR-US: CommonSpot Content Server -CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in ...) +CVE-2005-4573 NOT-FOR-US: Plogger -CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...) +CVE-2005-4572 NOT-FOR-US: myEZshop Shopping Cart -CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart ...) +CVE-2005-4571 NOT-FOR-US: myEZshop Shopping Cart -CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in ...) +CVE-2005-4570 NOT-FOR-US: FortiOS -CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology ...) +CVE-2005-4569 NOT-FOR-US: FTGate -CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...) +CVE-2005-4568 NOT-FOR-US: FTGate -CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate ...) +CVE-2005-4567 NOT-FOR-US: FTGate -CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...) +CVE-2005-4566 NOT-FOR-US: NetVanta -CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 ...) +CVE-2005-4565 NOT-FOR-US: NetVanta -CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...) +CVE-2005-4564 NOT-FOR-US: NetVanta -CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...) +CVE-2005-4563 NOT-FOR-US: Enterprise Heart Enterprise Connector CVE-2005-4562 REJECTED CVE-2005-4561 REJECTED -CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...) +CVE-2005-4560 {CVE-2006-0106} NOT-FOR-US: Microsoft -CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...) +CVE-2005-4559 NOT-FOR-US: IceWarp Web Mail -CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and ...) +CVE-2005-4558 NOT-FOR-US: IceWarp Web Mail -CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...) +CVE-2005-4557 NOT-FOR-US: IceWarp Web Mail -CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as ...) +CVE-2005-4556 NOT-FOR-US: IceWarp Web Mail -CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web ...) +CVE-2005-4555 NOT-FOR-US: DEV web management system -CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system ...) +CVE-2005-4554 NOT-FOR-US: DEV web management system -CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...) +CVE-2005-4553 NOT-FOR-US: Golden FTP Server -CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...) +CVE-2005-4552 NOT-FOR-US: Sun Solaris PC NetLink -CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl ...) +CVE-2005-4551 NOT-FOR-US: codegrrl SimpBook -CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion ...) +CVE-2005-4550 NOT-FOR-US: Oracle -CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...) +CVE-2005-4549 NOT-FOR-US: Oracle -CVE-2005-4548 (SQL injection vulnerability in the "user area" in RWS Statistics ...) +CVE-2005-4548 NOT-FOR-US: RWS Statistics Counter -CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...) +CVE-2005-4547 NOT-FOR-US: eggblog -CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...) +CVE-2005-4546 NOT-FOR-US: eggblog -CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...) +CVE-2005-4545 NOT-FOR-US: NetDirect ShopEngine CVE-2005-4544 REJECTED @@ -850,140 +850,140 @@ CVE-2005-4538 REJECTED CVE-2005-4537 REJECTED -CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is ...) +CVE-2005-4536 {DSA-960-3} - libmail-audit-perl 2.1-5.1 (bug #344029; medium) CVE-2005-4535 REJECTED -CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...) +CVE-2005-4533 {DSA-969-1} - scponly 4.6-1 (bug #344418) -CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...) +CVE-2005-4532 {DSA-969-1} - scponly 4.6-1 (bug #344418) CVE-2005-4531 REJECTED -CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) +CVE-2005-4530 NOT-FOR-US: EPay Enterprise -CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...) +CVE-2005-4529 NOT-FOR-US: phpBB addon -CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...) +CVE-2005-4528 NOT-FOR-US: phpBB addon -CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...) +CVE-2005-4527 NOT-FOR-US: Direct News -CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...) +CVE-2005-4526 NOT-FOR-US: MIMEsweeper For Web -CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...) +CVE-2005-4525 NOT-FOR-US: Sygate -CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...) +CVE-2005-4524 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...) +CVE-2005-4523 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2005-4522 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...) +CVE-2005-4521 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis ...) +CVE-2005-4520 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...) +CVE-2005-4519 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...) +CVE-2005-4518 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...) +CVE-2005-4517 NOT-FOR-US: PHP-Fusion -CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...) +CVE-2005-4516 NOT-FOR-US: PHP-Fusion -CVE-2005-4515 (** DISPUTED ** ...) +CVE-2005-4515 NOT-FOR-US: WebDB -CVE-2005-4514 (** DISPUTED ** ...) +CVE-2005-4514 NOT-FOR-US: Webwasher -CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...) +CVE-2005-4513 NOT-FOR-US: WANDSOFT e-SEARCH -CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...) +CVE-2005-4512 NOT-FOR-US: WAXTRAPP -CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...) +CVE-2005-4511 NOT-FOR-US: TN3270 Resource Gateway -CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...) +CVE-2005-4510 NOT-FOR-US: Netpublish Server -CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...) +CVE-2005-4509 NOT-FOR-US: pTools -CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...) +CVE-2005-4508 NOT-FOR-US: Nexus Concepts Dev Hound -CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...) +CVE-2005-4507 NOT-FOR-US: Nexus Concepts Dev Hound -CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...) +CVE-2005-4506 NOT-FOR-US: Nexus Concepts Dev Hound -CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...) +CVE-2005-4505 NOT-FOR-US: McAfee -CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...) +CVE-2005-4504 - kdelibs <not-affected> NOTE: Konqueror from sid doesn't crash, will test an older version later -CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...) +CVE-2005-4503 NOT-FOR-US: httprint -CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...) +CVE-2005-4502 NOT-FOR-US: httprint -CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded "internal placeholder ...) +CVE-2005-4501 - mediawiki 1.4.13-1 (bug #345280) -CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...) +CVE-2005-4500 NOT-FOR-US: MusicBox -CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...) +CVE-2005-4499 NOT-FOR-US: Cisco -CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...) +CVE-2005-4498 NOT-FOR-US: Text-e -CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...) +CVE-2005-4497 NOT-FOR-US: Tangora Portal -CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...) +CVE-2005-4496 NOT-FOR-US: Syntax CMS -CVE-2005-4495 (** DISPUTED ** ...) +CVE-2005-4495 NOT-FOR-US: SpireMedia -CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...) +CVE-2005-4494 - spip 2.0.6-1 (medium; bug #352078) -CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier ...) +CVE-2005-4493 NOT-FOR-US: SpearTek -CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 ...) +CVE-2005-4492 NOT-FOR-US: Starphire SiteSage -CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...) +CVE-2005-4491 NOT-FOR-US: Sitekit CMS -CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and ...) +CVE-2005-4490 NOT-FOR-US: SCOOP! -CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier ...) +CVE-2005-4489 NOT-FOR-US: Scoop -CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in ...) +CVE-2005-4488 NOT-FOR-US: Redakto WCMS -CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...) +CVE-2005-4487 NOT-FOR-US: RAMSite -CVE-2005-4486 (** DISPUTED ** ...) +CVE-2005-4486 NOT-FOR-US: Quantum Art -CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...) +CVE-2005-4485 NOT-FOR-US: ProjectApp -CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...) +CVE-2005-4484 NOT-FOR-US: IntranetApp -CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable ...) +CVE-2005-4483 NOT-FOR-US: SiteEnable -CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...) +CVE-2005-4482 NOT-FOR-US: PortalApp -CVE-2005-4481 (** DISPUTED ** ...) +CVE-2005-4481 NOT-FOR-US: Polypoly -CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and ...) +CVE-2005-4480 NOT-FOR-US: Plexcor CMS -CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and ...) +CVE-2005-4479 NOT-FOR-US: phpSlash -CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier ...) +CVE-2005-4478 NOT-FOR-US: Papoo -CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and ...) +CVE-2005-4477 NOT-FOR-US: papaya CMS -CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...) +CVE-2005-4476 NOT-FOR-US: OpenEdit -CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...) +CVE-2005-4475 NOT-FOR-US: OpenCms -CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...) +CVE-2005-4534 {DSA-1208-1} - bugzilla 2.18 (bug #329387; low) NOTE: The vulnerable script has been removed in the 2.18 upstream release @@ -991,361 +991,361 @@ CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran] - libjpeg6b 6b-11 (bug #340079; low) [woody] - libjpeg6b <not-affected> (Does not include exifautotran) [sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable) -CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...) +CVE-2005-4474 NOT-FOR-US: WinRAR -CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...) +CVE-2005-4473 NOT-FOR-US: Macromedia JRun 4 web server -CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...) +CVE-2005-4472 NOT-FOR-US: Macromedia JRun 4 web server -CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...) +CVE-2005-4471 NOT-FOR-US: Avaya Modular Messaging Message Storage Server -CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...) +CVE-2005-4470 {DSA-1039-1 DTSA-29-1} - blender 2.40-1 (bug #344398; medium) [woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only) -CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...) +CVE-2005-4469 NOT-FOR-US: PHPGedView -CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...) +CVE-2005-4468 NOT-FOR-US: PHPGedView -CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...) +CVE-2005-4467 NOT-FOR-US: PHPGedView -CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...) +CVE-2005-4466 NOT-FOR-US: SIP Proxy -CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...) +CVE-2005-4465 NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000 -CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...) +CVE-2005-4464 NOT-FOR-US: Ingate Firewall / SIParator -CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...) +CVE-2005-4463 - wordpress 1.5.2-1 (unimportant) NOTE: Only path disclosure -CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...) +CVE-2005-4462 NOT-FOR-US: Tolva PHP website system -CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...) +CVE-2005-4461 NOT-FOR-US: Beehive Forum -CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...) +CVE-2005-4460 NOT-FOR-US: Beehive Forum -CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...) +CVE-2005-4459 NOT-FOR-US: VMWare -CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...) +CVE-2005-4458 NOT-FOR-US: Metadot Portal Server -CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...) +CVE-2005-4457 NOT-FOR-US: MailEnable -CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...) +CVE-2005-4456 NOT-FOR-US: MailEnable -CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...) +CVE-2005-4455 NOT-FOR-US: livejournal NOTE: liblivejournal-perl doesn't seem to embed any of the affected code -CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...) +CVE-2005-4454 NOT-FOR-US: livejournal NOTE: liblivejournal-perl doesn't seem to embed any of the affected code -CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...) +CVE-2005-4453 NOT-FOR-US: Ultraapps Issue Manager -CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...) +CVE-2005-4452 NOT-FOR-US: Information Call Center -CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...) +CVE-2005-4451 NOT-FOR-US: HP-UX -CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...) +CVE-2005-4450 NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349 -CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...) +CVE-2005-4449 NOT-FOR-US: FlatNuke -CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...) +CVE-2005-4448 NOT-FOR-US: FlatNuke -CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...) +CVE-2005-4447 NOT-FOR-US: phpCOIN -CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...) +CVE-2005-4446 NOT-FOR-US: ASPBite -CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows ...) +CVE-2005-4445 NOT-FOR-US: Pegasus Mail -CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in ...) +CVE-2005-4444 NOT-FOR-US: Pegasus Mail -CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...) +CVE-2005-4443 - gauche <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...) +CVE-2005-4442 - openldap2 <not-affected> (Gentoo-specific packaging flaw) - openldap2.2 <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...) +CVE-2005-4441 NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels -CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...) +CVE-2005-4440 NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels -CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...) +CVE-2005-4439 {DSA-967-1} - elog 2.6.1+r1642-1 (bug #349528; high) -CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...) +CVE-2005-4438 NOT-FOR-US: Dec2Rar -CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...) +CVE-2005-4437 NOT-FOR-US: IOS -CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...) +CVE-2005-4436 NOT-FOR-US: IOS -CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...) +CVE-2005-4435 NOT-FOR-US: AbleDesign D-Man -CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...) +CVE-2005-4434 NOT-FOR-US: AbleDesign ReSearch -CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...) +CVE-2005-4433 NOT-FOR-US: Esselbach Storyteller CMS -CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...) +CVE-2005-4432 NOT-FOR-US: PlaySMS -CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...) +CVE-2005-4431 NOT-FOR-US: WowBB -CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...) +CVE-2005-4430 NOT-FOR-US: LogicBill -CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...) +CVE-2005-4429 NOT-FOR-US: CS-Cart -CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...) +CVE-2005-4428 NOT-FOR-US: Cerberus Helpdesk -CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow ...) +CVE-2005-4427 NOT-FOR-US: Cerberus Helpdesk -CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...) +CVE-2005-4426 NOT-FOR-US: YaBB -CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...) +CVE-2005-4425 NOT-FOR-US: Kerio Firewall -CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...) +CVE-2005-4424 NOT-FOR-US: PHPKIT -CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows ...) +CVE-2005-4423 NOT-FOR-US: PHPFM -CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 ...) +CVE-2005-4422 NOT-FOR-US: toendaCMS -CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...) +CVE-2005-4421 NOT-FOR-US: Dev-Editor -CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...) +CVE-2005-4420 NOT-FOR-US: Honeycomb Archive Enterprise -CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...) +CVE-2005-4419 NOT-FOR-US: Honeycomb Archive Enterprise -CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...) +CVE-2005-4417 NOT-FOR-US: Widcomm Bluetooth for Windows -CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...) +CVE-2005-4416 NOT-FOR-US: TML CMS -CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 ...) +CVE-2005-4415 NOT-FOR-US: TML CMS -CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown ...) +CVE-2005-4414 NOT-FOR-US: Teamwork 3 -CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...) +CVE-2005-4413 NOT-FOR-US: Websphere -CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user ...) +CVE-2005-4412 NOT-FOR-US: Citrix -CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote ...) +CVE-2005-4411 NOT-FOR-US: Mercury Mail Transport System -CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...) +CVE-2005-4410 NOT-FOR-US: NQcontent -CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier ...) +CVE-2005-4409 NOT-FOR-US: MMBase -CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...) +CVE-2005-4408 NOT-FOR-US: Miraserver -CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...) +CVE-2005-4407 NOT-FOR-US: Mercury CMS -CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...) +CVE-2005-4406 NOT-FOR-US: Mercury CMS -CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...) +CVE-2005-4405 NOT-FOR-US: Red Queen -CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...) +CVE-2005-4404 NOT-FOR-US: Media2 CMS -CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...) +CVE-2005-4403 NOT-FOR-US: Marwel -CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...) +CVE-2005-4402 NOT-FOR-US: MailEnable Professional -CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...) +CVE-2005-4401 NOT-FOR-US: Lutece -CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...) +CVE-2005-4400 NOT-FOR-US: Liferay Portal Professional -CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...) +CVE-2005-4399 NOT-FOR-US: Libertas Enterprise CMS -CVE-2005-4398 (** DISPUTED ** ...) +CVE-2005-4398 NOT-FOR-US: lemoon -CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...) +CVE-2005-4397 NOT-FOR-US: iCMS -CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...) +CVE-2005-4396 NOT-FOR-US: iCMS -CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...) +CVE-2005-4395 NOT-FOR-US: FarCry -CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...) +CVE-2005-4394 NOT-FOR-US: EPiX -CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...) +CVE-2005-4393 NOT-FOR-US: e-publish CMS -CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...) +CVE-2005-4392 NOT-FOR-US: e-publish CMS -CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...) +CVE-2005-4391 NOT-FOR-US: damoon -CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...) +CVE-2005-4390 NOT-FOR-US: ContentServ -CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...) +CVE-2005-4389 NOT-FOR-US: CONTENS -CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...) +CVE-2005-4388 NOT-FOR-US: CONTENS -CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...) +CVE-2005-4387 NOT-FOR-US: contenite -CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...) +CVE-2005-4386 NOT-FOR-US: Colony CMS -CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...) +CVE-2005-4385 NOT-FOR-US: Cofax -CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...) +CVE-2005-4384 NOT-FOR-US: CitySoft Community Enterprise -CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...) +CVE-2005-4383 NOT-FOR-US: CitySoft Community Enterprise -CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...) +CVE-2005-4382 NOT-FOR-US: CitySoft Community Enterprise -CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...) +CVE-2005-4381 NOT-FOR-US: Caravel CMS -CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...) +CVE-2005-4380 NOT-FOR-US: Bitweaver -CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 ...) +CVE-2005-4379 NOT-FOR-US: Bitweaver -CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...) +CVE-2005-4378 NOT-FOR-US: Baseline CMS -CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...) +CVE-2005-4377 NOT-FOR-US: Baseline CMS -CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...) +CVE-2005-4376 NOT-FOR-US: Amaxus -CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...) +CVE-2005-4375 NOT-FOR-US: Amaxus -CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...) +CVE-2005-4374 NOT-FOR-US: Allinta -CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...) +CVE-2005-4373 NOT-FOR-US: Adaptive Website Framework -CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...) +CVE-2005-4372 NOT-FOR-US: Adaptive Website Framework -CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...) +CVE-2005-4371 NOT-FOR-US: Acidcat -CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...) +CVE-2005-4370 NOT-FOR-US: Acidcat -CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...) +CVE-2005-4369 NOT-FOR-US: Acuity CMS -CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...) +CVE-2005-4368 - roundcube <not-affected> (Quotes are stripped now and if the task can't be found there is a default of mail) -CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...) +CVE-2005-4367 NOT-FOR-US: DRZES HMS -CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...) +CVE-2005-4366 NOT-FOR-US: DRZES HMS -CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...) +CVE-2005-4365 NOT-FOR-US: FLIP -CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...) +CVE-2005-4364 NOT-FOR-US: Hot Banana Web Content Management Suite -CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...) +CVE-2005-4363 NOT-FOR-US: Komodo CMS -CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...) +CVE-2005-4362 NOT-FOR-US: Komodo CMS -CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...) +CVE-2005-4361 NOT-FOR-US: Magnolia Content Management Suite -CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...) +CVE-2005-4360 NOT-FOR-US: IIS -CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...) +CVE-2005-4359 NOT-FOR-US: ODFaq -CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...) +CVE-2005-4358 - phpbb2 <unfixed> (unimportant) -CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...) +CVE-2005-4357 - phpbb2 2.0.21-1 (bug #344674; low) [sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users) NOTE: According to the maintainer only affects a config option that is strongly NOTE: discouraged due to potential security problems -CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...) +CVE-2005-4356 NOT-FOR-US: UStore -CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...) +CVE-2005-4355 NOT-FOR-US: UStore -CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) +CVE-2005-4354 NOT-FOR-US: Webglimpse -CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...) +CVE-2005-4353 NOT-FOR-US: toendaCMS -CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...) +CVE-2005-4352 - linux-2.6 2.6.18-3 -CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...) +CVE-2005-4351 - linux-2.6 2.6.18-3 -CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...) +CVE-2005-4350 NOT-FOR-US: WBEM Services -CVE-2005-4349 (** DISPUTED ** ...) +CVE-2005-4349 - phpmyadmin <unfixed> (unimportant) NOTE: Only for authenticated used, will possibly be rejected -CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...) +CVE-2005-4348 {DSA-939-1} - fetchmail 6.3.1-1 (bug #343836; bug #345944; low) -CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...) +CVE-2005-4418 {DSA-1011-1} - util-vserver 0.30.208-1 -CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...) +CVE-2005-4347 {DSA-1011-1} - util-vserver 0.30.208-1 (bug #329090; medium) - kernel-patch-vserver 2.3 (bug #329087; medium) NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability -CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...) +CVE-2005-4346 NOT-FOR-US: phpBB Blog -CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...) +CVE-2005-4345 NOT-FOR-US: ColdFusion MX -CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...) +CVE-2005-4344 NOT-FOR-US: ColdFusion MX -CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...) +CVE-2005-4343 NOT-FOR-US: ColdFusion MX -CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...) +CVE-2005-4342 NOT-FOR-US: ColdFusion MX -CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...) +CVE-2005-4341 NOT-FOR-US: Academic Suite CVE-2005-4340 REJECTED -CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...) +CVE-2005-4339 NOT-FOR-US: Academic Suite -CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...) +CVE-2005-4338 NOT-FOR-US: Academic Suite -CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...) +CVE-2005-4337 NOT-FOR-US: Academic Suite -CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...) +CVE-2005-4336 NOT-FOR-US: ProjectForum -CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...) +CVE-2005-4335 NOT-FOR-US: ProjectForum -CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...) +CVE-2005-4334 NOT-FOR-US: ZixForum -CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...) +CVE-2005-4333 NOT-FOR-US: Binary Board System -CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) +CVE-2005-4332 NOT-FOR-US: Secure Smart Manager -CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...) +CVE-2005-4331 NOT-FOR-US: iHTML Merchant -CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...) +CVE-2005-4330 NOT-FOR-US: iHTML Merchant -CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...) +CVE-2005-4329 NOT-FOR-US: paFileDB -CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) +CVE-2005-4328 NOT-FOR-US: WebGlimpse -CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...) +CVE-2005-4327 NOT-FOR-US: Michael Arndt WebCal -CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...) +CVE-2005-4326 NOT-FOR-US: APC hardware issue -CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...) +CVE-2005-4325 NOT-FOR-US: Driverse -CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...) +CVE-2005-4324 NOT-FOR-US: Hitachi Groupmax Mail SMTP -CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...) +CVE-2005-4323 NOT-FOR-US: Hitachi Cosminexus Collaboration Portal -CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) +CVE-2005-4322 NOT-FOR-US: Hitachi Cosminexus Collaboration Portal -CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...) +CVE-2005-4321 NOT-FOR-US: Apani Networks EpiForce -CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...) +CVE-2005-4320 NOT-FOR-US: Limbo CMS -CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...) +CVE-2005-4319 NOT-FOR-US: Limbo CMS -CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...) +CVE-2005-4318 NOT-FOR-US: Limbo CMS -CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...) +CVE-2005-4317 NOT-FOR-US: Limbo CMS -CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...) +CVE-2005-4316 NOT-FOR-US: HP-UX -CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...) +CVE-2005-4315 NOT-FOR-US: Plexum PLEXCART -CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...) +CVE-2005-4314 NOT-FOR-US: PPCal Shopping Cart -CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) +CVE-2005-4313 NOT-FOR-US: AlmondSoft Almond Personals -CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) +CVE-2005-4312 NOT-FOR-US: AlmondSoft Almond Personals -CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...) +CVE-2005-4311 NOT-FOR-US: DCForum -CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...) +CVE-2005-4310 NOT-FOR-US: SSH Tectia Server -CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...) +CVE-2005-4309 NOT-FOR-US: ezUpload Pro -CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...) +CVE-2005-4308 NOT-FOR-US: ezUpload Pro -CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...) +CVE-2005-4307 NOT-FOR-US: ScareCrow -CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...) +CVE-2005-4306 NOT-FOR-US: SiteNet BBS -CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...) +CVE-2005-4305 - trac 0.9.3-1 (bug #344006) [sarge] - trac <unfixed> (medium) NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is @@ -1354,244 +1354,244 @@ CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0. NOTE: of input being escape()'d are no longer done so, and instead a NOTE: Markup() function replaces them, and special checks are done NOTE: on rendered HTML output to prevent XSS code from being displayed. -CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...) +CVE-2005-4304 NOT-FOR-US: ezDatabase -CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...) +CVE-2005-4303 NOT-FOR-US: ezDatabase -CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...) +CVE-2005-4302 NOT-FOR-US: ezDatabase -CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...) +CVE-2005-4301 NOT-FOR-US: pgpXplorer -CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...) +CVE-2005-4300 NOT-FOR-US: libremail -CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...) +CVE-2005-4299 NOT-FOR-US: Atlant Pro -CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...) +CVE-2005-4298 NOT-FOR-US: AtlantForum -CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...) +CVE-2005-4297 NOT-FOR-US: bbBoard -CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...) +CVE-2005-4296 NOT-FOR-US: AppServ Open Project -CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) +CVE-2005-4295 NOT-FOR-US: Absolute Image Gallery XE -CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...) +CVE-2005-4294 NOT-FOR-US: Alkacon OpenCms -CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...) +CVE-2005-4293 NOT-FOR-US: ClickCartPro -CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...) +CVE-2005-4292 NOT-FOR-US: CommerceSQL -CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...) +CVE-2005-4291 NOT-FOR-US: ECTOOLS Onlineshop -CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...) +CVE-2005-4290 NOT-FOR-US: ECW-Cart -CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...) +CVE-2005-4289 NOT-FOR-US: eDatCat -CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...) +CVE-2005-4288 NOT-FOR-US: MarmaraWeb E-commerce -CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...) +CVE-2005-4287 NOT-FOR-US: MarmaraWeb E-commerce -CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...) +CVE-2005-4286 NOT-FOR-US: PhpLogCon -CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...) +CVE-2005-4285 NOT-FOR-US: Dick Copits PDEstore -CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...) +CVE-2005-4284 NOT-FOR-US: StaticStore Search Engine -CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...) +CVE-2005-4283 NOT-FOR-US: The CITY Shop -CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...) +CVE-2005-4282 NOT-FOR-US: Zaygo DomainCart -CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...) +CVE-2005-4281 NOT-FOR-US: Zaygo HostingCart -CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...) +CVE-2005-4280 - cmake <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...) +CVE-2005-4279 - qt-x11-free <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...) +CVE-2005-4278 - perl <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...) +CVE-2005-4277 NOT-FOR-US: toendaCMS -CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...) +CVE-2005-4276 NOT-FOR-US: Westell Versalink -CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...) +CVE-2005-4275 NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem -CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...) +CVE-2005-4274 NOT-FOR-US: Business Objects WebIntelligence -CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...) +CVE-2005-4273 NOT-FOR-US: AIX -CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...) +CVE-2005-4272 NOT-FOR-US: AIX -CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...) +CVE-2005-4271 NOT-FOR-US: AIX -CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...) +CVE-2005-4270 NOT-FOR-US: Watchfire AppScan -CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...) +CVE-2005-4269 NOT-FOR-US: Microsoft Windows -CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...) +CVE-2005-4268 - cpio 2.6-10 (bug #344134; medium) [sarge] - cpio <unfixed> (medium) [woody] - cpio <unfixed> (medium) -CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote ...) +CVE-2005-4267 NOT-FOR-US: Qualcomm WorldMail CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password] NOTE: not reproducible - rageircd <not-affected> (bug #343543; medium) -CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...) +CVE-2005-4266 NOT-FOR-US: Alt-N MDaemon and WorldClient CVE-2005-4265 REJECTED -CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...) +CVE-2005-4264 NOT-FOR-US: PHP Support Tickets -CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...) +CVE-2005-4263 NOT-FOR-US: Envolution -CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in ...) +CVE-2005-4262 NOT-FOR-US: Envolution -CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ ...) +CVE-2005-4261 NOT-FOR-US: CP+ -CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and ...) +CVE-2005-4260 NOT-FOR-US: PHP-Nuke -CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...) +CVE-2005-4259 NOT-FOR-US: ASPBB -CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...) +CVE-2005-4258 NOT-FOR-US: Cisco -CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...) +CVE-2005-4257 NOT-FOR-US: Linksys hardware -CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...) +CVE-2005-4256 NOT-FOR-US: ASP-DEV XM Forum -CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki ...) +CVE-2005-4255 NOT-FOR-US: WikkaWiki -CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels ...) +CVE-2005-4254 NOT-FOR-US: DreamLevels DreamPoll -CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential ...) +CVE-2005-4253 NOT-FOR-US: Torrential -CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and ...) +CVE-2005-4252 NOT-FOR-US: mcGallery PRO -CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and ...) +CVE-2005-4251 NOT-FOR-US: mcGallery PRO -CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier ...) +CVE-2005-4250 NOT-FOR-US: mcGallery PRO -CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...) +CVE-2005-4249 NOT-FOR-US: ADP Forum -CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...) +CVE-2005-4248 NOT-FOR-US: QuickPayPro -CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...) +CVE-2005-4247 NOT-FOR-US: Plogger -CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...) +CVE-2005-4246 NOT-FOR-US: Plogger -CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...) +CVE-2005-4245 NOT-FOR-US: Snipe Gallery -CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...) +CVE-2005-4244 NOT-FOR-US: Snipe Gallery -CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...) +CVE-2005-4243 NOT-FOR-US: QuickPayPro -CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...) +CVE-2005-4241 NOT-FOR-US: VCD-db -CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...) +CVE-2005-4240 NOT-FOR-US: VCD-db -CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...) +CVE-2005-4239 NOT-FOR-US: PHP JackKnife -CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...) +CVE-2005-4238 {DSA-944-1} - mantis 0.19.4-1 (bug #345288) -CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...) +CVE-2005-4237 NOT-FOR-US: MySQL Auction -CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...) +CVE-2005-4236 NOT-FOR-US: CKGOLD -CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...) +CVE-2005-4235 NOT-FOR-US: WHMCompleteSolution -CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...) +CVE-2005-4234 NOT-FOR-US: EncapsGallery -CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...) +CVE-2005-4233 NOT-FOR-US: Ad Manager Pro -CVE-2005-4232 (** DISPUTED ** ...) +CVE-2005-4232 NOT-FOR-US: Jamit Job Board -CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...) +CVE-2005-4231 NOT-FOR-US: Link Up Gold -CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...) +CVE-2005-4230 NOT-FOR-US: Link Up Gold -CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...) +CVE-2005-4229 NOT-FOR-US: EveryAuction -CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...) +CVE-2005-4228 NOT-FOR-US: PhpWebGallery -CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...) +CVE-2005-4227 NOT-FOR-US: DCP-Portal -CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...) +CVE-2005-4226 NOT-FOR-US: pgpWebThings -CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...) +CVE-2005-4225 NOT-FOR-US: myBloggie -CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might ...) +CVE-2005-4224 NOT-FOR-US: e107 -CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...) +CVE-2005-4223 NOT-FOR-US: Utopia News Pro -CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...) +CVE-2005-4222 NOT-FOR-US: Lars Ellingsen Guestserver -CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...) +CVE-2005-4221 NOT-FOR-US: Arab Portal System -CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...) +CVE-2005-4220 NOT-FOR-US: Netgear hardware issue -CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...) +CVE-2005-4219 NOT-FOR-US: Innovative CMS -CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...) +CVE-2005-4218 NOT-FOR-US: PHPWebThings -CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...) +CVE-2005-4217 - perl <not-affected> (MacOS specific vulnerability) -CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...) +CVE-2005-4216 NOT-FOR-US: Macromedia Flash Media Server -CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...) +CVE-2005-4215 NOT-FOR-US: Motorola hardware -CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...) +CVE-2005-4214 NOT-FOR-US: phpCOIN -CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...) +CVE-2005-4213 NOT-FOR-US: phpCOIN -CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...) +CVE-2005-4212 NOT-FOR-US: phpCOIN -CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...) +CVE-2005-4211 NOT-FOR-US: phpCOIN -CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...) +CVE-2005-4210 NOT-FOR-US: Opera -CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...) +CVE-2005-4209 NOT-FOR-US: Alt-N MDaemon -CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...) +CVE-2005-4208 NOT-FOR-US: Flatnuke -CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...) +CVE-2005-4207 NOT-FOR-US: BTGrup Admin WebController Script -CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...) +CVE-2005-4206 NOT-FOR-US: Blackboard Learning and Community Port Systems -CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...) +CVE-2005-4205 NOT-FOR-US: LocazoList -CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...) +CVE-2005-4204 NOT-FOR-US: LogiSphere -CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...) +CVE-2005-4203 NOT-FOR-US: LogiSphere -CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...) +CVE-2005-4202 NOT-FOR-US: LogiSphere -CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...) +CVE-2005-4201 NOT-FOR-US: My Album Online -CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) +CVE-2005-4200 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) +CVE-2005-4199 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...) +CVE-2005-4198 NOT-FOR-US: Netref -CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...) +CVE-2005-4197 NOT-FOR-US: Nortel SSL VPN -CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...) +CVE-2005-4196 NOT-FOR-US: Scout Portal Toolkit -CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...) +CVE-2005-4195 NOT-FOR-US: Scout Portal Toolkit -CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...) +CVE-2005-4194 NOT-FOR-US: Sights 'n Sounds Streaming Media Server -CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...) +CVE-2005-4193 NOT-FOR-US: UseBB -CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...) +CVE-2005-4242 - turba2 2.0.5-1 (bug #342946; medium) -CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-4192 - mnemo2 2.0.3-1 (bug #342944; medium) -CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-4191 - nag2 2.0.4-1 (bug #342945; medium) -CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) +CVE-2005-4190 {DSA-1033-1} - horde3 3.0.9-1 (bug #342942; bug #354512; medium) -CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) +CVE-2005-4189 {DSA-970-1} - kronolith2 2.0.6-1 (bug #342943; medium) - kronolith <removed> (bug #349261; medium) @@ -1615,112 +1615,112 @@ CVE-2005-4180 RESERVED CVE-2005-4179 RESERVED -CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...) +CVE-2005-4177 NOT-FOR-US: Magic Book Personal and Professional -CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...) +CVE-2005-4176 NOT-FOR-US: AWARD BIOS -CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...) +CVE-2005-4175 NOT-FOR-US: Insyde BIOS -CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...) +CVE-2005-4174 NOT-FOR-US: eFiction -CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) +CVE-2005-4173 NOT-FOR-US: eFiction -CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) +CVE-2005-4172 NOT-FOR-US: eFiction -CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, ...) +CVE-2005-4171 NOT-FOR-US: eFiction -CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...) +CVE-2005-4170 NOT-FOR-US: eFiction -CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...) +CVE-2005-4169 NOT-FOR-US: eFiction -CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...) +CVE-2005-4168 NOT-FOR-US: eFiction -CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...) +CVE-2005-4167 NOT-FOR-US: eFiction -CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...) +CVE-2005-4166 NOT-FOR-US: DUportal -CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...) +CVE-2005-4165 NOT-FOR-US: ASP-DEV ASP Resources Forum -CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...) +CVE-2005-4178 {DSA-923-1} - dropbear 0.47-1 (high) -CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...) +CVE-2005-4164 NOT-FOR-US: PHP-addressbook -CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...) +CVE-2005-4163 NOT-FOR-US: Captcha -CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...) +CVE-2005-4162 NOT-FOR-US: ACME PerlCal -CVE-2005-4161 (** DISPUTED ** ...) +CVE-2005-4161 NOT-FOR-US: MilliScripts -CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...) +CVE-2005-4160 NOT-FOR-US: Torrential -CVE-2005-4159 (** DISPUTED ** ...) +CVE-2005-4159 NOT-FOR-US: Simple Machines Forum -CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...) +CVE-2005-4158 {DSA-946-2} - sudo 1.6.8p12-1 (bug #342948; medium) -CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...) +CVE-2005-4157 NOT-FOR-US: Kerio Firewall -CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...) +CVE-2005-4156 NOT-FOR-US: Mambo -CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...) +CVE-2005-4155 NOT-FOR-US: ATutor -CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...) +CVE-2005-4154 - php5 5.1.1-1 NOTE: PHP 5 in Debian is vulnerable according to the changelog. -CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...) +CVE-2005-4153 {DSA-955-1} - mailman 2.1.5-10 -CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...) +CVE-2005-4152 NOT-FOR-US: Soti Pocket Controller-Professional -CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...) +CVE-2005-4151 NOT-FOR-US: PGP Desktop Home -CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...) +CVE-2005-4150 NOT-FOR-US: CA Clever Path -CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...) +CVE-2005-4149 NOT-FOR-US: Lyris ListManager -CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...) +CVE-2005-4148 NOT-FOR-US: Lyris ListManager -CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...) +CVE-2005-4147 NOT-FOR-US: Lyris ListManager -CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...) +CVE-2005-4146 NOT-FOR-US: Lyris ListManager -CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...) +CVE-2005-4145 NOT-FOR-US: Lyris ListManager -CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...) +CVE-2005-4144 NOT-FOR-US: Lyris ListManager -CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...) +CVE-2005-4143 NOT-FOR-US: Lyris ListManager -CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...) +CVE-2005-4142 NOT-FOR-US: Lyris ListManager -CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...) +CVE-2005-4141 NOT-FOR-US: ASPMForum -CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...) +CVE-2005-4140 NOT-FOR-US: Website Baker -CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 ...) +CVE-2005-4139 NOT-FOR-US: ThWboard -CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...) +CVE-2005-4138 NOT-FOR-US: ThWboard -CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...) +CVE-2005-4137 NOT-FOR-US: DRZES HMS -CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...) +CVE-2005-4136 NOT-FOR-US: DRZES HMS -CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...) +CVE-2005-4135 NOT-FOR-US: SimpleBBS -CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...) +CVE-2005-4134 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (unimportant) - mozilla 2:1.7.13-0.1 (unimportant) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant) NOTE: Not exploitable beyond a sluggish browser startup, see NOTE: http://web.archive.org/web/20141206010602/https://www.mozilla.org/security/history-title.html -CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...) +CVE-2005-4133 NOT-FOR-US: Solaris -CVE-2005-4132 (Unspecified "security leak" vulnerability in Contenido before 4.6.4, ...) +CVE-2005-4132 NOT-FOR-US: Contenido -CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) +CVE-2005-4131 NOT-FOR-US: Excel -CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...) +CVE-2005-4130 NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared CVE-2005-4129 REJECTED @@ -1728,7 +1728,7 @@ CVE-2005-4128 REJECTED CVE-2005-4127 REJECTED -CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...) +CVE-2005-4126 NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared CVE-2005-4125 REJECTED @@ -1790,102 +1790,102 @@ CVE-2005-4097 REJECTED CVE-2005-4096 REJECTED -CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...) +CVE-2005-4095 NOT-FOR-US: DoceboLMS -CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...) +CVE-2005-4094 NOT-FOR-US: DoceboLMS -CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...) +CVE-2005-4093 NOT-FOR-US: Check Point -CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...) +CVE-2005-4092 NOT-FOR-US: Apple QuickTime -CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...) +CVE-2005-4091 NOT-FOR-US: 1-Script 1-Search -CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...) +CVE-2005-4090 NOT-FOR-US: HP-UX -CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...) +CVE-2005-4089 NOT-FOR-US: Microsoft Internet Explorer -CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...) +CVE-2005-4088 NOT-FOR-US: phpForumPro -CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...) +CVE-2005-4087 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...) +CVE-2005-4086 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...) +CVE-2005-4085 NOT-FOR-US: BlueCoat WinProxy -CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...) +CVE-2005-4084 NOT-FOR-US: phpBB eXtreme Styles module -CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...) +CVE-2005-4083 NOT-FOR-US: phpBB eXtreme Styles module -CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...) +CVE-2005-4082 NOT-FOR-US: QNX -CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...) +CVE-2005-4081 NOT-FOR-US: Alisveristr E-commerce -CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...) +CVE-2005-4080 - imp4 4.0.4-1 (bug #342654; unimportant) NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though -CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...) +CVE-2005-4079 - phpmyadmin <not-affected> (Affects only 2.7.0) -CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...) +CVE-2005-4078 NOT-FOR-US: Ideal BB.NET -CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) +CVE-2005-4076 NOT-FOR-US: Appfluent Technology Database IDS 2.0 -CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...) +CVE-2005-4075 NOT-FOR-US: CF_Nuke -CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...) +CVE-2005-4074 NOT-FOR-US: CF_Nuke -CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...) +CVE-2005-4073 NOT-FOR-US: Magic List Pro -CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum ...) +CVE-2005-4072 NOT-FOR-US: Magic Personal Forum -CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...) +CVE-2005-4071 NOT-FOR-US: Magic Personal Forum CVE-2005-4070 REJECTED -CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...) +CVE-2005-4069 NOT-FOR-US: Sony root kit -CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...) +CVE-2005-4068 NOT-FOR-US: AIX CVE-2005-4067 REJECTED -CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...) +CVE-2005-4066 NOT-FOR-US: Total Commander -CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...) +CVE-2005-4065 {DSA-951-2} - trac 0.9.2-1 (bug #342232; medium) [sarge] - trac 0.8.1-3sarge4 -CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...) +CVE-2005-4064 NOT-FOR-US: A-FAQ -CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...) +CVE-2005-4063 NOT-FOR-US: NetAuctionHelp -CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...) +CVE-2005-4062 NOT-FOR-US: XcClassified -CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...) +CVE-2005-4061 NOT-FOR-US: XcPhotoAlbum -CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction ...) +CVE-2005-4060 NOT-FOR-US: rwAuction -CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...) +CVE-2005-4059 NOT-FOR-US: LocazoList -CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote ...) +CVE-2005-4058 NOT-FOR-US: saralblog -CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...) +CVE-2005-4057 NOT-FOR-US: PluggedOut Nexus -CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 ...) +CVE-2005-4056 NOT-FOR-US: PluggedOut Nexus -CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and ...) +CVE-2005-4055 NOT-FOR-US: Cars Portal -CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...) +CVE-2005-4054 NOT-FOR-US: PluggedOut Bot -CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...) +CVE-2005-4053 NOT-FOR-US: coWiki -CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web ...) +CVE-2005-4052 NOT-FOR-US: e107 -CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...) +CVE-2005-4051 NOT-FOR-US: e107 -CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...) +CVE-2005-4050 NOT-FOR-US: MultiVOIP hardware -CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...) +CVE-2005-4049 NOT-FOR-US: Blog System -CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...) +CVE-2005-4048 {DSA-1005-1 DSA-1004-1 DSA-992-1} - ffmpeg 0.cvs20050918-5.1 (bug #342207; medium) - xmovie <removed> @@ -1895,402 +1895,402 @@ CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer func - vlc 0.8.4.debian-2 (medium) NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function -CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...) +CVE-2005-4047 NOT-FOR-US: IISWorks ASPKnowledgeBase -CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...) +CVE-2005-4046 NOT-FOR-US: Sun Java System Application Server -CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 ...) +CVE-2005-4045 NOT-FOR-US: Sun Java System Messaging Server -CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...) +CVE-2005-4044 NOT-FOR-US: Amazon Search Directory -CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...) +CVE-2005-4043 NOT-FOR-US: Hobosworld HobSR -CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...) +CVE-2005-4042 NOT-FOR-US: Warm Links -CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...) +CVE-2005-4041 NOT-FOR-US: MR CGI Guy Hot Links SQL -CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...) +CVE-2005-4040 NOT-FOR-US: FileLister -CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...) +CVE-2005-4039 NOT-FOR-US: Web4Future Portal Solutions News Portal -CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...) +CVE-2005-4038 NOT-FOR-US: Web4Future Portal Solutions News Portal -CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...) +CVE-2005-4037 NOT-FOR-US: Web4Future Affiliate Manager -CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...) +CVE-2005-4036 NOT-FOR-US: Web4Future Keyboard Frequency Counter -CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce ...) +CVE-2005-4035 NOT-FOR-US: Web4Future eCommerce Enterprise Edition -CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating ...) +CVE-2005-4034 NOT-FOR-US: Web4Future eDating Professional -CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...) +CVE-2005-4033 NOT-FOR-US: Nodezilla -CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...) +CVE-2005-4032 NOT-FOR-US: Easy Search System -CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...) +CVE-2005-4031 - mediawiki <not-affected> (Only affects the 1.5 branch) -CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...) +CVE-2005-4030 NOT-FOR-US: Quicksilver Forums -CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...) +CVE-2005-4029 NOT-FOR-US: WebEOC -CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...) +CVE-2005-4028 NOT-FOR-US: aMember -CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...) +CVE-2005-4027 NOT-FOR-US: SimpleBBS -CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before ...) +CVE-2005-4026 NOT-FOR-US: Geeklog -CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...) +CVE-2005-4025 NOT-FOR-US: Help Desk Reloaded Free Help Desk -CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...) +CVE-2005-4024 NOT-FOR-US: Interspire FastFind -CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...) +CVE-2005-4023 - gallery2 2.0.2-1 (medium) -CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" ...) +CVE-2005-4022 - gallery2 2.0.2-1 (medium) -CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...) +CVE-2005-4021 - gallery2 2.0.2-1 (low) -CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...) +CVE-2005-4020 NOT-FOR-US: Widget Imprint -CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...) +CVE-2005-4019 NOT-FOR-US: Relative Real Estate Systems -CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...) +CVE-2005-4018 NOT-FOR-US: Landshop Real Estate Commerce System -CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...) +CVE-2005-4017 NOT-FOR-US: Widget Property -CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...) +CVE-2005-4016 NOT-FOR-US: Widget Property -CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...) +CVE-2005-4015 NOT-FOR-US: PHP Web Statistik -CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...) +CVE-2005-4014 NOT-FOR-US: PHP Web Statistik -CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...) +CVE-2005-4013 NOT-FOR-US: PHP Web Statistik -CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...) +CVE-2005-4012 NOT-FOR-US: PHP Web Statistik -CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...) +CVE-2005-4011 NOT-FOR-US: Codewalkers ltwCalendar -CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...) +CVE-2005-4010 NOT-FOR-US: Kbase Express -CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...) +CVE-2005-4009 NOT-FOR-US: PHP Lite Calender Express -CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...) +CVE-2005-4008 NOT-FOR-US: Jax Calendar -CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...) +CVE-2005-4077 {DSA-919-2} - curl 7.15.1-1 (bug #342339; bug #342696; medium) -CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...) +CVE-2005-4007 NOT-FOR-US: SAPID CMS -CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...) +CVE-2005-4006 NOT-FOR-US: SAPID CMS -CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) +CVE-2005-4005 NOT-FOR-US: PHP-Fusion -CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...) +CVE-2005-4004 NOT-FOR-US: MyTemplateSite -CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...) +CVE-2005-4003 NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart -CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...) +CVE-2005-4002 NOT-FOR-US: WebEOC -CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...) +CVE-2005-4001 NOT-FOR-US: phpYellowTM Pro Edition -CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...) +CVE-2005-4000 NOT-FOR-US: SiteBeater News System -CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...) +CVE-2005-3999 NOT-FOR-US: SiteBeater MP3 Catalog -CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...) +CVE-2005-3998 NOT-FOR-US: Solupress News -CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...) +CVE-2005-3997 NOT-FOR-US: Zen Cart -CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...) +CVE-2005-3996 NOT-FOR-US: Zen Cart -CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...) +CVE-2005-3995 NOT-FOR-US: Sobexsrv NOTE: Checked obexserver source package, not vulnerable CVE-2005-3994 REJECTED -CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...) +CVE-2005-3993 NOT-FOR-US: MailEnable -CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...) +CVE-2005-3992 NOT-FOR-US: WinEggDropShell -CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...) +CVE-2005-3991 NOT-FOR-US: phpMyChat CVE-2005-3990 REJECTED -CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...) +CVE-2005-3989 NOT-FOR-US: Avaya hardware -CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...) +CVE-2005-3988 NOT-FOR-US: Pineapple Technologies Lore -CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...) +CVE-2005-3987 NOT-FOR-US: Tradesoft CMS -CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...) +CVE-2005-3986 NOT-FOR-US: Instant Photo Gallery -CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...) +CVE-2005-3985 NOT-FOR-US: Astaro Security Linux -CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...) +CVE-2005-3984 {DSA-1002-1} - webcalendar 1.0.2-1 (bug #342090) -CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...) +CVE-2005-3983 NOT-FOR-US: HP Systems Insight Manager -CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...) +CVE-2005-3982 {DSA-1002-1} - webcalendar 1.0.2-1 (bug #342090) -CVE-2005-3981 (** DISPUTED ** ...) +CVE-2005-3981 NOT-FOR-US: Windows -CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...) +CVE-2005-3980 - trac 0.9.1-1 (bug #341697; medium) [sarge] - trac <not-affected> -CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...) +CVE-2005-3979 NOT-FOR-US: Coppermine Photo Gallery -CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...) +CVE-2005-3978 NOT-FOR-US: NetClassifieds Premium Edition -CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...) +CVE-2005-3977 NOT-FOR-US: QualityEBiz Quality PPC -CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...) +CVE-2005-3976 NOT-FOR-US: Multipke DuWare products -CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...) +CVE-2005-3975 {DSA-958-1} - drupal 4.5.6-1 (bug #348811; medium) -CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...) +CVE-2005-3974 {DSA-958-1} - drupal 4.5.6-1 (low) -CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...) +CVE-2005-3973 {DSA-958-1} - drupal 4.5.6-1 (bug #348811; medium) -CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...) +CVE-2005-3972 NOT-FOR-US: Extreme Search Corporate Edition -CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...) +CVE-2005-3971 NOT-FOR-US: Citrix -CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...) +CVE-2005-3970 NOT-FOR-US: MXChange -CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...) +CVE-2005-3969 NOT-FOR-US: MXChange -CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...) +CVE-2005-3968 NOT-FOR-US: PHPX -CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...) +CVE-2005-3967 NOT-FOR-US: Atlassian Confluence -CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...) +CVE-2005-3966 NOT-FOR-US: Java Search Engine CVE-2005-3965 REJECTED -CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...) +CVE-2005-3964 - openmotif 2.2.3-1.4 (bug #342092; medium) [sarge] - openmotif <no-dsa> (Non-free) -CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...) +CVE-2005-3963 NOT-FOR-US: DotClear -CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...) +CVE-2005-3962 {DSA-943-1} - perl 5.8.7-9 (bug #341542; medium) -CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...) +CVE-2005-3961 {DSA-1002-1} - webcalendar 1.0.2-1 (bug #341208; medium) -CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...) +CVE-2005-3960 NOT-FOR-US: Kadu -CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...) +CVE-2005-3959 NOT-FOR-US: FreeWebStat -CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...) +CVE-2005-3958 NOT-FOR-US: Entergal MX -CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...) +CVE-2005-3957 NOT-FOR-US: DotClear -CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...) +CVE-2005-3956 NOT-FOR-US: DMANews -CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...) +CVE-2005-3955 NOT-FOR-US: MagpieRSS -CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...) +CVE-2005-3954 NOT-FOR-US: blogBuddies -CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...) +CVE-2005-3953 NOT-FOR-US: Bedeng PSP -CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...) +CVE-2005-3952 NOT-FOR-US: PHP Labs Top Auction -CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...) +CVE-2005-3951 NOT-FOR-US: PHP Labs Survey Wizard -CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...) +CVE-2005-3950 - nufw 1.0.16-1 (bug #341544; medium) -CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...) +CVE-2005-3949 {DSA-1002-1} - webcalendar 1.0.2-1 (bug #341208; medium) -CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...) +CVE-2005-3948 NOT-FOR-US: PHPAlbum -CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...) +CVE-2005-3947 NOT-FOR-US: PHP Upload Center -CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...) +CVE-2005-3946 NOT-FOR-US: Opera -CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...) +CVE-2005-3945 NOT-FOR-US: Microsoft -CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...) +CVE-2005-3944 NOT-FOR-US: ilyav Survey System -CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...) +CVE-2005-3943 NOT-FOR-US: ilyav Survey System -CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...) +CVE-2005-3942 NOT-FOR-US: Orca Knowledgebase -CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...) +CVE-2005-3941 NOT-FOR-US: Orca Blog -CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...) +CVE-2005-3940 NOT-FOR-US: Orca Ringmaker -CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...) +CVE-2005-3939 NOT-FOR-US: WSN Knowledge Base -CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...) +CVE-2005-3938 NOT-FOR-US: Softbiz FAQ -CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...) +CVE-2005-3937 NOT-FOR-US: Softbiz B2B -CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...) +CVE-2005-3936 NOT-FOR-US: SocketKB -CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...) +CVE-2005-3935 NOT-FOR-US: SocketKB -CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...) +CVE-2005-3934 NOT-FOR-US: pcAnywhere -CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...) +CVE-2005-3933 NOT-FOR-US: 88Script's Event Calendar -CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...) +CVE-2005-3932 NOT-FOR-US: O-Kiraku Nikki -CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...) +CVE-2005-3931 NOT-FOR-US: ASP-Rider -CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...) +CVE-2005-3930 NOT-FOR-US: N-13 News -CVE-2005-3929 (Directory traversal vulnerability in the create function in ...) +CVE-2005-3929 NOT-FOR-US: Xaraya NOTE: xarMLSXML2PHPBackend.php, 'nuff said -CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users ...) +CVE-2005-3928 NOT-FOR-US: QNX -CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...) +CVE-2005-3927 NOT-FOR-US: GuppY -CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...) +CVE-2005-3926 NOT-FOR-US: GuppY -CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...) +CVE-2005-3925 NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager -CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...) +CVE-2005-3924 NOT-FOR-US: Randshop -CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...) +CVE-2005-3923 NOT-FOR-US: NetObjects Fusion -CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...) +CVE-2005-3922 NOT-FOR-US: Panda Antivirus -CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...) +CVE-2005-3921 NOT-FOR-US: IOS -CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...) +CVE-2005-3920 NOT-FOR-US: Babe Logger -CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...) +CVE-2005-3919 NOT-FOR-US: PBLang -CVE-2005-3918 (** DISPUTED ** ...) +CVE-2005-3918 NOT-FOR-US: OvBB -CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...) +CVE-2005-3917 NOT-FOR-US: CommidityRentals -CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...) +CVE-2005-3916 NOT-FOR-US: WSN Forum -CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...) +CVE-2005-3915 NOT-FOR-US: Clavister Web Client -CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...) +CVE-2005-3914 NOT-FOR-US: AFFcommerce -CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...) +CVE-2005-3913 NOT-FOR-US: Virtual Hosting Control System -CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...) +CVE-2005-3912 {DSA-1199-1} - webmin <not-affected> (Fixed through corrected Perl) NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated -CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...) +CVE-2005-3911 NOT-FOR-US: BosDates -CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...) +CVE-2005-3910 NOT-FOR-US: Post Affiliate Pro -CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...) +CVE-2005-3909 NOT-FOR-US: Post Affiliate Pro -CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...) +CVE-2005-3908 NOT-FOR-US: GhostScripter Amazon Shop -CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...) +CVE-2005-3907 NOT-FOR-US: Sun Java -CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK ...) +CVE-2005-3906 NOT-FOR-US: Sun Java -CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE ...) +CVE-2005-3905 NOT-FOR-US: Sun Java -CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...) +CVE-2005-3904 NOT-FOR-US: Sun Java -CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...) +CVE-2005-3903 NOT-FOR-US: SCO Unixware -CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...) +CVE-2005-3902 NOT-FOR-US: Virtual Hosting Control System -CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...) +CVE-2005-3901 NOT-FOR-US: Flash MX -CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...) +CVE-2005-3900 NOT-FOR-US: Macromedia Breeze -CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...) +CVE-2005-3899 NOT-FOR-US: Google Talk CVE-2005-3898 REJECTED -CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...) +CVE-2005-3897 NOT-FOR-US: Safari NOTE: Not reproducible with konqueror 4:3.4.2-4. -CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...) +CVE-2005-3896 NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1 - firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant) - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant) - mozilla <removed> (bug #340282; unimportant) -CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...) +CVE-2005-3895 {DSA-973-1} - otrs 2.0.4p01-1 (bug #340352; medium) -CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in ...) +CVE-2005-3894 {DSA-973-1} - otrs 2.0.4p01-1 (bug #340352; medium) -CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket ...) +CVE-2005-3893 {DSA-973-1} - otrs 2.0.4p01-1 (bug #340352; medium) -CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a ...) +CVE-2005-3892 NOT-FOR-US: Gadu-Gadu -CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...) +CVE-2005-3891 NOT-FOR-US: Gadu-Gadu -CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...) +CVE-2005-3890 NOT-FOR-US: Gadu-Gadu -CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...) +CVE-2005-3889 NOT-FOR-US: Gadu-Gadu -CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a ...) +CVE-2005-3888 NOT-FOR-US: Gadu-Gadu -CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...) +CVE-2005-3887 NOT-FOR-US: Gadu-Gadu -CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...) +CVE-2005-3886 NOT-FOR-US: Cisco -CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...) +CVE-2005-3885 {DSA-916-1} - inkscape 0.42-1 (bug #321501; low) -CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...) +CVE-2005-3884 NOT-FOR-US: Zaimu -CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...) +CVE-2005-3883 - php4 4:4.4.2-1 (bug #341726; medium) - php5 5.1.1-1 (bug #341368; medium) [sarge] - php4 <no-dsa> (application's job to sanitize input) -CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...) +CVE-2005-3882 NOT-FOR-US: FAQRing Knowledge Base -CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...) +CVE-2005-3881 NOT-FOR-US: AtlantisFAQ Knowledge Base -CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...) +CVE-2005-3880 NOT-FOR-US: Omnistar KBase -CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...) +CVE-2005-3879 NOT-FOR-US: Softbiz Resource Repository Script -CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...) +CVE-2005-3878 NOT-FOR-US: PHP Doc System -CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...) +CVE-2005-3877 NOT-FOR-US: Simple Document Management System -CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...) +CVE-2005-3876 NOT-FOR-US: AD Center ADC2000 NG Pro -CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...) +CVE-2005-3875 NOT-FOR-US: Enterprise Connector -CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...) +CVE-2005-3874 NOT-FOR-US: Netzbrett -CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...) +CVE-2005-3873 NOT-FOR-US: ShockBoard -CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...) +CVE-2005-3872 NOT-FOR-US: Ugroup -CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...) +CVE-2005-3871 NOT-FOR-US: JBB -CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...) +CVE-2005-3870 NOT-FOR-US: edmoBBS -CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...) +CVE-2005-3869 NOT-FOR-US: Google API -CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...) +CVE-2005-3868 NOT-FOR-US: K-Search -CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...) +CVE-2005-3867 NOT-FOR-US: RevenuePilot Search Engine -CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...) +CVE-2005-3866 NOT-FOR-US: SearchFeed Search Engine -CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...) +CVE-2005-3865 NOT-FOR-US: AllWeb search -CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...) +CVE-2005-3864 NOT-FOR-US: SourceWell -CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...) +CVE-2005-3863 {DSA-1088-1 DSA-1083-1 DTSA-23-1} - centericq 4.21.0-6 (bug #340959; medium) - orpheus 1.5-5 (bug #368402; medium) @@ -2298,514 +2298,514 @@ CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 NOTE: DTSA is for centericq only NOTE: This affects Sarge and Woody centericq NOTE: This affects Sarge and Woody motor -CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...) +CVE-2005-3862 {DSA-959-1} - unalz 0.55-1 (bug #340842; medium) -CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...) +CVE-2005-3861 NOT-FOR-US: phpGreetz -CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...) +CVE-2005-3860 NOT-FOR-US: Oliver May Athena PHP Website Administration -CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...) +CVE-2005-3859 NOT-FOR-US: Q-News -CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...) +CVE-2005-3858 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.12-6 -CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...) +CVE-2005-3856 - krusader 1.70.0-1 (bug #336169; low) [sarge] - krusader <not-affected> NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE -CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...) +CVE-2005-3855 NOT-FOR-US: 1-2-3 music store -CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...) +CVE-2005-3854 NOT-FOR-US: EasyPageCMS -CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...) +CVE-2005-3853 NOT-FOR-US: sNews -CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...) +CVE-2005-3852 NOT-FOR-US: Online Work Order Suite -CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...) +CVE-2005-3851 NOT-FOR-US: Online Attendance System -CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...) +CVE-2005-3850 NOT-FOR-US: Online Knowledge Base System -CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...) +CVE-2005-3846 NOT-FOR-US: Fantastic News -CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...) +CVE-2005-3845 NOT-FOR-US: EZ Invoice Inc -CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...) +CVE-2005-3844 NOT-FOR-US: phpWordpress, this is not the same as Wordpress -CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...) +CVE-2005-3843 NOT-FOR-US: Nicecode iDesk -CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...) +CVE-2005-3842 NOT-FOR-US: pdjk-support suite -CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...) +CVE-2005-3841 NOT-FOR-US: kPlaylist -CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...) +CVE-2005-3840 NOT-FOR-US: Omnistar Live -CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...) +CVE-2005-3839 NOT-FOR-US: SupportPRO Supportdesk -CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...) +CVE-2005-3838 NOT-FOR-US: IsolSoft Support Center -CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...) +CVE-2005-3837 NOT-FOR-US: sCssBoard -CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...) +CVE-2005-3836 NOT-FOR-US: DeskLance -CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...) +CVE-2005-3835 NOT-FOR-US: DeskLance -CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...) +CVE-2005-3834 NOT-FOR-US: Tunez -CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...) +CVE-2005-3833 NOT-FOR-US: Tunez -CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...) +CVE-2005-3832 NOT-FOR-US: SpeedProject products -CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...) +CVE-2005-3831 NOT-FOR-US: SpeedProject products -CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...) +CVE-2005-3830 NOT-FOR-US: ActiveCampaign SupportTrio -CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...) +CVE-2005-3829 NOT-FOR-US: ActiveCampaign SupportTrio -CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...) +CVE-2005-3828 NOT-FOR-US: ActiveCampaign SupportTrio -CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...) +CVE-2005-3827 NOT-FOR-US: AgileBill -CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...) +CVE-2005-3826 NOT-FOR-US: Ezyhelpdesk -CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...) +CVE-2005-3825 NOT-FOR-US: Comdev Vote Caster -CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...) +CVE-2005-3824 NOT-FOR-US: vTiger CRM -CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...) +CVE-2005-3823 NOT-FOR-US: vTiger CRM -CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...) +CVE-2005-3822 NOT-FOR-US: vTiger CRM -CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...) +CVE-2005-3821 NOT-FOR-US: vTiger CRM -CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...) +CVE-2005-3820 NOT-FOR-US: vTiger CRM -CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...) +CVE-2005-3819 NOT-FOR-US: vTiger CRM -CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...) +CVE-2005-3818 NOT-FOR-US: vTiger CRM -CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...) +CVE-2005-3817 NOT-FOR-US: Softbiz Web Host Directory -CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...) +CVE-2005-3816 NOT-FOR-US: freeForum -CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...) +CVE-2005-3815 NOT-FOR-US: Orca Forum -CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...) +CVE-2005-3814 NOT-FOR-US: SmartPPC Pro -CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...) +CVE-2005-3813 NOT-FOR-US: MailEnable -CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...) +CVE-2005-3812 NOT-FOR-US: freeFTPd -CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...) +CVE-2005-3811 NOT-FOR-US: AMAX Magic Winmail Server -CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...) +CVE-2005-3806 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-1 (medium) -CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...) +CVE-2005-3805 - linux-2.6 2.6.14-1 (medium) -CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...) +CVE-2005-3804 NOT-FOR-US: Cisco -CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...) +CVE-2005-3803 NOT-FOR-US: Cisco -CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...) +CVE-2005-3802 NOT-FOR-US: Belkin hardware -CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...) +CVE-2005-3801 NOT-FOR-US: PasswordSafe -CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...) +CVE-2005-3800 NOT-FOR-US: Macromedia Contribute Publishing Server -CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...) +CVE-2005-3799 - phpbb2 <unfixed> (unimportant) NOTE: Not a real security problem, error messages might disclose the installation NOTE: which is known for the Debian package anyway -CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...) +CVE-2005-3798 NOT-FOR-US: AlstraSoft Template Seller -CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...) +CVE-2005-3797 NOT-FOR-US: AlstraSoft Template Seller -CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...) +CVE-2005-3796 NOT-FOR-US: AlstraSoft Affiliate Network -CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) +CVE-2005-3795 NOT-FOR-US: AlstraSoft Affiliate Network -CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...) +CVE-2005-3794 NOT-FOR-US: AlstraSoft Affiliate Network -CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) +CVE-2005-3793 NOT-FOR-US: AlstraSoft Affiliate Network -CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...) +CVE-2005-3792 NOT-FOR-US: PHP-Nuke -CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...) +CVE-2005-3791 NOT-FOR-US: phpAdsNew and phpPgAds -CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-3790 NOT-FOR-US: phpwcms -CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...) +CVE-2005-3789 NOT-FOR-US: phpwcms -CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...) +CVE-2005-3788 NOT-FOR-US: Cisco -CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2005-3787 {DSA-880-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #360726) -CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...) +CVE-2005-3786 NOT-FOR-US: Novell ZENworks -CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...) +CVE-2005-3785 NOT-FOR-US: Ebuild IndeX -CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...) +CVE-2005-3784 {DSA-1017-1} - linux-2.6 2.6.15-1 (medium) - kernel-source-2.4.27 <not-affected> -CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...) +CVE-2005-3783 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-3 (medium) -CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and ...) +CVE-2005-3782 NOT-FOR-US: Apple -CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...) +CVE-2005-3848 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.13-1 -CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...) +CVE-2005-3847 {DSA-1017-1} - linux-2.6 2.6.13-1 -CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...) +CVE-2005-3849 NOT-FOR-US: PmWiki -CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...) +CVE-2005-3781 NOT-FOR-US: Solaris -CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...) +CVE-2005-3780 NOT-FOR-US: IPUpdate -CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...) +CVE-2005-3779 NOT-FOR-US: HP-UX -CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...) +CVE-2005-3778 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...) +CVE-2005-3777 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) +CVE-2005-3776 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...) +CVE-2005-3775 NOT-FOR-US: PollVote -CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...) +CVE-2005-3774 NOT-FOR-US: Cisco -CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...) +CVE-2005-3773 NOT-FOR-US: Joomla! -CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...) +CVE-2005-3772 NOT-FOR-US: Joomla! -CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) +CVE-2005-3771 NOT-FOR-US: Joomla! -CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...) +CVE-2005-3770 NOT-FOR-US: PHP-Post -CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...) +CVE-2005-3769 NOT-FOR-US: PHP Download Manager -CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...) +CVE-2005-3768 NOT-FOR-US: Symantec appliances -CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...) +CVE-2005-3767 NOT-FOR-US: Exponent CMS -CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...) +CVE-2005-3766 NOT-FOR-US: Exponent CMS -CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...) +CVE-2005-3765 NOT-FOR-US: Exponent CMS -CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...) +CVE-2005-3764 NOT-FOR-US: Exponent CMS -CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...) +CVE-2005-3763 NOT-FOR-US: Exponent CMS -CVE-2005-3762 (SQL injection vulnerability in the navigation module ...) +CVE-2005-3762 NOT-FOR-US: Exponent CMS -CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...) +CVE-2005-3761 NOT-FOR-US: Exponent CMS -CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere ...) +CVE-2005-3760 NOT-FOR-US: WebSphere -CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...) +CVE-2005-3758 NOT-FOR-US: Google search appliance -CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...) +CVE-2005-3757 NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour NOTE: is well documented and can be switched off. Let's hope that all users NOTE: of saxon are aware of this. A warning has been added to the readme. NOTE: Current rdependencies: - ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg) -CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...) +CVE-2005-3756 NOT-FOR-US: Google search appliance -CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...) +CVE-2005-3755 NOT-FOR-US: Google search appliance -CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...) +CVE-2005-3754 NOT-FOR-US: Google search appliance -CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...) +CVE-2005-3750 NOT-FOR-US: Opera -CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command ...) +CVE-2005-3749 NOT-FOR-US: AIX -CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...) +CVE-2005-3748 NOT-FOR-US: Tru-Zone Nuke ET -CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...) +CVE-2005-3747 - jetty 5.1.8-1 (bug #340582; medium) -CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...) +CVE-2005-3746 NOT-FOR-US: APBoard -CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...) +CVE-2005-3745 - libstruts1.2-java 1.2.8-1 (bug #340583; medium) [sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java) -CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...) +CVE-2005-3744 NOT-FOR-US: phpComasy -CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...) +CVE-2005-3743 NOT-FOR-US: SimplePoll -CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...) +CVE-2005-3742 NOT-FOR-US: Advanced Poll -CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...) +CVE-2005-3741 NOT-FOR-US: Almond Classifieds -CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...) +CVE-2005-3740 NOT-FOR-US: PHP-Fusion -CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...) +CVE-2005-3739 NOT-FOR-US: PHP-Fusion -CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...) +CVE-2005-3738 NOT-FOR-US: Mambo -CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...) +CVE-2005-3737 {DSA-916-1 DTSA-24-1} - inkscape 0.43-1 (bug #330894; medium) -CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...) +CVE-2005-3736 NOT-FOR-US: e-Quick Cart -CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...) +CVE-2005-3735 NOT-FOR-US: e-Quick Cart -CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in ...) +CVE-2005-3734 NOT-FOR-US: phpMyFAQ -CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...) +CVE-2005-3733 NOT-FOR-US: Juniper products using IKE -CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...) +CVE-2005-3732 {DSA-965-1} - ipsec-tools 1:0.6.3-1 (bug #340584; low) -CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in ...) +CVE-2005-3808 - linux-2.6 2.6.14-4 (medium) [sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present) [sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present) -CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...) +CVE-2005-3809 - linux-2.6 2.6.14-4 (medium) [sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present) [sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present) -CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to ...) +CVE-2005-3810 - linux-2.6 2.6.14-4 (medium) [sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present) [sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present) -CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before ...) +CVE-2005-3759 {DSA-909-1} - horde3 3.0.7-1 (bug #340323; medium) -CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...) +CVE-2005-3731 - cyassl <not-affected> (Fixed before initial upload to archive) -CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-3730 NOT-FOR-US: Revize CMS -CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...) +CVE-2005-3729 NOT-FOR-US: Revize CMS -CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...) +CVE-2005-3728 NOT-FOR-US: Revize CMS -CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...) +CVE-2005-3727 NOT-FOR-US: Revize CMS -CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...) +CVE-2005-3726 NOT-FOR-US: ArticleLive NX -CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...) +CVE-2005-3725 NOT-FOR-US: Zyxel WIFI Phone -CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...) +CVE-2005-3724 NOT-FOR-US: Zyxel WIFI Phone -CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...) +CVE-2005-3723 NOT-FOR-US: Hitachi WIFI Phone -CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...) +CVE-2005-3722 NOT-FOR-US: Hitachi WIFI Phone -CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...) +CVE-2005-3721 NOT-FOR-US: Hitachi WIFI Phone -CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...) +CVE-2005-3720 NOT-FOR-US: Hitachi WIFI Phone -CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...) +CVE-2005-3719 NOT-FOR-US: Hitachi WIFI Phone -CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...) +CVE-2005-3718 NOT-FOR-US: UTStarcom WIFI Phone -CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...) +CVE-2005-3717 NOT-FOR-US: UTStarcom WIFI Phone -CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...) +CVE-2005-3716 NOT-FOR-US: UTStarcom WIFI Phone -CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...) +CVE-2005-3715 NOT-FOR-US: Senao Wireless VoIP Phone -CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...) +CVE-2005-3699 NOT-FOR-US: Opera -CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...) +CVE-2005-3698 NOT-FOR-US: PHP Easy Download -CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...) +CVE-2005-3697 NOT-FOR-US: Uresk Links Lite -CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...) +CVE-2005-3696 NOT-FOR-US: Arki-DB -CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...) +CVE-2005-3695 NOT-FOR-US: LiteSpeed Webserver -CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set ...) +CVE-2005-3694 {DSA-912-1} - centericq 4.21.0-4 (bug #334089; low) -CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...) +CVE-2005-3693 NOT-FOR-US: SunnComm MediaMax DRM -CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...) +CVE-2005-3692 NOT-FOR-US: AMAX Magic Winmail Server -CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...) +CVE-2005-3691 NOT-FOR-US: MailEnable Professional -CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...) +CVE-2005-3690 NOT-FOR-US: MailEnable Professional -CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...) +CVE-2005-3689 NOT-FOR-US: XMB -CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...) +CVE-2005-3688 NOT-FOR-US: XMB -CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...) +CVE-2005-3687 NOT-FOR-US: WHM AutoPilot -CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...) +CVE-2005-3686 NOT-FOR-US: Unclassified Newsboard -CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...) +CVE-2005-3685 NOT-FOR-US: VP-ASP Shopping Cart -CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...) +CVE-2005-3684 NOT-FOR-US: freeFTPd -CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...) +CVE-2005-3683 NOT-FOR-US: freeFTPd -CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...) +CVE-2005-3682 NOT-FOR-US: Wizz Forum -CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...) +CVE-2005-3681 NOT-FOR-US: Xoops -CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...) +CVE-2005-3680 NOT-FOR-US: Xoops -CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...) +CVE-2005-3679 NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email -CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...) +CVE-2005-3678 NOT-FOR-US: Google Talk -CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...) +CVE-2005-3677 - helix-player <not-affected> -CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...) +CVE-2005-3676 NOT-FOR-US: PhpWebThings -CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...) +CVE-2005-3675 NOTE: Generic protocol weakness, likely hard to fix at the kernel NOTE: level without performance impact. -CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...) +CVE-2005-3674 NOT-FOR-US: libike from Solaris -CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...) +CVE-2005-3673 NOT-FOR-US: Check Point's IKE implementation -CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...) +CVE-2005-3672 NOT-FOR-US: StoneGate's IKE implementation -CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...) +CVE-2005-3671 - openswan 1:2.4.4-1 (bug #339082; low) [sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation) NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report -CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...) +CVE-2005-3670 NOT-FOR-US: HP-UX's IKE implementation -CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...) +CVE-2005-3669 NOT-FOR-US: Cisco -CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...) +CVE-2005-3668 NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected -CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...) +CVE-2005-3667 NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected -CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...) +CVE-2005-3666 NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected -CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2005-3665 {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium) CVE-2005-XXXX [unsafe file permissions in vpnc] - vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant) NOTE: Only an example file -CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...) +CVE-2005-3714 NOT-FOR-US: Apple AirPort -CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...) +CVE-2005-3713 NOT-FOR-US: Apple Quicktime -CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...) +CVE-2005-3712 NOT-FOR-US: Apple -CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...) +CVE-2005-3711 NOT-FOR-US: Apple Quicktime -CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...) +CVE-2005-3710 NOT-FOR-US: Apple Quicktime -CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote ...) +CVE-2005-3709 NOT-FOR-US: Apple Quicktime -CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...) +CVE-2005-3708 NOT-FOR-US: Apple Quicktime -CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...) +CVE-2005-3707 NOT-FOR-US: Apple Quicktime -CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...) +CVE-2005-3706 NOT-FOR-US: Mac OS X -CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...) +CVE-2005-3705 NOT-FOR-US: Mac OS X -CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...) +CVE-2005-3704 NOT-FOR-US: Mac OS X CVE-2005-3703 REJECTED -CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...) +CVE-2005-3702 NOT-FOR-US: Safari -CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...) +CVE-2005-3701 NOT-FOR-US: Mac OS X -CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator ...) +CVE-2005-3700 NOT-FOR-US: Mac OS X -CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) +CVE-2005-3664 NOT-FOR-US: Kaspersky AV -CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...) +CVE-2005-3663 NOT-FOR-US: Kaspersky AV -CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...) +CVE-2005-3662 {DSA-904-1} - netpbm-free 2:10.0-10.1 (medium; bug #351639) -CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...) +CVE-2005-3661 NOT-FOR-US: Dell hardware issue -CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...) +CVE-2005-3660 - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) NOTE: Design limitation, for rare corner cases, where this poses a problem advanced NOTE: resource management systems can be deployed -CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...) +CVE-2005-3659 NOT-FOR-US: EMC Legato NetWorker -CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...) +CVE-2005-3658 NOT-FOR-US: EMC Legato NetWorker -CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...) +CVE-2005-3657 NOT-FOR-US: McAfee -CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...) +CVE-2005-3656 {DSA-935-1} [sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0 - libapache2-mod-auth-pgsql 2.0.2b1-7 - libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function) -CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote ...) +CVE-2005-3655 NOT-FOR-US: Novell Open Enterprise Server -CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...) +CVE-2005-3654 NOT-FOR-US: Blue Coat WinProxy -CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various ...) +CVE-2005-3653 NOT-FOR-US: IGateway -CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...) +CVE-2005-3652 NOT-FOR-US: Citrix -CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...) +CVE-2005-3651 {DSA-920-1} - ethereal 0.10.13-1.1 (bug #342911; medium) -CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...) +CVE-2005-3650 NOT-FOR-US: Sony Root Kit Uninstaller -CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...) +CVE-2005-3649 NOTE: only exploitable in certian configurations (non-default) NOTE: warning added.. - moodle 1.5.3+20060108-1 (bug #338592; low) [sarge] - moodle <not-affected> (Isn't explotable in sarge) -CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...) +CVE-2005-3648 - moodle 1.5.3+20060108-1 (bug #338592; low) [sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups) -CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...) +CVE-2005-3647 NOT-FOR-US: Folder Guard -CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...) +CVE-2005-3646 NOT-FOR-US: phpAdsNews -CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...) +CVE-2005-3645 NOT-FOR-US: phpAdsNews -CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...) +CVE-2005-3644 NOT-FOR-US: Windows -CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...) +CVE-2005-3643 NOT-FOR-US: DB2 -CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...) +CVE-2005-3642 NOT-FOR-US: Informix -CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...) +CVE-2005-3641 NOT-FOR-US: Oracle -CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...) +CVE-2005-3640 NOT-FOR-US: FTGate -CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...) +CVE-2005-3639 NOT-FOR-US: Help Center Live -CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...) +CVE-2005-3638 NOT-FOR-US: Ekinboard CVE-2005-3637 REJECTED -CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...) +CVE-2005-3636 NOT-FOR-US: SAP Web Application Server -CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...) +CVE-2005-3635 NOT-FOR-US: SAP Web Application Server -CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...) +CVE-2005-3634 NOT-FOR-US: SAP Web Application Server -CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...) +CVE-2005-3633 NOT-FOR-US: SAP Web Application Server -CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...) +CVE-2005-3632 {DSA-904-1} - netpbm-free 2:10.0-10.1 (medium; bug #351639) -CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...) +CVE-2005-3631 - udev <not-affected> (Red Hat specific) -CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...) +CVE-2005-3630 NOT-FOR-US: Fedora Directory Server -CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...) +CVE-2005-3629 NOTE: current sudo cleans the environment, so we are not affected - sysvconfig <not-affected> (sudo cleans env anyway) -CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...) +CVE-2005-3628 {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - kdegraphics 4:3.5.0-3 - gpdf 2.10.0-2 (bug #342286) @@ -2819,7 +2819,7 @@ CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...) NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. - tetex-bin 3.0-12 NOTE: tetex-bin switched to poppler in 3.0-12. -CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...) +CVE-2005-3627 {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - kdegraphics 4:3.5.0-3 @@ -2834,7 +2834,7 @@ CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftoh NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. - tetex-bin 3.0-12 NOTE: tetex-bin switched to poppler in 3.0-12. -CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...) +CVE-2005-3626 {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.3-2 - kdegraphics 4:3.5.0-3 @@ -2849,7 +2849,7 @@ CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. - tetex-bin 3.0-12 NOTE: tetex-bin switched to poppler in 3.0-12. -CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...) +CVE-2005-3625 {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - tetex-bin 3.0-12 @@ -2864,7 +2864,7 @@ CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. NOTE: tetex-bin switched to poppler in 3.0-12. -CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...) +CVE-2005-3624 {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - tetex-bin 3.0-12 @@ -2879,16 +2879,16 @@ CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. NOTE: tetex-bin switched to poppler in 3.0-12. -CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...) +CVE-2005-3623 [sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs) - linux-2.6 2.6.14-7 -CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...) +CVE-2005-3622 - phpmyadmin <unfixed> (unimportant) -CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 ...) +CVE-2005-3620 NOT-FOR-US: VMware ESX -CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...) +CVE-2005-3619 NOT-FOR-US: VMware ESX -CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management ...) +CVE-2005-3618 NOT-FOR-US: VMWare ESX CVE-2005-3617 RESERVED @@ -2932,72 +2932,72 @@ CVE-2005-3598 RESERVED CVE-2005-3597 REJECTED -CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...) +CVE-2005-3596 NOT-FOR-US: ASPKnowledgebase -CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...) +CVE-2005-3595 NOT-FOR-US: Windows XP -CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...) +CVE-2005-3594 NOT-FOR-US: e107 -CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...) +CVE-2005-3592 NOT-FOR-US: CuteNews -CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...) +CVE-2005-3591 - flashplugin-nonfree 7.0.61-1 (bug #339290; high) [sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin) -CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...) +CVE-2005-3589 NOT-FOR-US: FileZilla Server -CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...) +CVE-2005-3588 NOT-FOR-US: Advanced Guestbook -CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...) +CVE-2005-3587 {DSA-947-1} - clamav 0.87.1-1 (medium) NOTE: sarge is affected (not in oldstable) -CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...) +CVE-2005-3586 NOT-FOR-US: Mambo -CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...) +CVE-2005-3585 NOT-FOR-US: PhpWebThings -CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...) +CVE-2005-3584 NOT-FOR-US: PhpWebThings -CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...) +CVE-2005-3583 NOT-FOR-US: Sun Java -CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...) +CVE-2005-3582 - imagemagick <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...) +CVE-2005-3581 - gdal <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...) +CVE-2005-3580 - qdbm <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote ...) +CVE-2005-3579 NOT-FOR-US: Walla TeleSite -CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite ...) +CVE-2005-3578 NOT-FOR-US: Walla TeleSite -CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in ...) +CVE-2005-3577 NOT-FOR-US: Walla TeleSite -CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...) +CVE-2005-3576 NOT-FOR-US: Walla TeleSite -CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...) +CVE-2005-3575 NOT-FOR-US: Cyphor -CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...) +CVE-2005-3574 NOT-FOR-US: iCMS -CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...) +CVE-2005-3573 {DSA-955-1} - mailman 2.1.5-10 (bug #327732; bug #339095; medium) -CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...) +CVE-2005-3572 NOT-FOR-US: Peel -CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...) +CVE-2005-3571 NOT-FOR-US: protection.php from several crappy web apps not in Debian -CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before ...) +CVE-2005-3570 {DSA-914-1} - horde2 2.2.9-1 (bug #338983) -CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...) +CVE-2005-3569 NOT-FOR-US: DB2 -CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...) +CVE-2005-3568 NOT-FOR-US: DB2 -CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 ...) +CVE-2005-3567 NOT-FOR-US: Tivoli -CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...) +CVE-2005-3566 NOT-FOR-US: VERITAS Cluster Server -CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...) +CVE-2005-3565 NOT-FOR-US: HP-UX -CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...) +CVE-2005-3564 NOT-FOR-US: HP-UX CVE-2005-3563 REJECTED @@ -3005,180 +3005,180 @@ CVE-2005-3562 REJECTED CVE-2005-3561 REJECTED -CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...) +CVE-2005-3560 NOT-FOR-US: Zone Labs -CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...) +CVE-2005-3559 {DSA-1048-1} - asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium) -CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...) +CVE-2005-3558 NOT-FOR-US: OSTE -CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...) +CVE-2005-3557 NOT-FOR-US: PHPList -CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...) +CVE-2005-3556 NOT-FOR-US: PHPList -CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...) +CVE-2005-3555 NOT-FOR-US: PHPList -CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...) +CVE-2005-3554 NOT-FOR-US: PHPKIT -CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...) +CVE-2005-3553 NOT-FOR-US: PHPKIT -CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...) +CVE-2005-3552 NOT-FOR-US: PHPKIT -CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...) +CVE-2005-3551 NOT-FOR-US: toendaCMS -CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...) +CVE-2005-3550 NOT-FOR-US: toendaCMS -CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...) +CVE-2005-3549 NOT-FOR-US: Invision Power Board -CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...) +CVE-2005-3548 NOT-FOR-US: Invision Power Board -CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...) +CVE-2005-3547 NOT-FOR-US: Invision Power Board -CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...) +CVE-2005-3546 NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway -CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...) +CVE-2005-3545 NOT-FOR-US: ibProArcade -CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...) +CVE-2005-3544 NOT-FOR-US: XMB -CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...) +CVE-2005-3543 NOT-FOR-US: Phorum CVE-2005-3542 REJECTED CVE-2005-3541 RESERVED -CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...) +CVE-2005-3540 {DSA-929-1} - petris 1.0.1-5 -CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...) +CVE-2005-3539 {DSA-933-1} - hylafax 2:4.2.4-2 (bug #347298) NOTE: First patch had regressions -CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...) +CVE-2005-3538 - hylafax 2:4.2.4-1 [sarge] - hylafax <not-affected> (Affected only 4.2.3) [woody] - hylafax <not-affected> (Affected only 4.2.3) -CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows ...) +CVE-2005-3537 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; medium) -CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote ...) +CVE-2005-3536 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; medium) -CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary ...) +CVE-2005-3535 {DSA-926-1} - ketm 0.0.6-17sarge1 (low) -CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ...) +CVE-2005-3534 {DSA-924-1} - nbd 1:2.8.3-1 -CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...) +CVE-2005-3533 {DSA-918-1} - osh 1.7-15 -CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...) +CVE-2005-3532 {DSA-917-1} - courier 0.47-12 (bug #211920; medium) -CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...) +CVE-2005-3531 {DTSA-27-1} - fuse 2.4.1-0.1 (bug #340398; low) [sarge] - fuse <no-dsa> (Minor local DoS) -CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) +CVE-2005-3530 NOT-FOR-US: Antville -CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...) +CVE-2005-3529 NOT-FOR-US: TikiWiki -CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...) +CVE-2005-3528 NOT-FOR-US: TikiWiki -CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...) +CVE-2005-3527 - linux-2.6 2.6.14-1 (low) - kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later) [sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later) NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0 -CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite ...) +CVE-2005-3526 NOT-FOR-US: Ipswitch Collaboration Suite -CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer ...) +CVE-2005-3525 NOT-FOR-US: Adobe -CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...) +CVE-2005-3522 NOT-FOR-US: ManageEngine NetflowAnalyzer -CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...) +CVE-2005-3521 NOT-FOR-US: e107 -CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...) +CVE-2005-3520 NOT-FOR-US: MySource -CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...) +CVE-2005-3519 NOT-FOR-US: MySource -CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...) +CVE-2005-3518 NOT-FOR-US: PunBB -CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...) +CVE-2005-3517 NOT-FOR-US: Chipmunk Scripts Guestbook -CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) +CVE-2005-3516 NOT-FOR-US: Chipmunk Directory -CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) +CVE-2005-3515 NOT-FOR-US: Chipmunk Topsites -CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...) +CVE-2005-3514 NOT-FOR-US: Chipmunk Forum -CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...) +CVE-2005-3513 NOT-FOR-US: VUBB -CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...) +CVE-2005-3512 NOT-FOR-US: VUBB -CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...) +CVE-2005-3511 NOT-FOR-US: Spymac Web OS -CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...) +CVE-2005-3510 - tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable) -CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...) +CVE-2005-3509 NOT-FOR-US: JPortal -CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...) +CVE-2005-3508 NOT-FOR-US: Tonio gallery (not the one in the gallery debian package) -CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...) +CVE-2005-3507 NOT-FOR-US: CuteNews -CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...) +CVE-2005-3506 NOT-FOR-US: Sambar -CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...) +CVE-2005-3505 NOT-FOR-US: Entropy Chat Script -CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...) +CVE-2005-3504 NOT-FOR-US: AIX -CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...) +CVE-2005-3503 NOT-FOR-US: SuSE fork of passwd -CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...) +CVE-2005-3502 NOT-FOR-US: Cerberus Helpdesk -CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...) +CVE-2005-3499 NOT-FOR-US: F-Prot Antivirus -CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...) +CVE-2005-3498 NOT-FOR-US: WebSphere -CVE-2005-3497 (** DISPUTED ** ...) +CVE-2005-3497 NOT-FOR-US: PHP Handicapper -CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows ...) +CVE-2005-3496 NOT-FOR-US: PHP Handicapper -CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...) +CVE-2005-3495 NOT-FOR-US: Ar-blog -CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...) +CVE-2005-3494 NOT-FOR-US: Ar-blog -CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...) +CVE-2005-3493 NOT-FOR-US: Battle Carry -CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-3492 NOT-FOR-US: FlatFrag -CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...) +CVE-2005-3491 NOT-FOR-US: FlatFrag -CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...) +CVE-2005-3490 NOT-FOR-US: Asus Video Security -CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...) +CVE-2005-3489 NOT-FOR-US: Asus Video Security -CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...) +CVE-2005-3488 - scorched3d 39.1+cvs20050929-2 (bug #337403; medium) -CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...) +CVE-2005-3487 - scorched3d 39.1+cvs20050929-2 (bug #337403; medium) -CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...) +CVE-2005-3486 - scorched3d 39.1+cvs20050929-2 (bug #337403; medium) -CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...) +CVE-2005-3485 NOT-FOR-US: Glider Collect'n kill -CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...) +CVE-2005-3484 NOT-FOR-US: NeroNET -CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...) +CVE-2005-3483 NOT-FOR-US: GO-Global -CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...) +CVE-2005-3621 {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium) -CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...) +CVE-2005-3524 {DSA-896-1} - linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high) -CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...) +CVE-2005-3807 - linux-2.6 2.6.14-4 -CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...) +CVE-2005-3857 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-4 (low) CVE-2005-XXXX [user logout in drupal has no effect] @@ -3186,474 +3186,474 @@ CVE-2005-XXXX [user logout in drupal has no effect] - drupal 4.5.5-3 (bug #336719; medium) CVE-2005-XXXX [double free() in libungif] - libungif4 4.1.4-1 (bug #338542; medium) -CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...) +CVE-2005-3523 {DSA-891-1} - gpsdrive 2.09-2sarge1 (bug #337495; medium) CVE-2005-XXXX [Insecure temp files in note] - note 1.3.1-3 (bug #337492; unimportant) NOTE: Second issue not shipped in binary, only example, first issue not sufficiently NOTE: predictable for a real world attack -CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...) +CVE-2005-3500 {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) -CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...) +CVE-2005-3501 {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) -CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...) +CVE-2005-3482 NOT-FOR-US: Cisco -CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...) +CVE-2005-3481 NOT-FOR-US: IOS -CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...) +CVE-2005-3480 NOT-FOR-US: Ringtail CaseBook -CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...) +CVE-2005-3479 NOT-FOR-US: Ringtail CaseBook -CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials ...) +CVE-2005-3478 NOT-FOR-US: PHPCafe Tutorial Manager -CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...) +CVE-2005-3477 NOT-FOR-US: Invision Gallery -CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...) +CVE-2005-3476 NOT-FOR-US: OpenVMS -CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...) +CVE-2005-3475 NOT-FOR-US: Hasbani Web Server -CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...) +CVE-2005-3474 NOT-FOR-US: XCP DRM -CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) +CVE-2005-3473 NOT-FOR-US: Simple PHP Blog -CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...) +CVE-2005-3472 NOT-FOR-US: Sun Java System Communications Express -CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...) +CVE-2005-3471 NOT-FOR-US: MailWatch for MailScanner -CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...) +CVE-2005-3470 NOT-FOR-US: MailWatch for MailScanner -CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...) +CVE-2005-3469 NOT-FOR-US: News2Net -CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...) +CVE-2005-3468 NOT-FOR-US: F-Secure -CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...) +CVE-2005-3467 NOT-FOR-US: Serv-U FTP Server -CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...) +CVE-2005-3466 NOT-FOR-US: Oracle -CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...) +CVE-2005-3465 NOT-FOR-US: Oracle -CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) +CVE-2005-3464 NOT-FOR-US: Oracle -CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) +CVE-2005-3463 NOT-FOR-US: Oracle -CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) +CVE-2005-3462 NOT-FOR-US: Oracle -CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) +CVE-2005-3461 NOT-FOR-US: Oracle -CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...) +CVE-2005-3460 NOT-FOR-US: Oracle -CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) +CVE-2005-3459 NOT-FOR-US: Oracle -CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) +CVE-2005-3458 NOT-FOR-US: Oracle -CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) +CVE-2005-3457 NOT-FOR-US: Oracle -CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2005-3456 NOT-FOR-US: Oracle -CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2005-3455 NOT-FOR-US: Oracle -CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...) +CVE-2005-3454 NOT-FOR-US: Oracle -CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...) +CVE-2005-3453 NOT-FOR-US: Oracle -CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...) +CVE-2005-3452 NOT-FOR-US: Oracle -CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...) +CVE-2005-3451 NOT-FOR-US: Oracle -CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...) +CVE-2005-3450 NOT-FOR-US: Oracle -CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...) +CVE-2005-3449 NOT-FOR-US: Oracle -CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...) +CVE-2005-3448 NOT-FOR-US: Oracle -CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...) +CVE-2005-3447 NOT-FOR-US: Oracle -CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...) +CVE-2005-3446 NOT-FOR-US: Oracle -CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...) +CVE-2005-3445 NOT-FOR-US: Oracle -CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...) +CVE-2005-3444 NOT-FOR-US: Oracle -CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...) +CVE-2005-3443 NOT-FOR-US: Oracle -CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...) +CVE-2005-3442 NOT-FOR-US: Oracle -CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...) +CVE-2005-3441 NOT-FOR-US: Oracle -CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...) +CVE-2005-3440 NOT-FOR-US: Oracle -CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...) +CVE-2005-3439 NOT-FOR-US: Oracle -CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...) +CVE-2005-3438 NOT-FOR-US: Oracle -CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...) +CVE-2005-3437 NOT-FOR-US: Oracle -CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...) +CVE-2005-3436 NOT-FOR-US: Nuked-Klan -CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...) +CVE-2005-3435 NOT-FOR-US: Archilles Newsworld -CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...) +CVE-2005-3434 NOT-FOR-US: Archilles Newsworld -CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...) +CVE-2005-3433 NOT-FOR-US: Mirabilis ICQ -CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...) +CVE-2005-3432 NOT-FOR-US: MiniGal2 -CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...) +CVE-2005-3431 NOT-FOR-US: MailSite Express -CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...) +CVE-2005-3430 NOT-FOR-US: MailSite Express -CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...) +CVE-2005-3429 NOT-FOR-US: MailSite Express -CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...) +CVE-2005-3428 NOT-FOR-US: MailSite Express -CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...) +CVE-2005-3427 NOT-FOR-US: IPS Sensors -CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...) +CVE-2005-3426 NOT-FOR-US: Cisco -CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...) +CVE-2005-3425 {DSA-877-1} - gnump3d 2.9.6-1 -CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...) +CVE-2005-3424 {DSA-877-1} - gnump3d 2.9.5-1 (low) -CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...) +CVE-2005-3423 NOT-FOR-US: Subdreamer -CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...) +CVE-2005-3422 NOT-FOR-US: ASP Fast Forum -CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...) +CVE-2005-3421 NOT-FOR-US: Hyper Estraier -CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...) +CVE-2005-3420 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) NOTE: http://www.hardened-php.net/advisory_172005.75.html NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 NOTE: Remote code execution may be possible, especially in conjunction NOTE: with PHP bugs. -CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...) +CVE-2005-3419 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) -CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...) +CVE-2005-3418 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) -CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...) +CVE-2005-3417 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) -CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...) +CVE-2005-3416 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) -CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...) +CVE-2005-3415 {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) -CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...) +CVE-2005-3414 NOT-FOR-US: eyeOS -CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...) +CVE-2005-3413 NOT-FOR-US: eyeOS -CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...) +CVE-2005-3412 NOT-FOR-US: Elite Forum -CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...) +CVE-2005-3411 NOT-FOR-US: Snitz Forums CVE-2005-3410 RESERVED -CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...) +CVE-2005-3409 {DSA-885-1} - openvpn 2.0.5-1 (bug #337334; low) -CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...) +CVE-2005-3408 NOT-FOR-US: gCards -CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...) +CVE-2005-3407 NOT-FOR-US: phpESP -CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...) +CVE-2005-3406 NOT-FOR-US: phpESP -CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...) +CVE-2005-3405 NOT-FOR-US: ATutor -CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...) +CVE-2005-3404 NOT-FOR-US: ATutor -CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...) +CVE-2005-3403 NOT-FOR-US: ATutor -CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...) +CVE-2005-3402 NOTE: That's a non-issue; only a feature request for an improvement in a corner case. NOTE: If someone wants to use security-sensitive communication a TLS-secured server NOTE: should be used. -CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...) +CVE-2005-3401 NOT-FOR-US: TheHacker -CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...) +CVE-2005-3400 NOT-FOR-US: Fortinet -CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...) +CVE-2005-3399 NOT-FOR-US: CAT-QuickHeal -CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...) +CVE-2005-3398 NOT-FOR-US: Solaris Management Console -CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...) +CVE-2005-3397 NOT-FOR-US: Comersus BackOffice -CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...) +CVE-2005-3396 NOT-FOR-US: AIX -CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...) +CVE-2005-3395 NOT-FOR-US: Invision Gallery -CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...) +CVE-2005-3394 NOT-FOR-US: oaboard -CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...) +CVE-2005-3393 {DSA-885-1} - openvpn 2.0.5-1 (bug #336751; medium) -CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...) +CVE-2005-3392 - php4 4:4.4.2-1 (bug #336645; bug #354681; low) [sarge] - php4 <no-dsa> (Safe mode violations not supported) - php5 5.1.1-1 (bug #336654; low) NOTE: According to CVE, this is a safe mode violation, NOTE: therefore low impact. (According to SuSE, it's an NOTE: information leak.) -CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...) +CVE-2005-3391 - php4 4:4.4.2-1 (bug #336645; bug #354678; low) [sarge] - php4 <no-dsa> (Safe mode violations not supported) - php5 5.1.1-1 (bug #336654; low) NOTE: This is a safe mode violation, therefore low impact. -CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...) +CVE-2005-3390 - php4 4:4.4.2-1 (bug #336645; bug #354680; low) - php5 5.1.1-1 (bug #336654; low) [sarge] - php4 <no-dsa> (Operation with register_globals not supported) NOTE: http://www.hardened-php.net/advisory_202005.79.html NOTE: http://www.hardened-php.net/globals-problem -CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...) +CVE-2005-3389 - php4 4:4.4.2-1 (bug #336645; bug #354690; low) - php5 5.1.1-1 (bug #336654; low) [sarge] - php4 <no-dsa> (application's job to sanitize input) NOTE: http://www.hardened-php.net/advisory_192005.78.html -CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) +CVE-2005-3388 {CVE-2002-1954} - php4 4:4.4.2-1 (bug #336645; low) - php5 5.1.1-1 (bug #336654; low) [sarge] - php4 <no-dsa> (not worth an update) NOTE: http://www.hardened-php.net/advisory_182005.77.html NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue -CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...) +CVE-2005-3387 - ntop <not-affected> (Red Hat specific packaging flaw) -CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...) +CVE-2005-3386 NOT-FOR-US: Techno Dreams scripts -CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...) +CVE-2005-3385 NOT-FOR-US: Techno Dreams scripts -CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...) +CVE-2005-3384 NOT-FOR-US: Techno Dreams scripts -CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...) +CVE-2005-3383 NOT-FOR-US: Techno Dreams scripts -CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...) +CVE-2005-3382 NOT-FOR-US: Sophos -CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...) +CVE-2005-3381 NOT-FOR-US: Ukranian National Antivirus -CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...) +CVE-2005-3380 NOT-FOR-US: Panda Titanium -CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...) +CVE-2005-3379 NOT-FOR-US: Trend Micro -CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...) +CVE-2005-3378 NOT-FOR-US: Norman -CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...) +CVE-2005-3377 NOT-FOR-US: McAfee -CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...) +CVE-2005-3376 NOT-FOR-US: Kaspersky -CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...) +CVE-2005-3375 NOT-FOR-US: Ikarus -CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...) +CVE-2005-3374 NOT-FOR-US: F-Prot -CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...) +CVE-2005-3373 NOT-FOR-US: Dr. Web -CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...) +CVE-2005-3372 NOT-FOR-US: eTrust -CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...) +CVE-2005-3371 NOT-FOR-US: AVG -CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...) +CVE-2005-3370 NOT-FOR-US: ArcaVir -CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...) +CVE-2005-3369 NOT-FOR-US: Woltlab Burning Board -CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...) +CVE-2005-3368 NOT-FOR-US: PHP-Nuke -CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...) +CVE-2005-3367 NOT-FOR-US: SparkleBlog -CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...) +CVE-2005-3366 NOT-FOR-US: PHP iCalendar -CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...) +CVE-2005-3365 NOT-FOR-US: DCP-Portal -CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...) +CVE-2005-3364 NOT-FOR-US: DboardGear -CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...) +CVE-2005-3363 NOT-FOR-US: saphp Lesson CVE-2005-3362 REJECTED -CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...) +CVE-2005-3361 NOT-FOR-US: FlatNuke -CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...) +CVE-2005-3360 NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005 -CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...) +CVE-2005-3359 {DSA-1103} - linux-2.6 2.6.14 -CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...) +CVE-2005-3358 {DSA-1017-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) -CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...) +CVE-2005-3357 - apache2 2.0.55-4 (bug #351246; low) [sarge] - apache2 2.0.54-5sarge2 -CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...) +CVE-2005-3356 {DSA-1017-1} - linux-2.6 2.6.15-4 -CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...) +CVE-2005-3355 {DSA-901-1} - gnump3d 2.9.8-1 -CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...) +CVE-2005-3354 {DSA-908-1 DSA-906-1} - sylpheed 2.0.4-1 (bug #338434; medium) - sylpheed-gtk1 1.0.6-1 (medium) - sylpheed-claws 1.0.5-2 (bug #338436; medium) - sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium) -CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...) +CVE-2005-3353 {DSA-1206-1} - php4 4:4.4.2-1 (bug #339577; medium) - php5 5.1.1-1 (bug #336654; medium) -CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...) +CVE-2005-3352 {DSA-1167-1} - apache 1.3.34-2 (bug #343466; low) - apache2 2.0.55-4 (bug #343467; bug #349793; low) [sarge] - apache2 2.0.54-5sarge2 NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected NOTE: Means oldstable and stable are affected -CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) +CVE-2005-3351 - spamassassin 3.1.0a-1 (bug #339526; low) [sarge] - spamassassin <no-dsa> (DoS affects only a single message) [woody] - spamassassin <no-dsa> (DoS affects only a single message) -CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...) +CVE-2005-3350 {DSA-890-1} - libungif4 4.1.3-4 (bug #337972; high) - giflib 4.1.4-1 (bug #395382) -CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete ...) +CVE-2005-3349 {DSA-901-1} - gnump3d 2.9.8-1 -CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 ...) +CVE-2005-3348 {DSA-899-1 DSA-898-1 DSA-897-1} - phpsysinfo 2.3-7 (bug #339079) - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 -CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in ...) +CVE-2005-3347 {DSA-899-1 DSA-898-1 DSA-897-1} - phpsysinfo 2.3-7 (bug #339079) - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 -CVE-2005-3346 (Buffer overflow in the environment variable substitution code in ...) +CVE-2005-3346 {DSA-918-1} - osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium) -CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access ...) +CVE-2005-3345 - rssh 2.3.0-1 (bug #344395; bug #344424) [sarge] - rssh 2.2.3-1.sarge.1 NOTE: Update was introduced through s-p-u, not a DSA -CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative ...) +CVE-2005-3344 {DSA-884-1} - horde3 3.0.5-2 (bug #332290; bug #332289; medium) -CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...) +CVE-2005-3343 {DSA-927-1} - tkdiff 1:4.0.2-2 (low) -CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary ...) +CVE-2005-3342 {DSA-968-1} - noweb 2.10c-3.2 (low) -CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...) +CVE-2005-3340 {DSA-941-1} - tuxpaint 1:0.9.15b-1 (low) CVE-2005-XXXX [ntop format string vulnerability] - ntop 3:4.0.3+dfsg1-1 (bug #335996; unimportant) NOTE: Not exploitable -CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users ...) +CVE-2005-3341 {DSA-928-1} - dhis-tools-dns 5.0-5 -CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...) +CVE-2005-3339 {DSA-905-1} - mantis 0.19.3-0.1 (bug #330682) -CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...) +CVE-2005-3338 {DSA-905-1} - mantis 0.19.3-0.1 (bug #330682; low) -CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...) +CVE-2005-3337 NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second NOTE: issue). This will be rejected. -CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...) +CVE-2005-3336 {DSA-905-1} - mantis 0.19.3-0.1 (high) -CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...) +CVE-2005-3335 {DSA-905-1} - mantis 0.19.3-0.1 (bug #335938; medium) -CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...) +CVE-2005-3334 {DSA-953-1} - flyspray 0.9.8-4 (bug #335997; low) NOTE: Sarge is confirmed vulnerable -CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...) +CVE-2005-3333 NOT-FOR-US: eBASEweb -CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...) +CVE-2005-3332 NOT-FOR-US: Belchior Foundry vCard -CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...) +CVE-2005-3331 - mgdiff 1.0-28 (bug #335188; unimportant) -CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...) +CVE-2005-3330 - wordpress <not-affected> (bug #335817; unimportant) NOTE: Upstream claims the modified Snoopy class is secure -CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...) +CVE-2005-3329 NOT-FOR-US: RSA Authentication Agent -CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...) +CVE-2005-3328 NOT-FOR-US: PunBB -CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...) +CVE-2005-3327 NOT-FOR-US: Data ONTAP -CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...) +CVE-2005-3326 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in ...) +CVE-2005-3325 {DSA-893-1} - acidbase 1.2.1-1 (bug #335998; bug #336788; medium) NOTE: the fix from 1.2-2 did not address the problem fully - acidlab 0.9.6b20-13 -CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...) +CVE-2005-3324 NOT-FOR-US: MWChat -CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...) +CVE-2005-3323 {DSA-910-1} - zope2.8 2.8.1-7 (bug #334055; bug #334054; high) - zope2.7 2.7.8-1 (bug #334055; bug #334054; high) -CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...) +CVE-2005-3322 - squid <not-affected> NOTE: see bug #334882 for details -CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...) +CVE-2005-3321 NOT-FOR-US: SuSE-specific tool -CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...) +CVE-2005-3320 NOT-FOR-US: SiteTurn Domain Manager -CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...) +CVE-2005-3319 - php4 4:4.4.2-1 (bug #336004; bug #354684; low) - php5 5.1.1-1 (bug #336005; low) [sarge] - php4 <not-affected> NOTE: can't reproduce, error may not be present in 4.3. NOTE: tentatively marking as not-affected in sarge. -CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...) +CVE-2005-3318 {DSA-886-1} - chmlib 0.37-1 (bug #335931; medium) -CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...) +CVE-2005-3317 NOT-FOR-US: ZipGenius -CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...) +CVE-2005-3316 NOT-FOR-US: Symantec Discovery -CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...) +CVE-2005-3315 NOT-FOR-US: Novell ZENworks -CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...) +CVE-2005-3314 NOT-FOR-US: Novell Netmail -CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...) +CVE-2005-3313 [woody] - ethereal <not-affected> (Only affects version 0.10.13) [sarge] - ethereal <not-affected> (Only affects version 0.10.13) - ethereal 0.10.14-1 (medium) -CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...) +CVE-2005-3312 NOT-FOR-US: Microsoft -CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...) +CVE-2005-3311 NOT-FOR-US: BMC Software Control-M -CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and ...) +CVE-2005-3310 {DSA-925-1} - phpbb2 2.0.18-1 (bug #335662; low) -CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...) +CVE-2005-3309 NOT-FOR-US: Zomplog -CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...) +CVE-2005-3308 NOT-FOR-US: Zomplog -CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...) +CVE-2005-3307 NOT-FOR-US: FlatNuke -CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...) +CVE-2005-3306 NOT-FOR-US: FlatNuke -CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...) +CVE-2005-3305 NOT-FOR-US: Nuked Klan -CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...) +CVE-2005-3304 NOT-FOR-US: PHP-Nuke -CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...) +CVE-2005-3303 {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (high) CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] @@ -3664,61 +3664,61 @@ CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern] - thttpd 2.23beta1-4 (low) [sarge] - thttpd <no-dsa> (Minor issue in addon package) -CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2005-3301 {DSA-880-1} - phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium) -CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...) +CVE-2005-3300 {DSA-880-1} - phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high) -CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...) +CVE-2005-3299 [sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433) - phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high) -CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...) +CVE-2005-3298 NOT-FOR-US: OpenWBEM -CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...) +CVE-2005-3297 NOT-FOR-US: OpenWBEM -CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...) +CVE-2005-3296 NOT-FOR-US: HP-UX -CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...) +CVE-2005-3295 NOT-FOR-US: HP-UX -CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows ...) +CVE-2005-3294 NOT-FOR-US: Typsoft FTP Server -CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...) +CVE-2005-3293 NOT-FOR-US: Xerver -CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...) +CVE-2005-3292 NOT-FOR-US: Xeobook -CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...) +CVE-2005-3291 - spe <not-affected> (Gentoo-specific packaging flaw) -CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...) +CVE-2005-3290 NOT-FOR-US: Accelerated Mortgage manager -CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...) +CVE-2005-3289 NOT-FOR-US: AIX -CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...) +CVE-2005-3288 NOT-FOR-US: Mailsite Express -CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...) +CVE-2005-3287 NOT-FOR-US: Mailsite Express -CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...) +CVE-2005-3286 NOT-FOR-US: Kerio Personal Firewall -CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2005-3285 NOT-FOR-US: Comersus Backoffice Plus -CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...) +CVE-2005-3284 NOT-FOR-US: AhnLab -CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...) +CVE-2005-3283 NOT-FOR-US: TikiWiki -CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...) +CVE-2005-3282 NOT-FOR-US: Splatt Forum -CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 ...) +CVE-2005-3281 NOT-FOR-US: PHP-Nuke addon -CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the ...) +CVE-2005-3280 NOT-FOR-US: Paros -CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...) +CVE-2005-3279 - bmv 1.2-18 (bug #335497; unimportant) NOTE: Vulnerable code not activated in binary package -CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...) +CVE-2005-3278 {DSA-981-1} - bmv 1.2-18 (bug #335497; medium) NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA) -CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...) +CVE-2005-3277 NOT-FOR-US: HP-UX CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions] - adduser 3.77 (bug #331720; low) @@ -3726,209 +3726,209 @@ CVE-2005-XXXX [adduser's deluser creates backup files with world readable permis CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow] - pavuk 0.9.33-1 (bug #264684; high) NOTE: second hole mentioned in bug report -CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...) +CVE-2005-3751 {DSA-934-1} - pound 1.9.4-1 (low) NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000 -CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...) +CVE-2005-3276 {DSA-922-1} - linux-2.6 2.6.12-2 - kernel-source-2.4.27 <not-affected> -CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...) +CVE-2005-3275 {DSA-922-1 DSA-921-1} - linux-2.6 2.6.13-1 (low) - kernel-source-2.4.27 2.4.27-11 (low) -CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...) +CVE-2005-3274 {DSA-922-1} - linux-2.6 2.6.13-1 (low) -CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...) +CVE-2005-3273 {DSA-922-1} - linux-2.6 2.6.12-1 - kernel-source-2.4.27 <not-affected> -CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...) +CVE-2005-3272 {DSA-922-1} - linux-2.6 2.6.12-1 - kernel-source-2.4.27 <not-affected> -CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...) +CVE-2005-3271 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9) - kernel-source-2.4.27 <not-affected> -CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...) +CVE-2005-3270 NOT-FOR-US: Symantec Antivirus -CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative ...) +CVE-2005-3269 NOT-FOR-US: Sun Java System Directory Server -CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...) +CVE-2005-3268 - yiff 2.14.2-8 (bug #334616; low) [sarge] - yiff <no-dsa> (Only a minor privacy leak) -CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...) +CVE-2005-3267 NOT-FOR-US: Skype CVE-2005-3266 REJECTED -CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows ...) +CVE-2005-3265 NOT-FOR-US: Skype -CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...) +CVE-2005-3264 NOT-FOR-US: Zeroblog -CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...) +CVE-2005-3263 NOT-FOR-US: WinRAR -CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...) +CVE-2005-3262 NOT-FOR-US: WinRAR -CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...) +CVE-2005-3261 NOT-FOR-US: versatileBulletinBoard -CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-3260 NOT-FOR-US: versatileBulletinBoard -CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...) +CVE-2005-3259 NOT-FOR-US: versatileBulletinBoard -CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...) +CVE-2005-3258 - squid <not-affected> (bug #334882; medium) NOTE: Bug was introduced in a patch to squid-2.5.STABLE10, NOTE: this patch was never applied to the Debian package. -CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) +CVE-2005-3256 {DSA-889-1} - enigmail 2:0.93-1 (bug #335731; medium) -CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to ...) +CVE-2005-3253 NOT-FOR-US: Avaya Wireless Access Points -CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) +CVE-2005-3252 - snort <not-affected> (Vulnerable code was introduced later, see bug #334606) -CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...) +CVE-2005-3251 - gallery2 2.0.1-1 (medium) -CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...) +CVE-2005-3250 NOT-FOR-US: Solaris -CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...) +CVE-2005-3249 {DSA-1171} [woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable -CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...) +CVE-2005-3248 {DSA-1171} [woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable -CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...) +CVE-2005-3247 [woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12) [sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) -CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) +CVE-2005-3246 {DSA-1171} [woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable -CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...) +CVE-2005-3245 - ethereal 0.10.13-1 (bug #334880; medium) -CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...) +CVE-2005-3244 {DSA-1171} [woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable -CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...) +CVE-2005-3243 {DSA-1171} - ethereal 0.10.13-1 (bug #334880; medium) NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge -CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) +CVE-2005-3242 {DSA-1171} [woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable -CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...) +CVE-2005-3241 {DSA-1171} - ethereal 0.10.13-1 (bug #334880; medium) NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge -CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted ...) +CVE-2005-3240 NOT-FOR-US: Microsoft Internet Explorer -CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...) +CVE-2005-3238 NOT-FOR-US: Solaris -CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...) +CVE-2005-3257 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-4 (bug #334113; medium) -CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...) +CVE-2005-3237 NOT-FOR-US: Cyphor -CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...) +CVE-2005-3236 NOT-FOR-US: Cyphor -CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...) +CVE-2005-3235 NOT-FOR-US: Proland Protector Plus -CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...) +CVE-2005-3234 NOT-FOR-US: Grisoft AVG Antivirus -CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...) +CVE-2005-3233 NOT-FOR-US: Trustix Antivirus -CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...) +CVE-2005-3232 NOT-FOR-US: TheHacker -CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...) +CVE-2005-3231 NOT-FOR-US: CAT Quick Heal -CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...) +CVE-2005-3230 NOT-FOR-US: Panda Antivirus -CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...) +CVE-2005-3229 - clamav <not-affected> (predates any supported Debian release) NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers -CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...) +CVE-2005-3228 NOT-FOR-US: Ikarus Antivirus -CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...) +CVE-2005-3227 NOT-FOR-US: UNA Antivirus -CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...) +CVE-2005-3226 NOT-FOR-US: ArcaVir -CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...) +CVE-2005-3225 NOT-FOR-US: eTrust Antivirus -CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...) +CVE-2005-3224 NOT-FOR-US: AntiVir -CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...) +CVE-2005-3223 NOT-FOR-US: Rising Antivirus -CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...) +CVE-2005-3222 NOT-FOR-US: VBA32 Antivirus -CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...) +CVE-2005-3221 NOT-FOR-US: Fortinet Antivirus -CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...) +CVE-2005-3220 NOT-FOR-US: Norman Antivirus -CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...) +CVE-2005-3219 NOT-FOR-US: Avira Antivirus -CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...) +CVE-2005-3218 NOT-FOR-US: Dr. Web Antivirus -CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...) +CVE-2005-3217 NOT-FOR-US: Symantec Antivirus -CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...) +CVE-2005-3216 NOT-FOR-US: Sophos Antivirus -CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...) +CVE-2005-3215 NOT-FOR-US: McAfee Antivirus -CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...) +CVE-2005-3214 NOT-FOR-US: Avast Antovirus -CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...) +CVE-2005-3213 NOT-FOR-US: F-Prot Antivirus -CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...) +CVE-2005-3212 NOT-FOR-US: NOD32 Antivirus -CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...) +CVE-2005-3211 NOT-FOR-US: BitDefender Antivirus -CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...) +CVE-2005-3210 NOT-FOR-US: Kaspersky Antivirus -CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...) +CVE-2005-3209 NOT-FOR-US: aeNovo apps -CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...) +CVE-2005-3208 NOT-FOR-US: aeNovo apps -CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...) +CVE-2005-3207 NOT-FOR-US: Oracle -CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...) +CVE-2005-3206 NOT-FOR-US: Oracle -CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...) +CVE-2005-3205 NOT-FOR-US: Oracle -CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...) +CVE-2005-3204 NOT-FOR-US: Oracle -CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...) +CVE-2005-3203 NOT-FOR-US: Oracle -CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...) +CVE-2005-3202 NOT-FOR-US: Oracle -CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...) +CVE-2005-3201 NOT-FOR-US: Utopia News Pro -CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...) +CVE-2005-3200 NOT-FOR-US: Utopia News Pro -CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...) +CVE-2005-3199 NOT-FOR-US: aspReady -CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...) +CVE-2005-3198 NOT-FOR-US: Webroot Desktop Firewall -CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...) +CVE-2005-3197 NOT-FOR-US: Webroot Desktop Firewall -CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...) +CVE-2005-3196 NOT-FOR-US: Planet Technology switch CVE-2005-3195 REJECTED -CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...) +CVE-2005-3194 NOT-FOR-US: ALZip -CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...) +CVE-2005-3193 {DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) @@ -3942,7 +3942,7 @@ CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream funct - cupsys 1.1.23-13 (unimportant) - cups 1.1.23-13 (unimportant) - pdfkit.framework 0.8-4 -CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...) +CVE-2005-3192 {DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) @@ -3957,7 +3957,7 @@ CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpd - cupsys 1.1.23-13 (unimportant) - cups 1.1.23-13 (unimportant) - pdfkit.framework 0.8-4 -CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...) +CVE-2005-3191 {DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) @@ -3971,40 +3971,40 @@ CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...) - libextractor 0.5.8-1 (medium) - cups 1.1.23-13 (unimportant) - cupsys 1.1.23-13 (unimportant) -CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...) +CVE-2005-3190 NOT-FOR-US: iGateway -CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...) +CVE-2005-3189 NOT-FOR-US: Qualcomm WorldMail IMAP Server -CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...) +CVE-2005-3188 NOT-FOR-US: Winamp -CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...) +CVE-2005-3187 NOT-FOR-US: WinProxy -CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...) +CVE-2005-3186 {DSA-913-1 DSA-911-1} - gtk+2.0 2.6.10-2 (bug #339431; medium) - gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium) -CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...) +CVE-2005-3184 [woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable -CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...) +CVE-2005-3183 - w3c-libwww 5.4.0-11 (bug #334443; low) [sarge] - w3c-libwww <no-dsa> (Minor DoS) -CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...) +CVE-2005-3182 NOT-FOR-US: GFI MailSecurity CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade] - xscreensaver 4.23-2 (bug #334193; low) [sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable) -CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) +CVE-2005-3185 {DSA-919-2} - wget 1.10.2-1 (medium) [sarge] - wget <not-affected> (Does not contain NTML authentication code) [woody] - wget <not-affected> (Does not contain NTML authentication code) - curl 7.15.0-1 (bug #333734; medium) -CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...) +CVE-2005-3239 {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (bug #333566; medium) -CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before ...) +CVE-2005-3181 {DSA-1017-1} - linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low) - kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL) @@ -4012,192 +4012,192 @@ CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions] - php5 5.0.5-2 (unimportant) - php4 4:4.4.0-3 (unimportant) NOTE: Safe mode violations not supported -CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...) +CVE-2005-3180 {DSA-1017-1} - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium) -CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...) +CVE-2005-3119 - linux-2.6 2.6.13-2 (low) - kernel-source-2.4.27 <not-affected> NOTE: 2.6.12 itself not affected, fixed in SVN -CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...) +CVE-2005-3179 - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium) - kernel-source-2.4.27 <not-affected> -CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...) +CVE-2005-3178 {DSA-859-1 DSA-858-1} - xloadimage 4.1-15 (bug #332524; medium) - xli 1.17.0-20 (medium) NOTE: xli couldn't load the provided test images when I checked? -CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...) +CVE-2005-3302 {DSA-1039-1} - blender 2.37a-1 (bug #330895; medium) [woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script) -CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...) +CVE-2005-3177 NOT-FOR-US: Microsoft -CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...) +CVE-2005-3176 NOT-FOR-US: Microsoft -CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...) +CVE-2005-3175 NOT-FOR-US: Microsoft -CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...) +CVE-2005-3174 NOT-FOR-US: Microsoft -CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...) +CVE-2005-3173 NOT-FOR-US: Microsoft -CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...) +CVE-2005-3172 NOT-FOR-US: Microsoft -CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...) +CVE-2005-3171 NOT-FOR-US: Microsoft -CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...) +CVE-2005-3170 NOT-FOR-US: Microsoft -CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...) +CVE-2005-3169 NOT-FOR-US: Microsoft -CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...) +CVE-2005-3168 NOT-FOR-US: Microsoft -CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...) +CVE-2005-3167 - mediawiki 1.4.11-1 (bug #332408; medium) -CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...) +CVE-2005-3166 - mediawiki 1.4.11-1 (bug #332408) -CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...) +CVE-2005-3165 - mediawiki 1.4.9 -CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 ...) +CVE-2005-3164 NOT-FOR-US: Hitachi Cosminexus Application Server -CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) +CVE-2005-3163 - polipo 0.9.9-1 (bug #332411; low) [sarge] - polipo <no-dsa> (Minor issue) CVE-2005-3162 REJECTED -CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 ...) +CVE-2005-3161 NOT-FOR-US: PHP-Fusion -CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...) +CVE-2005-3160 NOT-FOR-US: PHP-Fusion -CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...) +CVE-2005-3159 NOT-FOR-US: PHP-Fusion -CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...) +CVE-2005-3158 NOT-FOR-US: PHP-Fusion -CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) +CVE-2005-3157 NOT-FOR-US: PHP-Fusion -CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...) +CVE-2005-3156 NOT-FOR-US: EasyGuppy -CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...) +CVE-2005-3155 NOT-FOR-US: MailEnable Enterprise -CVE-2005-3154 (Format string vulnerability in the logging functionality in ...) +CVE-2005-3154 NOT-FOR-US: Bitdefender Antivirus -CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...) +CVE-2005-3153 NOT-FOR-US: MyBloggie -CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...) +CVE-2005-3152 NOT-FOR-US: CubeCart -CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...) +CVE-2005-3151 - blender <unfixed> (bug #332413; unimportant) NOTE: To exploit this an attacker would need to trick a user into opening a file NOTE: with a very suspicious file, no automatic processing of Blender files NOTE: This might even be fixed in 2.42 -CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) +CVE-2005-3150 {DSA-855-1} - weex 2.6.1-6sarge1 (bug #332424; medium) -CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...) +CVE-2005-3149 {DSA-895-1 DTSA-22-1} - uim 1:0.4.7-2 (bug #331620; medium) -CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for ...) +CVE-2005-3148 {DSA-1022-1} - storebackup 1.19-1 (bug #332434) -CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable ...) +CVE-2005-3147 {DSA-1022-1} - storebackup 1.19-1 (bug #332434; medium) -CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ...) +CVE-2005-3146 {DSA-1022-1} - storebackup 1.19-2 (bug #332434; medium) NOTE: The upstream fix only mitigated the issue, but didn't fix it -CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) +CVE-2005-3145 NOT-FOR-US: Standard Based Linux Instrumentation -CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...) +CVE-2005-3144 NOT-FOR-US: Standard Based Linux Instrumentation -CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...) +CVE-2005-3143 NOT-FOR-US: Mailbox Server for 4D WebStar -CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...) +CVE-2005-3142 NOT-FOR-US: Kaspersky Antivirus -CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...) +CVE-2005-3141 NOT-FOR-US: Cerulean Trillian -CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...) +CVE-2005-3140 NOT-FOR-US: Procom NetFORCE -CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...) +CVE-2005-3137 {DSA-836-1 DSA-835-1} - cfengine <removed> (bug #332433; low) - cfengine2 2.1.17-1 (bug #332432; low) NOTE: maintainer does not think it's a hole, script is unused/broken -CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...) +CVE-2005-3136 NOT-FOR-US: Virtools Web Player -CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...) +CVE-2005-3135 NOT-FOR-US: Virtools Web Player -CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...) +CVE-2005-3134 NOT-FOR-US: Citrix -CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...) +CVE-2005-3133 NOT-FOR-US: MERAK Mail Server -CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...) +CVE-2005-3132 NOT-FOR-US: MERAK Mail Server -CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...) +CVE-2005-3131 NOT-FOR-US: MERAK Mail Server -CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...) +CVE-2005-3130 NOT-FOR-US: lucidCMS -CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...) +CVE-2005-3129 - serendipity 1.0-1 -CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...) +CVE-2005-3128 NOT-FOR-US: Address Add Plugin for Squirrelmail -CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...) +CVE-2005-3127 NOT-FOR-US: lucidCMS -CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) ...) +CVE-2005-3126 {DSA-945-1} - antiword 0.35-2 (low) CVE-2005-3125 REJECTED -CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...) +CVE-2005-3124 {DSA-883-1} - thttpd 2.23beta1-4 -CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...) +CVE-2005-3123 {DSA-877-1} - gnump3d 2.9.6-1 (medium) CVE-2005-3122 REJECTED -CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...) +CVE-2005-3121 {DSA-867-1} - module-assistant 0.9.10 -CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...) +CVE-2005-3120 {DSA-1085-1 DSA-876-1 DSA-874-1} - lynx 2.8.5-2sarge1 (bug #335033; high) - lynx-cur 2.8.6-16 (bug #334423; high) - lynx-ssl <removed> -CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...) +CVE-2005-3118 {DSA-845-1} - mason 1.0.0-3 CVE-2005-3117 REJECTED -CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...) +CVE-2005-3116 NOT-FOR-US: VERITAS Backup -CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) +CVE-2005-3115 NOT-FOR-US: mpeg-tools -CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...) +CVE-2005-3114 NOT-FOR-US: NateOn Messenger -CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...) +CVE-2005-3113 NOT-FOR-US: NateOn Messenger -CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...) +CVE-2005-3112 NOT-FOR-US: Macromedia Breeze -CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...) +CVE-2005-3110 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11) - kernel-source-2.4.27 <not-affected> -CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...) +CVE-2005-3109 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12) - kernel-source-2.4.27 <not-affected> -CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...) +CVE-2005-3108 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12) - kernel-source-2.4.27 <not-affected> -CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...) +CVE-2005-3107 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11) - kernel-source-2.4.27 <not-affected> -CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...) +CVE-2005-3106 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) -CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...) +CVE-2005-3105 {DSA-922-1} - kernel-source-2.4.27 <unfixed> (bug #332569; unimportant) NOTE: Montecito CPUs are not available on the market yet @@ -4216,7 +4216,7 @@ CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod] CVE-2005-XXXX [tar's rmt command may have undesired side effects] - tar <unfixed> (bug #290435; unimportant) [sarge] - tar <no-dsa> (Hardly exploitable) -CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...) +CVE-2005-3752 - ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878) CVE-2005-XXXX [hdup inproperly preserves permissions on directories] - hdup 2.0.14-2 (bug #302790; low) @@ -4226,15 +4226,15 @@ CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option] - findutils 4.2.22-1 (bug #313081) [woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected) [sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected) -CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) +CVE-2005-3138 [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected) [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected) - bugzilla 2.18.4-1 (bug #331206; medium) -CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...) +CVE-2005-3139 [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected) [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected) - bugzilla 2.18.4-1 (bug #331206; medium) -CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...) +CVE-2005-2966 {DSA-847-1} - dia 0.94.0-15 (bug #330890; medium) CVE-2005-XXXX [Insecure temp files in linux-wlan-ng] @@ -4243,147 +4243,147 @@ CVE-2005-XXXX [Heap overflow in libosip URI parsing] - libosip2 2.0.9-1 (bug #308737) CVE-2005-XXXX [rkhunter: Insecure temporary file] - rkhunter 1.2.7-14 (bug #330627; medium) -CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...) +CVE-2005-3104 NOT-FOR-US: Movable Type -CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...) +CVE-2005-3103 NOT-FOR-US: Movable Type -CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...) +CVE-2005-3102 NOT-FOR-US: Movable Type -CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...) +CVE-2005-3101 NOT-FOR-US: Movable Type -CVE-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux ...) +CVE-2005-3100 NOT-FOR-US: Astato Security Linux -CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...) +CVE-2005-3099 NOT-FOR-US: Solaris -CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...) +CVE-2005-3098 - qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary) -CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...) +CVE-2005-3097 NOT-FOR-US: Avi Alkalay -CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...) +CVE-2005-3096 NOT-FOR-US: Avi Alkalay -CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...) +CVE-2005-3095 NOT-FOR-US: Avi Alkalay -CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...) +CVE-2005-3094 NOT-FOR-US: Avi Alkalay -CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...) +CVE-2005-3093 NOT-FOR-US: Nokia cell phones -CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...) +CVE-2005-3092 NOT-FOR-US: Image-Line Software FL Studio -CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...) +CVE-2005-3091 {DSA-905-1} - mantis 0.19.3-0.1 (bug #330682; low) -CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...) +CVE-2005-3090 - mantis 0.19.2-4 (bug #330682; medium) -CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...) +CVE-2005-3089 - mozilla-firefox 1.0.7-1 (unimportant) NOTE: Browser crashes not treated as security problems -CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 ...) +CVE-2005-3088 {DSA-900-3} - fetchmail 6.2.5.4-1 (bug #336096; low) -CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...) +CVE-2005-3111 {DSA-827-1} - backupninja 0.8-2 (medium) CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation] - microcode.ctl 0.20080131-1 (bug #282583; unimportant) NOTE: The validity of the microcode is ensure inside the CPU -CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...) +CVE-2005-3087 NOT-FOR-US: SecureW2 TLS -CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...) +CVE-2005-3086 NOT-FOR-US: contentSrv -CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...) +CVE-2005-3085 NOT-FOR-US: Riverdark Studios RSS Syndicator -CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...) +CVE-2005-3084 NOT-FOR-US: Sony PSP -CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) +CVE-2005-3083 NOT-FOR-US: CMS Made Simple -CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...) +CVE-2005-3082 NOT-FOR-US: SEO-Board -CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...) +CVE-2005-3081 {DSA-1006-1} - wzdftpd 0.5.5-1 (high) -CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...) +CVE-2005-3080 NOT-FOR-US: GeSHi -CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...) +CVE-2005-3079 NOT-FOR-US: PunBB -CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...) +CVE-2005-3078 NOT-FOR-US: PunBB -CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...) +CVE-2005-3077 NOT-FOR-US: Microsoft -CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...) +CVE-2005-3076 NOT-FOR-US: Simplog -CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...) +CVE-2005-3075 NOT-FOR-US: Zengaia -CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...) +CVE-2005-3074 NOT-FOR-US: RSyslog -CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...) +CVE-2005-3073 - interchange 5.2.1-1 (bug #329705) -CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...) +CVE-2005-3072 - interchange 5.2.1-1 (bug #329705; medium) -CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...) +CVE-2005-3071 NOT-FOR-US: Solaris -CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...) +CVE-2005-3070 - hylafax 1:4.2.2+rc1 (bug #329384; unimportant) NOTE: This was judged non-exploitable -CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...) +CVE-2005-3069 {DSA-865-1} - hylafax 1:4.2.2+rc1 (bug #329384; low) -CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...) +CVE-2005-3068 {DSA-869-1} - eric 3.7.2-1 (bug #330608; medium) -CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...) +CVE-2005-3067 NOT-FOR-US: PerlDiver -CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) +CVE-2005-3066 NOT-FOR-US: PerlDiver -CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to ...) +CVE-2005-3065 NOT-FOR-US: MultiTheftAuto -CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) +CVE-2005-3064 NOT-FOR-US: MultiTheftAuto -CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...) +CVE-2005-3063 NOT-FOR-US: MailGust -CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) +CVE-2005-3062 NOT-FOR-US: AlstraSoft E-Friends -CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...) +CVE-2005-3061 NOT-FOR-US: PowerArchiver CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth] - distcc 2.18.3-3 (bug #298929; low) [sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments) -CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...) +CVE-2005-3060 NOT-FOR-US: AIX -CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...) +CVE-2005-3059 NOT-FOR-US: Opera -CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...) +CVE-2005-3058 NOT-FOR-US: FortiGate -CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...) +CVE-2005-3057 NOT-FOR-US: FortiGate CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ] RESERVED - twiki 20040902-2 (bug #330733; high) -CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...) +CVE-2005-3055 {DSA-1017-1} - linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium) - kernel-source-2.4.27 <not-affected> -CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...) +CVE-2005-3054 - php4 4:4.4.0-3 (bug #353585; bug #354685; medium) - php5 5.0.5-2 (bug #353585; medium) [sarge] - php4 <no-dsa> (open_basedir violations not supported) -CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...) +CVE-2005-3053 {DSA-1017-1} - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium) -CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...) +CVE-2005-3052 NOT-FOR-US: jportal -CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for ...) +CVE-2005-3051 NOT-FOR-US: 7-Zip -CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...) +CVE-2005-3050 NOT-FOR-US: PhpMyFaq -CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...) +CVE-2005-3049 NOT-FOR-US: PhpMyFaq -CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...) +CVE-2005-3048 NOT-FOR-US: PhpMyFaq -CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...) +CVE-2005-3047 NOT-FOR-US: PhpMyFaq -CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...) +CVE-2005-3046 NOT-FOR-US: PhpMyFaq -CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...) +CVE-2005-3045 NOT-FOR-US: My Little Forum CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) @@ -4398,306 +4398,306 @@ CVE-2005-XXXX [kdebase uses urandom as an entropy source] - kdebase <unfixed> (bug #325369; unimportant) NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels NOTE: on Linux urandom should provide sufficient entropy -CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...) +CVE-2005-3753 - linux-2.6 2.6.12-7 (low) -CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) +CVE-2005-3043 NOT-FOR-US: Mall23 eCommerce -CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...) +CVE-2005-3042 - webmin 1.230-1 (high; bug #329741) [sarge] - webmin <not-affected> (Vulnerable code not present, see #329741) - usermin 1.160-1 (high; bug #329742) NOTE: SNS Advisory 83, http://marc.info:80/?m=112733083203821 -CVE-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) +CVE-2005-3041 NOT-FOR-US: Opera -CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) +CVE-2005-3040 NOT-FOR-US: TAC Vista -CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) +CVE-2005-3039 NOT-FOR-US: Mall23 eCommerce -CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) +CVE-2005-3038 NOT-FOR-US: Hosting Controller -CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) +CVE-2005-3037 NOT-FOR-US: Handy Address Book Server -CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...) +CVE-2005-3036 NOT-FOR-US: File Transfer Anywhere -CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) +CVE-2005-3035 NOT-FOR-US: Compuware DriverStudio -CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) +CVE-2005-3034 NOT-FOR-US: Compuware DriverStudio -CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) +CVE-2005-3033 NOT-FOR-US: vxWeb - WinCE software -CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) +CVE-2005-3032 NOT-FOR-US: vxTfpSrv - WinCE software -CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...) +CVE-2005-3031 NOT-FOR-US: vxTfpSrv - WinCE software -CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) +CVE-2005-3030 NOT-FOR-US: Ahnlab Anti virus -CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...) +CVE-2005-3029 NOT-FOR-US: Ahnlab Anti virus CVE-2005-3028 REJECTED -CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...) +CVE-2005-3027 NOT-FOR-US: Sybari Antigen anti spam solution -CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) +CVE-2005-3026 NOT-FOR-US: Epay Pro -CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...) +CVE-2005-3025 NOT-FOR-US: vBulletin -CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...) +CVE-2005-3024 NOT-FOR-US: vBulletin -CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...) +CVE-2005-3023 NOT-FOR-US: vBulletin -CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...) +CVE-2005-3022 NOT-FOR-US: vBulletin -CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...) +CVE-2005-3021 NOT-FOR-US: vBulletin -CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) +CVE-2005-3020 NOT-FOR-US: vBulletin -CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...) +CVE-2005-3019 NOT-FOR-US: vBulletin -CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...) +CVE-2005-3018 NOT-FOR-US: Safari -CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...) +CVE-2005-3017 NOT-FOR-US: Content2Web -CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...) +CVE-2005-3016 NOT-FOR-US: PHP-Nuke -CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...) +CVE-2005-3015 NOT-FOR-US: Lotus Domino -CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...) +CVE-2005-3014 NOT-FOR-US: Ensim webppliance -CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...) +CVE-2005-3013 NOT-FOR-US: YaST -CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) +CVE-2005-3012 NOT-FOR-US: SimpleCDR-X -CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier ...) +CVE-2005-3011 {DSA-1219} - texinfo 4.8-1 (bug #328365; low) [sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable) -CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...) +CVE-2005-3010 NOT-FOR-US: CuteNews -CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...) +CVE-2005-3009 NOT-FOR-US: CuteNews -CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) +CVE-2005-3008 NOT-FOR-US: Tofu -CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) +CVE-2005-3007 NOT-FOR-US: Opera -CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) +CVE-2005-3006 NOT-FOR-US: Opera -CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...) +CVE-2005-3005 NOT-FOR-US: Helpdesk Software Hesk -CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...) +CVE-2005-3004 NOT-FOR-US: Interakt MX Shop -CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...) +CVE-2005-3003 NOT-FOR-US: NooTopList -CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...) +CVE-2005-3002 NOT-FOR-US: Multi-Computer Control System -CVE-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...) +CVE-2005-3001 NOT-FOR-US: Solaris -CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) +CVE-2005-3000 NOT-FOR-US: PHP Advanced Transfer Manager -CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...) +CVE-2005-2999 NOT-FOR-US: PHP Advanced Transfer Manager -CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...) +CVE-2005-2998 NOT-FOR-US: PHP Advanced Transfer Manager -CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) +CVE-2005-2997 NOT-FOR-US: PHP Advanced Transfer Manager -CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...) +CVE-2005-2996 NOT-FOR-US: VERITAS storage solutions -CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...) +CVE-2005-2995 - bacula 1.38.9-1 (bug #329271; low) NOTE: Sarge affected, didn't exist in Woody -CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...) +CVE-2005-2994 NOT-FOR-US: IBM Rational ClearQuest -CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...) +CVE-2005-2993 NOT-FOR-US: HP Tru64 -CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) +CVE-2005-2991 - ncompress <not-affected> (bug #329052; unimportant) NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts -CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) +CVE-2005-2992 {DSA-843-1} - arc 5.21m-1 (low) -CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...) +CVE-2005-2990 NOT-FOR-US: LineControl Java Client -CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...) +CVE-2005-2989 NOT-FOR-US: DeluxeBB -CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...) +CVE-2005-2988 NOT-FOR-US: HP printers -CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...) +CVE-2005-2987 NOT-FOR-US: Digital Scribe -CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...) +CVE-2005-2986 NOT-FOR-US: AhnLab antivirus and related products -CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...) +CVE-2005-2985 NOT-FOR-US: aeDating script -CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...) +CVE-2005-2984 NOT-FOR-US: Avocent hardware issue -CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...) +CVE-2005-2983 NOT-FOR-US: Oracle -CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...) +CVE-2005-2982 NOT-FOR-US: CompaqHTTPServer -CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...) +CVE-2005-2981 NOT-FOR-US: Orion -CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2005-2980 NOT-FOR-US: phpoutsourcing Noah's classifieds -CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...) +CVE-2005-2979 NOT-FOR-US: phpoutsourcing Noah's classifieds -CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...) +CVE-2005-2978 {DSA-878-1} - netpbm-free 2:10.0-10 -CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...) +CVE-2005-2977 - pam 0.99.7.1-2 (bug #336344; low) [etch] - pam 0.79-5 [sarge] - pam <not-affected> (Does not contain SELinux support) [woody] - pam <not-affected> (Does not contain SELinux support) -CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...) +CVE-2005-2976 {DSA-913-1 DSA-911-1} - gdk-pixbuf 0.22.0-11 (bug #339431; medium) - gtk+2.0 2.6.10-2 -CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...) +CVE-2005-2975 {DSA-913-1 DSA-911-1} - gdk-pixbuf 0.22.0-11 (bug #339431; low) - gtk+2.0 2.6.10-2 (bug #339431; low) -CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...) +CVE-2005-2974 {DSA-890-1} - libungif4 4.1.3-4 (bug #337972; unimportant) - giflib 4.1.4-1 (bug #395382; unimportant) NOTE: Just a bug, hardly security implications -CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...) +CVE-2005-2973 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low) -CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...) +CVE-2005-2972 {DSA-894-1} - abiword 2.4.1-1 (bug #333740; medium) -CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...) +CVE-2005-2971 {DSA-872-1} - koffice 1:1.3.5-5 (bug #333497; medium) -CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...) +CVE-2005-2970 - apache2 2.0.55-1 (bug #340337; low) [sarge] - apache2 2.0.54-5sarge2 NOTE: this occurs in the binary package apache2-mpm-worker -CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) +CVE-2005-2969 {DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1} - openssl 0.9.8-3 (bug #333500; low) - openssl097 0.9.7g-5 (bug #333500; low) - openssl094 <removed> - openssl095 <removed> - openssl096 <removed> -CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) +CVE-2005-2968 {DSA-868-1} - mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script) - mozilla <not-affected> (Debian ships a non-vulnerable wrapper script) - mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high) -CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...) +CVE-2005-2967 {DSA-863-1} - xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium) CVE-2005-2965 REJECTED -CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...) +CVE-2005-2964 {DSA-894-1} - abiword 2.2.10-1 (bug #329839; medium) -CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...) +CVE-2005-2963 {DSA-844-1} - mod-auth-shadow 1.4-2 (bug #323789; medium) -CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...) +CVE-2005-2962 {DSA-830-1} - ntlmaps 0.9.9-4 -CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...) +CVE-2005-2961 {DSA-834-1} NOTE: prozilla is not in sarge or etch -CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...) +CVE-2005-2960 {DSA-836-1 DSA-835-1} - cfengine <removed> (bug #332433; low) - cfengine2 2.1.17-1 (bug #332432; low) NOTE: maintainer does not think it's a hole, script is unused/broken -CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...) +CVE-2005-2959 {DSA-870-1} - sudo 1.6.8p9-3 (medium) -CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...) +CVE-2005-2958 {DSA-871-1} - libgda2 1.2.2-1 (medium) -CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...) +CVE-2005-2957 NOT-FOR-US: AVIRA Desktop -CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat ...) +CVE-2005-2956 NOT-FOR-US: ATutor -CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...) +CVE-2005-2955 NOT-FOR-US: ATutor -CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...) +CVE-2005-2954 NOT-FOR-US: ATutor -CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...) +CVE-2005-2953 NOT-FOR-US: MIVA Merchant -CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...) +CVE-2005-2952 NOT-FOR-US: Subscribe Me Pro -CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...) +CVE-2005-2951 NOT-FOR-US: AzDGDating lite -CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...) +CVE-2005-2950 NOT-FOR-US: Sawmill -CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...) +CVE-2005-2949 NOT-FOR-US: pam_per_user (not in Debian) -CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...) +CVE-2005-2948 NOT-FOR-US: KillProcess -CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...) +CVE-2005-2947 NOT-FOR-US: KillProcess -CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...) +CVE-2005-2946 - openssl 0.9.8-1 (bug #314465; unimportant) NOTE: MD5 is still good enough for most applications, second preimage attacks NOTE: haven't been presented yet -CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...) +CVE-2005-2944 NOT-FOR-US: GNOME Workstation Command Center -CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...) +CVE-2005-2943 {DSA-902-1} - xmail 1.22-1 (bug #333863; medium) CVE-2005-2942 REJECTED CVE-2005-2941 RESERVED -CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware ...) +CVE-2005-2940 NOT-FOR-US: Microsoft Antispyware -CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...) +CVE-2005-2939 NOT-FOR-US: VMWare -CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in ...) +CVE-2005-2938 NOT-FOR-US: iTunes CVE-2005-2937 REJECTED -CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer ...) +CVE-2005-2936 NOT-FOR-US: Real Player -CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware ...) +CVE-2005-2935 NOT-FOR-US: Microsoft AntiSpyware -CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 ...) +CVE-2005-2934 NOT-FOR-US: SCO -CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...) +CVE-2005-2933 {DSA-861-1} - uw-imap 7:2002edebian1-12 (medium; bug #332215) - pine 4.64-1 (medium; bug #348407) - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) [sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries) -CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...) +CVE-2005-2932 NOT-FOR-US: Check Point Zone Labs ZoneAlarm -CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...) +CVE-2005-2931 NOT-FOR-US: Ipswitch Collaboration Suite -CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...) +CVE-2005-2929 - lynx <not-affected> (Debian's default config is not vulnerable) CVE-2005-2928 RESERVED -CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, ...) +CVE-2005-2927 NOT-FOR-US: SCO Unixware -CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO ...) +CVE-2005-2926 NOT-FOR-US: SCO Unixware -CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...) +CVE-2005-2925 NOT-FOR-US: IRIX CVE-2005-2924 RESERVED -CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...) +CVE-2005-2923 NOT-FOR-US: Ipswitch Collaboration Suite -CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...) +CVE-2005-2922 - helix-player 1.0.7-1 (bug #358754; medium) CVE-2005-2921 RESERVED -CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...) +CVE-2005-2916 NOT-FOR-US: Linksys routers -CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) +CVE-2005-2915 NOT-FOR-US: Linksys routers -CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...) +CVE-2005-2914 NOT-FOR-US: Linksys routers CVE-2005-2913 REJECTED -CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...) +CVE-2005-2912 NOT-FOR-US: Linksys routers CVE-2005-2911 RESERVED @@ -4713,62 +4713,62 @@ CVE-2005-2906 RESERVED CVE-2005-2905 RESERVED -CVE-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...) +CVE-2005-2904 NOT-FOR-US: Zebedee -CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...) +CVE-2005-2903 NOT-FOR-US: NOD32 Anti virus -CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...) +CVE-2005-2902 NOT-FOR-US: class-1 Forum -CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...) +CVE-2005-2901 NOT-FOR-US: CjWeb2Mail -CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...) +CVE-2005-2900 NOT-FOR-US: CjLinkOut -CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...) +CVE-2005-2899 NOT-FOR-US: CjTagBoard -CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...) +CVE-2005-2898 NOT-FOR-US: Filezilla -CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...) +CVE-2005-2897 NOT-FOR-US: WEB//NEWS -CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...) +CVE-2005-2896 NOT-FOR-US: WEB//NEWS -CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...) +CVE-2005-2895 NOT-FOR-US: PBLang -CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...) +CVE-2005-2894 NOT-FOR-US: PBLang -CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...) +CVE-2005-2893 NOT-FOR-US: PBLang -CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...) +CVE-2005-2892 NOT-FOR-US: PBLang -CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...) +CVE-2005-2891 NOT-FOR-US: WebArchiveX -CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...) +CVE-2005-2890 NOT-FOR-US: SecureOL -CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...) +CVE-2005-2889 NOT-FOR-US: Check Point -CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) +CVE-2005-2888 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...) +CVE-2005-2887 NOT-FOR-US: MAXDev MD-Pro -CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) +CVE-2005-2886 NOT-FOR-US: MAXDev MD-Pro -CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...) +CVE-2005-2885 NOT-FOR-US: MAXDev MD-Pro -CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...) +CVE-2005-2884 NOT-FOR-US: Land Down Under CVE-2005-2883 REJECTED -CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-2882 NOT-FOR-US: phpCommunityCalendar -CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...) +CVE-2005-2881 NOT-FOR-US: phpCommunityCalendar -CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...) +CVE-2005-2880 NOT-FOR-US: phpCommunityCalendar -CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...) +CVE-2005-2879 NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect -CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...) +CVE-2005-2945 {DSA-843-1} - arc 5.21m-1 (bug #329053; low) -CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...) +CVE-2005-2917 {DSA-828-1} - squid 2.5.10-7 NOTE: Patch was added to -6, but not listed in dpatch's list of patches @@ -4780,119 +4780,119 @@ CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file] CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap] - wine 0.0.20050830-1 (bug #327261; bug #327262; low) [sarge] - wine <no-dsa> (Minor issue) -CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...) +CVE-2005-2920 {DSA-824-1 DTSA-19-1} - clamav 0.87-1 (bug #328660; bug #329280; medium) -CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...) +CVE-2005-2919 {DSA-824-1 DTSA-19-1} - clamav 0.87-1 (bug #328660; medium) -CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...) +CVE-2005-2918 {DSA-822-1} - gtkdiskfree 1.9.3-4sarge1 (bug #328566; low) -CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...) +CVE-2005-3044 {DSA-1017-1} - linux-2.6 2.6.12-7 (medium) - kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge) -CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...) +CVE-2005-2877 NOTE: proactively fixed by the robustness patch - twiki 20040902-2 -CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...) +CVE-2005-2876 {DSA-825-1 DSA-823-1} - util-linux 2.12p-8 (bug #328141; bug #329063; medium) - loop-aes-utils 2.12p-9 (bug #328626; medium) -CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...) +CVE-2005-2875 {DSA-856-1} - py2play 0.1.8-1 (bug #326976; medium) -CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...) +CVE-2005-2874 - cups 1.1.23-1 - cupsys 1.1.23-1 -CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...) +CVE-2005-2871 {DSA-868-1 DSA-866-1 DSA-837-1} - mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium) - mozilla 2:1.7.12-1 (bug #327455; medium) - mozilla-thunderbird 1.0.7-1 NOTE: epiphany-browser is apparently fixed fix the mozilla NOTE: upload; see bug #327366 -CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in ...) +CVE-2005-2930 {DSA-886-1} - chmlib 0.36-1 (bug #327431; medium) CVE-2005-2802 REJECTED -CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...) +CVE-2005-2878 {DSA-841-1 DTSA-20-1} - mailutils 1:0.6.90-3 (bug #327424; high) -CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...) +CVE-2005-2870 NOT-FOR-US: Solaris -CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2005-2869 {DSA-880-1} - phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium) -CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...) +CVE-2005-2868 NOT-FOR-US: ZipTorrent -CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...) +CVE-2005-2867 NOT-FOR-US: BlueWhaleCRM -CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...) +CVE-2005-2866 NOT-FOR-US: Mercora IMRadio -CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...) +CVE-2005-2865 NOT-FOR-US: aMember Pro -CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...) +CVE-2005-2864 NOT-FOR-US: URBAN -CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...) +CVE-2005-2863 NOT-FOR-US: OpenWebmail -CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...) +CVE-2005-2862 NOT-FOR-US: ADSL hardware -CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...) +CVE-2005-2861 NOT-FOR-US: N-Stealth -CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...) +CVE-2005-2860 - nikto 1.35-1.1 (bug #327339; medium) -CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...) +CVE-2005-2859 NOT-FOR-US: Savant Web Server -CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...) +CVE-2005-2858 NOT-FOR-US: Rediff BOL) -CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...) +CVE-2005-2857 NOT-FOR-US: Free SMTP Server -CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party ...) +CVE-2005-2856 NOT-FOR-US: ALZip -CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...) +CVE-2005-2855 NOT-FOR-US: Unclassified Newsboard -CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...) +CVE-2005-2854 NOT-FOR-US: thesitewizard.com chfeedback.pl -CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...) +CVE-2005-2853 NOT-FOR-US: GuppY -CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...) +CVE-2005-2852 NOT-FOR-US: Novell Netware -CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...) +CVE-2005-2851 {DTSA-25-1} - smb4k 0.6.4-1 (bug #337471; medium) NOTE: fix in 0.6.3-1 was incomplete according to maintainer -CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...) +CVE-2005-2850 NOT-FOR-US: SlimFTPD -CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...) +CVE-2005-2849 NOT-FOR-US: Barracuda antispam solution -CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...) +CVE-2005-2848 NOT-FOR-US: Barracuda antispam solution -CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...) +CVE-2005-2847 NOT-FOR-US: Barracuda antispam solution -CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...) +CVE-2005-2846 NOT-FOR-US: CMS Made Simple -CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...) +CVE-2005-2845 NOT-FOR-US: Ariba Spend Management System -CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...) +CVE-2005-2844 NOT-FOR-US: Indiatimes Messenger -CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...) +CVE-2005-2843 NOT-FOR-US: Hesk -CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...) +CVE-2005-2842 NOT-FOR-US: DameWare Mini -CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...) +CVE-2005-2841 NOT-FOR-US: IOS -CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...) +CVE-2005-2840 NOT-FOR-US: MAXdev -CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...) +CVE-2005-2839 NOT-FOR-US: MAXdev -CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...) +CVE-2005-2838 NOT-FOR-US: myBloggie -CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...) +CVE-2005-2837 NOT-FOR-US: WebGUI -CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...) +CVE-2005-2836 NOT-FOR-US: Phorum CVE-2005-2835 RESERVED @@ -4902,15 +4902,15 @@ CVE-2005-2833 RESERVED CVE-2005-2832 RESERVED -CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) +CVE-2005-2831 NOT-FOR-US: Microsoft Internet Explorer -CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...) +CVE-2005-2830 NOT-FOR-US: Microsoft Internet Explorer -CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...) +CVE-2005-2829 NOT-FOR-US: Microsoft Internet Explorer CVE-2005-2828 RESERVED -CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...) +CVE-2005-2827 NOT-FOR-US: Windows NT CVE-2005-2826 RESERVED @@ -4924,423 +4924,423 @@ CVE-2005-2822 RESERVED CVE-2005-2821 RESERVED -CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) +CVE-2005-2820 {DSA-820-1} - courier 0.47-9 (bug #327181; medium) -CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges ...) +CVE-2005-2819 NOT-FOR-US: DownFile -CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...) +CVE-2005-2818 NOT-FOR-US: DownFile -CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...) +CVE-2005-2817 NOT-FOR-US: Simple Machines Forum -CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...) +CVE-2005-2816 NOT-FOR-US: Greymatter -CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...) +CVE-2005-2815 NOT-FOR-US: FlatNuke -CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...) +CVE-2005-2814 NOT-FOR-US: FlatNuke -CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...) +CVE-2005-2813 NOT-FOR-US: FlatNuke -CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...) +CVE-2005-2812 NOT-FOR-US: man2web -CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...) +CVE-2005-2811 - net-snmp <not-affected> (Gentoo Portage specific configuration flaw) -CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...) +CVE-2005-2810 NOT-FOR-US: urban game -CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...) +CVE-2005-2809 NOT-FOR-US: silc daemon -CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...) +CVE-2005-2808 - frox 0.7.18-1 (medium) -CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...) +CVE-2005-2807 - frox <not-affected> (does not run setuid root in the Debian package) -CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...) +CVE-2005-2806 NOT-FOR-US: BNBT EasyTracker -CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...) +CVE-2005-2805 NOT-FOR-US: e107 -CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...) +CVE-2005-2804 NOT-FOR-US: GroupWise -CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...) +CVE-2005-2803 [sarge] - hiki <not-affected> (code not present in sarge) - hiki 0.8.3-1 -CVE-2005-2800 (Memory leak in the seq_file implementation in the SCSI procfs ...) +CVE-2005-2800 {DSA-1017-1} - linux-2.6 2.6.12-6 (low) - kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6) -CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...) +CVE-2005-2799 NOT-FOR-US: Linksys routers -CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) +CVE-2005-2798 - openssh 1:4.2p1-1 (bug #326065; unimportant) NOTE: Not enabled in the binary build, see #326065 - openssh-krb5 <removed> (bug #327233; medium) [sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233) -CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) +CVE-2005-2797 - openssh 1:4.2p1-1 (bug #326065; unimportant) NOTE: GSSAPI features not activated in binary builds -CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...) +CVE-2005-2796 {DSA-809-1} - squid 2.5.10-5 (medium) CVE-2005-2795 RESERVED -CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...) +CVE-2005-2794 {DSA-809-3 DSA-809-1} - squid 2.5.10-5 (medium) -CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...) +CVE-2005-2793 [sarge] - phpldapadmin <not-affected> (code not present in sarge) - phpldapadmin 0.9.6c-7 (bug #325785; medium) - egroupware <not-affected> (copy included is older and not vulnerable; bug #339583) -CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...) +CVE-2005-2792 [sarge] - phpldapadmin <not-affected> (code not present in sarge) - phpldapadmin 0.9.6c-7 (bug #325785; medium) - egroupware <not-affected> (copy included is older and not vulnerable; bug #339583) -CVE-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) +CVE-2005-2791 NOT-FOR-US: BFCC -CVE-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) +CVE-2005-2790 NOT-FOR-US: BFCC -CVE-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) +CVE-2005-2789 NOT-FOR-US: BFCC -CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...) +CVE-2005-2788 NOT-FOR-US: Land Down Under -CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...) +CVE-2005-2787 NOT-FOR-US: Simple PHP Blog -CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...) +CVE-2005-2786 NOT-FOR-US: cosmoshop -CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...) +CVE-2005-2785 NOT-FOR-US: cosmoshop -CVE-2005-2784 (SQL injection vulnerability in the login function for the ...) +CVE-2005-2784 NOT-FOR-US: cosmoshop -CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...) +CVE-2005-2783 NOT-FOR-US: PHP-Fusion -CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...) +CVE-2005-2782 NOT-FOR-US: AutoLinks Pro -CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) +CVE-2005-2781 {DSA-1063-1} - phpgroupware 0.9.16.009-1 (bug #340094; medium) - egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium) [woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16) NOTE: Sarge affected, woody isn't -CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) +CVE-2005-2780 NOT-FOR-US: Land Down Under -CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...) +CVE-2005-2779 NOT-FOR-US: iTAN -CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) +CVE-2005-2778 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...) +CVE-2005-2777 NOT-FOR-US: Looking Glass -CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...) +CVE-2005-2776 NOT-FOR-US: Looking Glass -CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...) +CVE-2005-2775 NOT-FOR-US: Looking Glass -CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...) +CVE-2005-2774 NOT-FOR-US: Litium Quake mod -CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...) +CVE-2005-2773 NOT-FOR-US: HP OpenView -CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...) +CVE-2005-2772 {DSA-832-1} - gopher 3.0.11 (bug #327722; high) -CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) +CVE-2005-2771 NOT-FOR-US: Reflection for Secure IT -CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...) +CVE-2005-2770 NOT-FOR-US: Reflection for Secure IT -CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...) +CVE-2005-2769 {DSA-820-1} - courier 0.47-9 (bug #327727; medium) -CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...) +CVE-2005-2768 NOT-FOR-US: Sophos AntiVirus -CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...) +CVE-2005-2767 NOT-FOR-US: LeapFTP CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6] - linux-2.6 2.6.12-6 (low) -CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...) +CVE-2005-2766 NOT-FOR-US: Symantec AntiVirus -CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...) +CVE-2005-2765 NOT-FOR-US: Microsoft Windows -CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...) +CVE-2005-2764 NOT-FOR-US: OpenTTD -CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...) +CVE-2005-2763 NOT-FOR-US: OpenTTD -CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...) +CVE-2005-2762 NOT-FOR-US: VPNRemote CVE-2005-2760 RESERVED -CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...) +CVE-2005-2759 NOT-FOR-US: Symantec Antivirus -CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...) +CVE-2005-2758 NOT-FOR-US: Symantec Antivirus -CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...) +CVE-2005-2757 NOT-FOR-US: Mac OS X -CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to ...) +CVE-2005-2756 NOT-FOR-US: Apple QuickTime -CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...) +CVE-2005-2755 NOT-FOR-US: Apple QuickTime -CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...) +CVE-2005-2754 NOT-FOR-US: Apple QuickTime -CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...) +CVE-2005-2753 NOT-FOR-US: Apple QuickTime -CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...) +CVE-2005-2752 NOT-FOR-US: Mac OS X -CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...) +CVE-2005-2751 NOT-FOR-US: Mac OS X -CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...) +CVE-2005-2750 NOT-FOR-US: Mac OS X -CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X ...) +CVE-2005-2749 NOT-FOR-US: Mac OS X -CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...) +CVE-2005-2748 NOT-FOR-US: Mac OS X -CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...) +CVE-2005-2747 NOT-FOR-US: Mac OS X -CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...) +CVE-2005-2746 NOT-FOR-US: Mac OS X -CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...) +CVE-2005-2745 NOT-FOR-US: Mac OS X -CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...) +CVE-2005-2744 NOT-FOR-US: Mac OS X -CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X ...) +CVE-2005-2743 NOT-FOR-US: Mac OS X -CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, ...) +CVE-2005-2742 NOT-FOR-US: Mac OS X -CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...) +CVE-2005-2741 NOT-FOR-US: Mac OS X CVE-2005-2740 REJECTED -CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...) +CVE-2005-2739 NOT-FOR-US: Mac OS X -CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...) +CVE-2005-2738 NOT-FOR-US: Java / Apple -CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...) +CVE-2005-2737 NOT-FOR-US: PhotoPost -CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...) +CVE-2005-2736 NOT-FOR-US: YaPig -CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...) +CVE-2005-2735 NOT-FOR-US: phpGraphy -CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...) +CVE-2005-2734 {DSA-1148-1} - gallery 1.5-2 (bug #325285; medium) -CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...) +CVE-2005-2733 NOT-FOR-US: Simple PHP Blog -CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...) +CVE-2005-2732 NOTE: path disclosure, so not very important on debian systems NOTE: unreproducible according to bug #327729 -CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...) +CVE-2005-2731 NOT-FOR-US: Astato specific -CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...) +CVE-2005-2730 NOT-FOR-US: Astato specific -CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...) +CVE-2005-2729 NOT-FOR-US: Astato specific -CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...) +CVE-2005-2728 {DSA-805-1} NOTE: The CVE description is wrong, this has been merged for 2.0.55 - apache2 2.0.54-5 (bug #326435; medium) -CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...) +CVE-2005-2727 NOT-FOR-US: Home Ftp Server -CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...) +CVE-2005-2726 NOT-FOR-US: Home Ftp Server -CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...) +CVE-2005-2725 NOT-FOR-US: QNX -CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...) +CVE-2005-2723 NOT-FOR-US: PaFileDB -CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...) +CVE-2005-2722 NOT-FOR-US: Foojan PHP Weblog -CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) +CVE-2005-2721 NOT-FOR-US: Foojan PHP Weblog -CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...) +CVE-2005-2720 NOT-FOR-US: HAURI Antivirus -CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...) +CVE-2005-2719 NOT-FOR-US: Ventrilo -CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...) +CVE-2005-2718 NOT-FOR-US: MPlayer -CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...) +CVE-2005-2717 {DSA-799-1} - webcalendar 0.9.45-7 (bug #326223; medium) -CVE-2005-2715 (Format string vulnerability in the Java user interface service ...) +CVE-2005-2715 NOT-FOR-US: VERITAS NetBackup Data and Business Center -CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...) +CVE-2005-2714 NOT-FOR-US: Apple -CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...) +CVE-2005-2713 NOT-FOR-US: Apple -CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...) +CVE-2005-2712 NOT-FOR-US: IBM -CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...) +CVE-2005-2711 NOT-FOR-US: ISS -CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...) +CVE-2005-2710 {DSA-826-1} NOTE: see http://www.open-security.org/advisories/13 - helix-player 1.0.6-1 (bug #330364; high) -CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...) +CVE-2005-2709 {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-3 -CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...) +CVE-2005-2708 - kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported) -CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) +CVE-2005-2707 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (medium) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...) +CVE-2005-2706 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; high) - mozilla 2:1.7.12-1 (high) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...) +CVE-2005-2705 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; high) - mozilla 2:1.7.12-1 (high) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) +CVE-2005-2704 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (medium) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) +CVE-2005-2703 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (medium) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...) +CVE-2005-2702 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; high) - mozilla 2:1.7.12-1 (high) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...) +CVE-2005-2701 {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (bug #329778; medium) - mozilla-thunderbird 1.0.7-1 -CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...) +CVE-2005-2700 {DSA-807-1 DSA-805-1} - libapache-mod-ssl 2.8.24-1 (medium) - apache2 2.0.54-5 (bug #327210; medium) -CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit ...) +CVE-2005-2699 NOT-FOR-US: PHPKit -CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...) +CVE-2005-2698 NOT-FOR-US: Nephp Publisher Enterprise -CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...) +CVE-2005-2697 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...) +CVE-2005-2696 NOT-FOR-US: Notes -CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...) +CVE-2005-2695 NOT-FOR-US: Cisco -CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...) +CVE-2005-2694 NOT-FOR-US: WinAce -CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) +CVE-2005-2724 {DSA-793-1} - courier 0.47-8 (medium; bug #325631) -CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...) +CVE-2005-2801 {DSA-922-1 DSA-921-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) -CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) +CVE-2005-2873 [sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues) [sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues) - kernel-source-2.6.8 <unfixed> (bug #332231; low) - linux-2.6 2.6.18-1 (bug #332381; low) NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite NOTE: of ipt_recent the best solution, which seems to occur soon -CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...) +CVE-2005-2872 {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (bug #322237; medium) - linux-2.6 2.6.12-1 -CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...) +CVE-2005-2761 {DSA-798-1} - phpgroupware 0.9.16.008-1 -CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...) +CVE-2005-2716 {DSA-796-1} - affix 2.1.2-3 (bug #325444; medium) CVE-2005-XXXX [Insecure tempfile usage in tleds] - tleds 1.05beta10-9 (bug #276789; low) -CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...) +CVE-2005-2693 {DSA-806-1 DSA-802-1} NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4. NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15. - cvs 1:1.11.5-4 (bug #325106; low) - gcvs 1.0final-8 (bug #324969; low) -CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...) +CVE-2005-2692 NOT-FOR-US: RunCMS -CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...) +CVE-2005-2691 NOT-FOR-US: RunCMS -CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...) +CVE-2005-2690 NOT-FOR-US: PostNuke -CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...) +CVE-2005-2689 NOT-FOR-US: PostNuke -CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...) +CVE-2005-2688 NOT-FOR-US: SaveWebPortal -CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...) +CVE-2005-2687 NOT-FOR-US: SaveWebPortal -CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...) +CVE-2005-2686 NOT-FOR-US: SaveWebPortal -CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...) +CVE-2005-2685 NOT-FOR-US: SaveWebPortal CVE-2005-XXXX [Insecure temp files in firehol] - firehol 1.231-4 (unimportant) NOTE: Only exploitable inside modified binary installation -CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...) +CVE-2005-2684 NOT-FOR-US: Virtual Edge Netquery -CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...) +CVE-2005-2683 NOT-FOR-US: PHPKit -CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...) +CVE-2005-2682 NOT-FOR-US: DTLink AreaEdit -CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...) +CVE-2005-2681 NOT-FOR-US: Cisco -CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...) +CVE-2005-2680 NOT-FOR-US: BEA WebLogic Portal -CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...) +CVE-2005-2679 NOT-FOR-US: Sysinternals Process Explorer -CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...) +CVE-2005-2678 NOT-FOR-US: MSIE -CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...) +CVE-2005-2677 NOT-FOR-US: ACNews -CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...) +CVE-2005-2676 NOT-FOR-US: Coppermine -CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...) +CVE-2005-2675 NOT-FOR-US: Land Down Under -CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...) +CVE-2005-2674 NOT-FOR-US: Land Down Under -CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...) +CVE-2005-2673 NOT-FOR-US: Burning Board CVE-2005-2671 REJECTED -CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...) +CVE-2005-2670 NOT-FOR-US: HAURI -CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...) +CVE-2005-2669 NOT-FOR-US: Computer Associates -CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...) +CVE-2005-2668 NOT-FOR-US: Computer Associates -CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...) +CVE-2005-2667 NOT-FOR-US: Computer Associates -CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...) +CVE-2005-2666 - openssh 1:4.0p1-1 (unimportant) NOTE: Lack of a security feature, not a vulnerability -CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...) +CVE-2005-2665 NOT-FOR-US: elm-me+ is no longer in unstable or testing -CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...) +CVE-2005-2664 NOT-FOR-US: Whisper -CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...) +CVE-2005-2663 {DSA-848-1} - masqmail 0.2.21-1 (low; bug #329307) -CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...) +CVE-2005-2662 {DSA-848-1} - masqmail 0.2.21-1 (high; bug #329307) -CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...) +CVE-2005-2661 {DSA-852-1} - up-imapproxy 1.2.4-2 (high) -CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...) +CVE-2005-2660 {DSA-839-1} - apachetop 0.12.5-3 -CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...) +CVE-2005-2659 {DSA-886-1} - chmlib 0.37-2 (medium) -CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...) +CVE-2005-2658 {DSA-812-1} - turqstat 2.2.4-1 (medium) -CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...) +CVE-2005-2657 {DSA-811-2} - common-lisp-controller 4.18 (bug #328633; medium) -CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...) +CVE-2005-2656 {DSA-794-1} NOTE: Fix in -8 had problems - polygen 1.0.6-9 (bug #325468; low) -CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...) +CVE-2005-2655 {DSA-791-1 DTSA-11-1} - maildrop 2.0.2-7 (bug #325135; medium) -CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...) +CVE-2005-2654 {DSA-790-1} - phpldapadmin 0.9.6c-5 (bug #322423; medium) - egroupware <not-affected> (copy included is older and not vulnerable; bug #339583) @@ -5348,348 +5348,348 @@ CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlin - cplay 1.49-8 (bug #324913; low) [woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version) [sarge] - cplay <no-dsa> (Hardly exploitable) -CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...) +CVE-2005-2672 {DSA-814-1 DTSA-17-1} - lm-sensors 1:2.9.1-7 (bug #324193; medium) -CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...) +CVE-2005-2653 NOT-FOR-US: BBCaffe -CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...) +CVE-2005-2652 NOT-FOR-US: Zorum -CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...) +CVE-2005-2651 NOT-FOR-US: Zorum -CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...) +CVE-2005-2650 NOT-FOR-US: Emefa Guestbook -CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...) +CVE-2005-2649 NOT-FOR-US: ATutor -CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...) +CVE-2005-2648 NOT-FOR-US: W-Agora -CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...) +CVE-2005-2647 NOT-FOR-US: Xerox MicroServer Web Server in Document Centre -CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) +CVE-2005-2646 NOT-FOR-US: Xerox MicroServer Web Server in Document Centre -CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...) +CVE-2005-2645 NOT-FOR-US: Xerox MicroServer Web Server in Document Centre -CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...) +CVE-2005-2644 NOT-FOR-US: JaguarControl -CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...) +CVE-2005-2643 - tor 0.1.0.14-1 (bug #323786; medium) -CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...) +CVE-2005-2642 - mutt <not-affected> (bug #323956; high) NOTE: Status is not clear; upstream is unresponsive. NOTE: this bug was closed as it was unreproducable in Debian -CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...) +CVE-2005-2641 {DSA-785-1} - libpam-ldap 178-1sarge1 (bug #324899) -CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...) +CVE-2005-2640 NOT-FOR-US: Juniper -CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...) +CVE-2005-2639 NOT-FOR-US: World Poker Championship -CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...) +CVE-2005-2638 NOT-FOR-US: PHPFreeNews -CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...) +CVE-2005-2637 NOT-FOR-US: PHPFreeNews -CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...) +CVE-2005-2636 NOT-FOR-US: phpAdsNew -CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...) +CVE-2005-2635 NOT-FOR-US: phpAdsNew -CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...) +CVE-2005-2634 NOT-FOR-US: WinFTP Server -CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...) +CVE-2005-2633 NOT-FOR-US: PHPTB Topic Board -CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...) +CVE-2005-2632 NOT-FOR-US: Mediabox 404 -CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...) +CVE-2005-2631 NOT-FOR-US: Cisco -CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...) +CVE-2005-2630 - helix-player <not-affected> (Only Windows version of Real are affected) -CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...) +CVE-2005-2629 {DSA-915-1} - helix-player 1.0.6-1 (bug #340270; medium) -CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...) +CVE-2005-2628 - flashplugin-nonfree 7.0.61-1.1 (bug #339290; high) [sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin) -CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...) +CVE-2005-2627 {DSA-788-1 DTSA-1-1} - kismet 2005.08.R1-1 (bug #323386; high) -CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...) +CVE-2005-2626 {DSA-788-1 DTSA-1-1} - kismet 2005.08.R1-1 (bug #323386; high) -CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...) +CVE-2005-2625 NOT-FOR-US: CPAINT ajax toolkit -CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...) +CVE-2005-2624 NOT-FOR-US: CPAINT ajax toolkit -CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...) +CVE-2005-2623 NOT-FOR-US: ECW Shop -CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...) +CVE-2005-2622 NOT-FOR-US: ECW Shop -CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...) +CVE-2005-2621 NOT-FOR-US: ECW Shop -CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...) +CVE-2005-2620 NOT-FOR-US: Novell GroupWise -CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...) +CVE-2005-2619 NOT-FOR-US: Autonomy -CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...) +CVE-2005-2618 NOT-FOR-US: Autonomy -CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...) +CVE-2005-2617 {DTSA-16-1} NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html - amd64 specific DOS - linux-2.6 2.6.12-6 -CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...) +CVE-2005-2616 NOT-FOR-US: ezUpload -CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...) +CVE-2005-2615 NOT-FOR-US: EQdkp -CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...) +CVE-2005-2614 NOT-FOR-US: Discuz -CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...) +CVE-2005-2613 NOT-FOR-US: CPAINT Ajax -CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...) +CVE-2005-2612 - wordpress 1.5.2-1 (bug #323040; high) -CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...) +CVE-2005-2611 NOT-FOR-US: VERITAS Backup Exec for Windows Servers -CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...) +CVE-2005-2610 NOT-FOR-US: VegaDNS -CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...) +CVE-2005-2609 NOT-FOR-US: VegaDNS -CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...) +CVE-2005-2608 NOT-FOR-US: SafeHTML -CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...) +CVE-2005-2607 NOT-FOR-US: PHPSimplicity -CVE-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...) +CVE-2005-2606 NOT-FOR-US: PHlyMail -CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...) +CVE-2005-2605 NOT-FOR-US: Lasso Professional Server -CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...) +CVE-2005-2604 NOT-FOR-US: My Image Gallery (Mig) -CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...) +CVE-2005-2603 NOT-FOR-US: My Image Gallery (Mig) -CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...) +CVE-2005-2602 - mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only) -CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) +CVE-2005-2601 NOT-FOR-US: MidiCart -CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...) +CVE-2005-2600 {DSA-899-1 DSA-798-1} - egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium) - phpgroupware 0.9.16.008-1 (bug #323929; medium) -CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...) +CVE-2005-2599 NOT-FOR-US: Hummingbird FTP for Connectivity -CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and ...) +CVE-2005-2598 NOT-FOR-US: Dokeos -CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) +CVE-2005-2597 NOT-FOR-US: AOL Client -CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) +CVE-2005-2596 {DSA-879-1} - gallery 1.5-2 (medium) -CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...) +CVE-2005-2595 NOT-FOR-US: Dada Mail -CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...) +CVE-2005-2594 NOT-FOR-US: Apple Safari -CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...) +CVE-2005-2593 NOT-FOR-US: MindAlign -CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...) +CVE-2005-2592 NOT-FOR-US: MindAlign -CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...) +CVE-2005-2591 NOT-FOR-US: MindAlign -CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...) +CVE-2005-2590 NOT-FOR-US: MindAlign -CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...) +CVE-2005-2589 NOT-FOR-US: WRT54GS wireless router -CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...) +CVE-2005-2588 NOT-FOR-US: DVBBS -CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...) +CVE-2005-2587 NOT-FOR-US: PHPTB Topic Boards -CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...) +CVE-2005-2586 NOT-FOR-US: Mentor ADSL-FR4II router -CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...) +CVE-2005-2585 NOT-FOR-US: Mentor ADSL-FR4II router -CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...) +CVE-2005-2584 NOT-FOR-US: Mentor ADSL-FR4II router -CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...) +CVE-2005-2583 NOT-FOR-US: Mentor ADSL-FR4II router -CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...) +CVE-2005-2582 NOT-FOR-US: Kaspersky -CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...) +CVE-2005-2581 NOT-FOR-US: Grandstream BudgeTone -CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) +CVE-2005-2580 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...) +CVE-2005-2579 NOT-FOR-US: Contivity CVE-2005-2578 REJECTED -CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...) +CVE-2005-2577 NOT-FOR-US: Wyse Winterm -CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...) +CVE-2005-2576 NOT-FOR-US: CaLogic -CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...) +CVE-2005-2575 NOT-FOR-US: XMB Forum -CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...) +CVE-2005-2574 NOT-FOR-US: XMB Forum -CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...) +CVE-2005-2573 - mysql <not-affected> (Windows specific mysql holes) - mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes) - mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes) -CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...) +CVE-2005-2572 - mysql <not-affected> (Windows specific mysql holes) - mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes) - mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes) -CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...) +CVE-2005-2571 NOT-FOR-US: FunkBoard -CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...) +CVE-2005-2570 NOT-FOR-US: FunkBoard -CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...) +CVE-2005-2569 NOT-FOR-US: FunkBoard -CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...) +CVE-2005-2568 NOT-FOR-US: SysCP -CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...) +CVE-2005-2567 NOT-FOR-US: SysCP -CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) +CVE-2005-2566 NOT-FOR-US: OpenBB -CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...) +CVE-2005-2565 NOT-FOR-US: Gravity Board X (GBX) -CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...) +CVE-2005-2564 NOT-FOR-US: Gravity Board X (GBX) -CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...) +CVE-2005-2563 NOT-FOR-US: Gravity Board X (GBX) -CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...) +CVE-2005-2562 NOT-FOR-US: Gravity Board X (GBX) -CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...) +CVE-2005-2561 NOT-FOR-US: MYFAQ -CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...) +CVE-2005-2560 NOT-FOR-US: CFBB -CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...) +CVE-2005-2559 NOT-FOR-US: e107 portal -CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...) +CVE-2005-2558 {DSA-833-2 DSA-831-1 DSA-829-1} - mysql-dfsg-4.1 4.1.13 (medium) - mysql-dfsg-5.0 5.0.7beta-1 (medium) - mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium) -CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...) +CVE-2005-2557 {DSA-778-1} - mantis 0.19.2-4 (low) -CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...) +CVE-2005-2556 {DSA-778-1} - mantis 0.19.2-4 (medium) -CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...) +CVE-2005-2555 {DSA-1018-1 DSA-1017-1 DTSA-16-1} - linux-2.6 2.6.12-6 (medium) CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs] - clamav 0.86.2-1 (low) [sarge] - clamav 0.84-2.sarge.2 -CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) +CVE-2005-2554 NOT-FOR-US: Network Associated ePolicy Orchestrator Agent -CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...) +CVE-2005-2553 {DSA-921-1} - kernel-source-2.4.27 2.4.27-12 (bug #323363; medium) -CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) +CVE-2005-2552 NOT-FOR-US: Integrated Light Out in HP servers -CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...) +CVE-2005-2551 NOT-FOR-US: Novell eDirectory -CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...) +CVE-2005-2547 {DSA-782-1 DTSA-9-1} - bluez-utils 2.19-1 (bug #323365; medium) -CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...) +CVE-2005-2546 NOT-FOR-US: Arab Portal -CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...) +CVE-2005-2545 NOT-FOR-US: PHPOpenChat -CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...) +CVE-2005-2544 NOT-FOR-US: Comdev eCommerce -CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...) +CVE-2005-2543 NOT-FOR-US: Comdev eCommerce -CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...) +CVE-2005-2542 NOT-FOR-US: Invision Power Board -CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...) +CVE-2005-2541 NOTE: This is intended behaviour, after all tar is an archiving tool and you NOTE: need to give -p as a command line flag - tar <unfixed> (bug #328228; unimportant) -CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...) +CVE-2005-2540 NOT-FOR-US: FlatNuke -CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...) +CVE-2005-2539 NOT-FOR-US: FlatNuke -CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) +CVE-2005-2538 NOT-FOR-US: FlatNuke -CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...) +CVE-2005-2537 NOT-FOR-US: FlatNuke -CVE-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...) +CVE-2005-2536 {DSA-792-1} - pstotext 1.9-2 (bug #319758; medium) -CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...) +CVE-2005-2535 NOT-FOR-US: ARCserve Backup -CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...) +CVE-2005-2534 {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) -CVE-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging ...) +CVE-2005-2533 {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) -CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...) +CVE-2005-2532 {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) -CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS ...) +CVE-2005-2531 {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) -CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X ...) +CVE-2005-2530 NOT-FOR-US: Java / Apple -CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...) +CVE-2005-2529 NOT-FOR-US: Java / Apple CVE-2005-2528 REJECTED -CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...) +CVE-2005-2527 NOT-FOR-US: Java / Apple -CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...) +CVE-2005-2526 NOT-FOR-US: MacOS X -CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...) +CVE-2005-2525 NOT-FOR-US: MacOS X -CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to ...) +CVE-2005-2524 NOT-FOR-US: MacOS X -CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...) +CVE-2005-2523 NOT-FOR-US: Weblog Server in Mac OS X -CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...) +CVE-2005-2522 NOT-FOR-US: Mac OS X -CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...) +CVE-2005-2521 NOT-FOR-US: Mac OS X -CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...) +CVE-2005-2520 NOT-FOR-US: Mac OS X -CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...) +CVE-2005-2519 NOT-FOR-US: Mac OS X -CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...) +CVE-2005-2518 NOT-FOR-US: Mac OS X -CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...) +CVE-2005-2517 NOT-FOR-US: Mac OS X -CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...) +CVE-2005-2516 NOT-FOR-US: Mac OS X -CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...) +CVE-2005-2515 NOT-FOR-US: Mac OS X -CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...) +CVE-2005-2514 NOT-FOR-US: Mac OS X -CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...) +CVE-2005-2513 NOT-FOR-US: Mac OS X -CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...) +CVE-2005-2512 NOT-FOR-US: Mac OS X -CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...) +CVE-2005-2511 NOT-FOR-US: Mac OS X -CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...) +CVE-2005-2510 NOT-FOR-US: Mac OS X -CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...) +CVE-2005-2509 NOT-FOR-US: Mac OS X -CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...) +CVE-2005-2508 NOT-FOR-US: Mac OS X -CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...) +CVE-2005-2507 NOT-FOR-US: Mac OS X -CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...) +CVE-2005-2506 NOT-FOR-US: Mac OS X -CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...) +CVE-2005-2505 NOT-FOR-US: Mac OS X -CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...) +CVE-2005-2504 NOT-FOR-US: Mac OS X -CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...) +CVE-2005-2503 NOT-FOR-US: Mac OS X -CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...) +CVE-2005-2502 NOT-FOR-US: Mac OS X -CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...) +CVE-2005-2501 NOT-FOR-US: Mac OS X -CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...) +CVE-2005-2500 - linux-2.6 2.6.12-1 (medium) -CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...) +CVE-2005-2499 - slocate <not-affected> (Uses secure glibc code, see #324951) -CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...) +CVE-2005-2498 {DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1} - drupal 4.5.5-1 (bug #323347; high) - phpgroupware 0.9.16.008-1 (bug #323349; high) @@ -5700,22 +5700,22 @@ CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR - php5 5.0.5-1 (high) CVE-2005-2497 REJECTED -CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...) +CVE-2005-2496 {DSA-801-1} NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu?? - ntp 1:4.2.0a+stable-2sarge1 (medium) [etch] - ntp 1:4.2.0a+stable-2sarge1 (medium) -CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...) +CVE-2005-2495 {DSA-816-1} - xorg-x11 6.8.2.dfsg.1-7 (medium) -CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...) +CVE-2005-2494 {DSA-815-1} - kdebase 4:3.4.2-3 (bug #327039; medium) CVE-2005-2493 RESERVED -CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...) +CVE-2005-2492 - linux-2.6 2.6.12-7 (bug #327416; medium) -CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...) +CVE-2005-2491 {DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1} - pcre3 6.3-1 (bug #324531; medium) - gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant) @@ -5725,7 +5725,7 @@ CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ... - python2.1 2.1.3dfsg-3 (medium) - python2.2 2.2.3dfsg-4 (medium) - python2.3 2.3.5-8 (medium) -CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...) +CVE-2005-2490 {DSA-1017-1} - linux-2.6 2.6.12-7 (bug #327416; medium) CVE-2005-XXXX [Buffer overflow in Description parsing] @@ -5740,61 +5740,61 @@ CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning som [etch] - classpath <not-affected> (Doesn't build the gcjwebplugin binary package) CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] - dbmail 2.2.1-1 (bug #290833; medium) -CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...) +CVE-2005-2548 {DSA-922-1 DTSA-16-1} NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2 - kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low) NOTE: 2.6.12-1 contained a partially broken fix - linux-2.6 2.6.12-6 (bug #309308; low) -CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...) +CVE-2005-2489 NOT-FOR-US: Web Content Management News System -CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...) +CVE-2005-2488 NOT-FOR-US: Web Content Management News System -CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...) +CVE-2005-2487 NOT-FOR-US: Sun switches -CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...) +CVE-2005-2486 NOT-FOR-US: PortailPHP -CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...) +CVE-2005-2485 NOT-FOR-US: Logicampus -CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...) +CVE-2005-2484 NOT-FOR-US: Denora IRC stats -CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...) +CVE-2005-2483 NOT-FOR-US: Karrigell -CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...) +CVE-2005-2482 NOT-FOR-US: Metasploit Framework -CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...) +CVE-2005-2481 NOT-FOR-US: Fusebox -CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...) +CVE-2005-2480 NOT-FOR-US: Fusebox -CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...) +CVE-2005-2479 NOT-FOR-US: Quick 'n Easy FTP Server -CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...) +CVE-2005-2478 NOT-FOR-US: Silvernews -CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...) +CVE-2005-2477 NOT-FOR-US: Naxtor Shopping Cart -CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...) +CVE-2005-2476 NOT-FOR-US: Naxtor Shopping Cart -CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...) +CVE-2005-2475 {DSA-903-1} - unzip 5.52-4 (bug #321927; low) -CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...) +CVE-2005-2474 NOT-FOR-US: ChurchInfo -CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...) +CVE-2005-2473 NOT-FOR-US: ChurchInfo -CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...) +CVE-2005-2472 NOT-FOR-US: BusinessMail -CVE-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...) +CVE-2005-2471 {DSA-1021-1} - netpbm-free 2:10.0-9 (bug #319757; low) -CVE-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 ...) +CVE-2005-2470 NOT-FOR-US: Adobe -CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...) +CVE-2005-2469 NOT-FOR-US: Novell NetMail -CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...) +CVE-2005-2459 {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 2.6.12-3 (bug #323173) - kernel-source-2.4.27 2.4.27-12 (medium) -CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...) +CVE-2005-2458 {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 2.6.12-3 (bug #323173; medium) - kernel-source-2.4.27 2.4.27-12 (medium) @@ -5822,18 +5822,18 @@ CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files] - clamav-getfiles 0.5-1 (bug #321446; medium) [sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp) -CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...) +CVE-2005-3254 {DTSA-6-1} - cgiwrap 3.9-3.1 (bug #316881; low) [sarge] - cgiwrap <no-dsa> (Minor impact) -CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...) +CVE-2005-3255 {DTSA-6-1} - cgiwrap 3.9-3.1 (bug #316901; low) [sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs) -CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...) +CVE-2005-2550 {DSA-1016-1 DTSA-13-1} - evolution 2.2.3-3 (high; bug #322535) -CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...) +CVE-2005-2549 {DSA-1016-1 DTSA-13-1} - evolution 2.2.3-3 (high; bug #322535) CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] @@ -5846,31 +5846,31 @@ CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an - bugzilla 2.18.3-2 (bug #321567; low) CVE-2005-XXXX [Crypto weakness in Tor's handshaking process] - tor 0.1.0.14-1 (medium) -CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...) +CVE-2005-2457 {DSA-1018-1 DSA-1017-1 DTSA-16-1} - linux-2.6 2.6.12-3 (medium) -CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...) +CVE-2005-2456 {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 2.6.12-2 (bug #321401; medium) - kernel-source-2.4.27 2.4.27-11 (medium) -CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) +CVE-2005-2455 NOT-FOR-US: Greasemonkey -CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...) +CVE-2005-2454 NOT-FOR-US: IBM Lotus Notes -CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...) +CVE-2005-2453 NOT-FOR-US: NetworkActiv Web Server -CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...) +CVE-2005-2452 NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7 - tiff 3.7.0-1 - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...) +CVE-2005-2451 NOT-FOR-US: IOS -CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...) +CVE-2005-2450 {DSA-776-1 DTSA-3-1} - clamav 0.86.2-1 (medium) -CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...) +CVE-2005-2449 NOT-FOR-US: sandbox -CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...) +CVE-2005-2448 {DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1} - ekg 1:1.5+20050718+1.6rc3-1 (low) - centericq 4.20.0-9 (bug #323185; medium) @@ -5878,113 +5878,113 @@ CVE-2005-2447 REJECTED CVE-2005-2446 REJECTED -CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...) +CVE-2005-2445 NOT-FOR-US: Product Cart -CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...) +CVE-2005-2444 NOT-FOR-US: Cerulean Trillian -CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...) +CVE-2005-2443 NOT-FOR-US: KShout -CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...) +CVE-2005-2442 NOT-FOR-US: SPI Dynamics Web Inspect -CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...) +CVE-2005-2441 NOT-FOR-US: VBzoom -CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...) +CVE-2005-2440 NOT-FOR-US: Thomson Web Skill Vantage Manager -CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...) +CVE-2005-2439 NOT-FOR-US: UseBB -CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...) +CVE-2005-2438 NOT-FOR-US: UseBB -CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...) +CVE-2005-2436 NOT-FOR-US: Website Baker -CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...) +CVE-2005-2435 NOT-FOR-US: Website Baker -CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...) +CVE-2005-2434 NOT-FOR-US: Linksys hardware -CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...) +CVE-2005-2433 NOT-FOR-US: PhpList -CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) +CVE-2005-2432 NOT-FOR-US: PhpList -CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) +CVE-2005-2431 - gforge 4.5.14-2 (bug #328224; unimportant) NOTE: Direct flooding is possible as well in most circumstances. NOTE: (Upstream fix was in gforge 4.5.0.1.) -CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) +CVE-2005-2430 {DSA-1094-1} - gforge 4.5.14-9 (bug #328224; medium) -CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) +CVE-2005-2429 - mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms) -CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...) +CVE-2005-2428 NOT-FOR-US: Lotus Domino -CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) +CVE-2005-2427 NOT-FOR-US: CartWIZ -CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...) +CVE-2005-2426 NOT-FOR-US: FTPshell Server -CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...) +CVE-2005-2425 NOT-FOR-US: Ares FileShare -CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...) +CVE-2005-2424 NOT-FOR-US: Siemens hardware -CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...) +CVE-2005-2423 NOT-FOR-US: Beehive -CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...) +CVE-2005-2422 NOT-FOR-US: Beehive -CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...) +CVE-2005-2421 NOT-FOR-US: Beehive -CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...) +CVE-2005-2420 NOT-FOR-US: FtpLocate -CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...) +CVE-2005-2419 NOT-FOR-US: hardware issue CVE-2005-2418 REJECTED -CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...) +CVE-2005-2417 NOT-FOR-US: Contrexx -CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...) +CVE-2005-2416 NOT-FOR-US: Contrexx -CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) +CVE-2005-2415 NOT-FOR-US: Contrexx -CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) +CVE-2005-2414 - firefox 1.5.dfsg-1 (unimportant) - mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant) - mozilla 1.5.dfsg-1 (bug #327550; unimportant) - iceweasel <not-affected> NOTE: The turned out to be non-exploitable -CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) +CVE-2005-2413 NOT-FOR-US: Atomic Photo Album -CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...) +CVE-2005-2412 NOT-FOR-US: First Post -CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...) +CVE-2005-2411 {DSA-808-1} - tdiary 2.0.2-1 (bug #319315; medium) -CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...) +CVE-2005-2410 NOT-FOR-US: Network Manager -CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...) +CVE-2005-2409 NOT-FOR-US: nbsmtp CVE-2005-2408 REJECTED -CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...) +CVE-2005-2407 NOT-FOR-US: Opera -CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) +CVE-2005-2406 NOT-FOR-US: Opera -CVE-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...) +CVE-2005-2405 NOT-FOR-US: Opera -CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...) +CVE-2005-2404 NOT-FOR-US: Sendcard -CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...) +CVE-2005-2403 NOT-FOR-US: RealChat -CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...) +CVE-2005-2402 NOT-FOR-US: PHPSiteSearch -CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...) +CVE-2005-2401 NOT-FOR-US: PHP-Fusion -CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...) +CVE-2005-2400 NOT-FOR-US: PHPFinance -CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...) +CVE-2005-2399 NOT-FOR-US: PHP Surveyor -CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...) +CVE-2005-2398 NOT-FOR-US: PHP Surveyor -CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...) +CVE-2005-2397 NOT-FOR-US: phpBook -CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...) +CVE-2005-2396 - mediawiki 1.4.9 (bug #276057) -CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...) +CVE-2005-2395 - firefox <removed> (bug #320539; unimportant) - iceweasel <removed> (bug #320539; unimportant) - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant) @@ -5992,62 +5992,62 @@ CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge wit NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit NOTE: This also seems like a rare setup. -CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...) +CVE-2005-2394 NOT-FOR-US: CuteNews -CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) +CVE-2005-2393 NOT-FOR-US: CuteNews -CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...) +CVE-2005-2392 NOT-FOR-US: CMSimple -CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...) +CVE-2005-2391 NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP -CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...) +CVE-2005-2390 {DSA-795-2} - proftpd 1.2.10-20 (low) NOTE: ftpshut fixed in -19, SQLShowInfo in -20 -CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...) +CVE-2005-2389 NOT-FOR-US: Veritas NetBackup -CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...) +CVE-2005-2388 NOT-FOR-US: some windows USB driver -CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...) +CVE-2005-2387 NOT-FOR-US: GoodTech SMTP server -CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) +CVE-2005-2386 NOT-FOR-US: CartWIZ -CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...) +CVE-2005-2385 NOT-FOR-US: UNACEV2.DLL -CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...) +CVE-2005-2384 NOT-FOR-US: UNACEV2.DLL -CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...) +CVE-2005-2383 NOT-FOR-US: PHPNews -CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...) +CVE-2005-2382 NOT-FOR-US: Oray PeanutHull -CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...) +CVE-2005-2381 NOT-FOR-US: PHP Surveyor -CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...) +CVE-2005-2380 NOT-FOR-US: PHP Surveyor -CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...) +CVE-2005-2379 NOT-FOR-US: Oracle Reports -CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote ...) +CVE-2005-2378 NOT-FOR-US: Oracle Reports -CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...) +CVE-2005-2377 - libnss-ldap <not-affected> (Mandrake specfic vulnerability) -CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...) +CVE-2005-2376 NOT-FOR-US: Race Driver -CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...) +CVE-2005-2375 NOT-FOR-US: Race Driver -CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...) +CVE-2005-2374 NOT-FOR-US: Belkin 54g wireless routers -CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...) +CVE-2005-2373 NOT-FOR-US: SlimFTPd -CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...) +CVE-2005-2372 NOT-FOR-US: Oracle Forms -CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and ...) +CVE-2005-2371 NOT-FOR-US: Oracle Reports -CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...) +CVE-2005-2370 {DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1} - gaim 1:1.4.0-5 (low) - centericq 4.20.0-9 (bug #323185; low) - ekg 1:1.5+20050712+1.6rc2-1 (low) -CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...) +CVE-2005-2369 {DSA-813-1 DTSA-2-1} - centericq 4.20.0-9 (bug #323185; medium) - gaim 1:1.5.0-1 (bug #350071; medium) @@ -6056,193 +6056,193 @@ CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg bef - ekg 1:1.5+20050712+1.6rc2-1 (medium) [sarge] - ekg <not-affected> NOTE: The fixes from centericq for integer overflows are all present in ekg from stable -CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...) +CVE-2005-2368 {DTSA-12-1} - vim 1:6.3-085+1 (bug #320017; medium) [sarge] - vim 1:6.3-071+1sarge1 NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security -CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...) +CVE-2005-2367 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; bug #320192; medium) -CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...) +CVE-2005-2366 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) -CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...) +CVE-2005-2365 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) -CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...) +CVE-2005-2364 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) -CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...) +CVE-2005-2363 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) -CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...) +CVE-2005-2362 - ethereal 0.10.12-1 (bug #320183; low) NOTE: This affects partially Woody and Sarge -CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...) +CVE-2005-2361 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) -CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...) +CVE-2005-2360 {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) -CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...) +CVE-2005-2359 - kfreebsd-5 5.3-1 (medium) -CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...) +CVE-2005-2358 NOT-FOR-US: EMC Navisphere Manager -CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...) +CVE-2005-2357 NOT-FOR-US: EMC Navisphere Manager CVE-2005-2355 REJECTED CVE-2005-2347 RESERVED -CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) +CVE-2005-2346 NOT-FOR-US: Novell CVE-2005-2345 REJECTED -CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...) +CVE-2005-2344 NOT-FOR-US: Research in Motion -CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...) +CVE-2005-2343 NOT-FOR-US: Research in Motion -CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...) +CVE-2005-2342 NOT-FOR-US: Research in Motion -CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...) +CVE-2005-2341 NOT-FOR-US: Research in Motion -CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...) +CVE-2005-2340 NOT-FOR-US: Apple Quicktime -CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...) +CVE-2005-2339 NOT-FOR-US: unicode msearch -CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...) +CVE-2005-2338 NOT-FOR-US: Xoops -CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...) +CVE-2005-2337 {DSA-864-1 DSA-862-1 DSA-860-1} - ruby <removed> - ruby1.6 1.6.8-13 (medium) - ruby1.8 1.8.3-1 (bug #332742; medium) - ruby1.9 1.9.0+20050921-1 (medium) -CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...) +CVE-2005-2336 [sarge] - hiki <not-affected> (code not present in sarge) - hiki 0.8.2-1 -CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...) +CVE-2005-2334 NOT-FOR-US: Y.SAK -CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...) +CVE-2005-2333 NOT-FOR-US: smilies_popup.php -CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...) +CVE-2005-2332 NOT-FOR-US: PHPPageProtect -CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...) +CVE-2005-2331 NOT-FOR-US: MooseGallery -CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2.2 ...) +CVE-2005-2330 NOT-FOR-US: osCommerce -CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...) +CVE-2005-2329 NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S -CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...) +CVE-2005-2328 NOT-FOR-US: Laffer -CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...) +CVE-2005-2327 NOT-FOR-US: e107 -CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) +CVE-2005-2326 NOT-FOR-US: Clever Copy -CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...) +CVE-2005-2325 NOT-FOR-US: Clever Copy -CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...) +CVE-2005-2324 NOT-FOR-US: Clever Copy -CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...) +CVE-2005-2323 NOT-FOR-US: Class-1 Forum -CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...) +CVE-2005-2322 NOT-FOR-US: Class-1 Forum -CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...) +CVE-2005-2321 NOT-FOR-US: CaLogic -CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...) +CVE-2005-2319 NOT-FOR-US: Yawp -CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...) +CVE-2005-2318 NOT-FOR-US: DVBBS -CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...) +CVE-2005-2317 {DSA-849-1} - shorewall 2.4.1-2 (bug #318946; medium) -CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...) +CVE-2005-2316 NOT-FOR-US: dnrd -CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 ...) +CVE-2005-2315 NOT-FOR-US: dnrd -CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...) +CVE-2005-2314 NOT-FOR-US: PHPsFTPd -CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...) +CVE-2005-2313 NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence -CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...) +CVE-2005-2312 NOT-FOR-US: Realnode Emilda -CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) +CVE-2005-2311 - sms-pl 2.1.0-1 (bug #320540; unimportant) NOTE: vulnerable contrib file only in source package -CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...) +CVE-2005-2310 NOT-FOR-US: Winamp -CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...) +CVE-2005-2309 NOT-FOR-US: Opera -CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...) +CVE-2005-2308 NOT-FOR-US: MSIE -CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...) +CVE-2005-2307 NOT-FOR-US: Microsoft -CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...) +CVE-2005-2306 NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0 -CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...) +CVE-2005-2305 NOT-FOR-US: DG Remote Control Server -CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...) +CVE-2005-2304 NOT-FOR-US: Microsoft CVE-2005-2303 REJECTED -CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...) +CVE-2005-2302 {DSA-771-1} - pdns 2.9.18-1 (medium; bug #318798) -CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...) +CVE-2005-2301 {DSA-771-1} - pdns 2.9.18-1 (medium; bug #318798) -CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...) +CVE-2005-2300 NOT-FOR-US: Skype -CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...) +CVE-2005-2299 NOT-FOR-US: Simple Message Board -CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...) +CVE-2005-2298 NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian -CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...) +CVE-2005-2297 NOT-FOR-US: Sybase EAServer -CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...) +CVE-2005-2296 NOT-FOR-US: YabbSE -CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-2295 - netpanzer 0.8+svn20060319-1 (bug #318329; low) [sarge] - netpanzer <no-dsa> (Minor DoS against a game) -CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...) +CVE-2005-2294 NOT-FOR-US: Oracle -CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...) +CVE-2005-2293 NOT-FOR-US: Oracle -CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...) +CVE-2005-2292 NOT-FOR-US: Oracle -CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...) +CVE-2005-2291 NOT-FOR-US: Oracle -CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...) +CVE-2005-2290 NOT-FOR-US: WPS -CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...) +CVE-2005-2289 NOT-FOR-US: PHPCounter -CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...) +CVE-2005-2288 NOT-FOR-US: PHPCounter -CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...) +CVE-2005-2287 NOT-FOR-US: SoftiaCom wMailServer -CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...) +CVE-2005-2286 NOT-FOR-US: WebEOC -CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...) +CVE-2005-2285 NOT-FOR-US: WebEOC -CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...) +CVE-2005-2284 NOT-FOR-US: WebEOC -CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...) +CVE-2005-2283 NOT-FOR-US: WebEOC -CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...) +CVE-2005-2282 NOT-FOR-US: WebEOC -CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...) +CVE-2005-2281 NOT-FOR-US: WebEOC -CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...) +CVE-2005-2280 NOT-FOR-US: Cisco -CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...) +CVE-2005-2279 NOT-FOR-US: Cisco -CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...) +CVE-2005-2278 NOT-FOR-US: MailEnable -CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...) +CVE-2005-2277 {DSA-762-1} - affix 2.1.2-2 (bug #318328; medium) -CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...) +CVE-2005-2276 NOT-FOR-US: Novell Groupwise WebAccess CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6] NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html @@ -6256,264 +6256,264 @@ CVE-2005-XXXX [xgalaga score file segfault] CVE-2005-XXXX [xemeraldia games file overwrite] - xemeraldia 0.4-1 (bug #319661; low) [sarge] - xemeraldia <no-dsa> (Very minor issue) -CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...) +CVE-2005-2335 {DSA-774-1} NOTE: previous fix in -15 was broken - fetchmail 6.2.5-16 (bug #320357; bug #212762; medium) -CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...) +CVE-2005-2320 {DSA-766-1} - webcalendar 0.9.45-7 (bug #315671; medium) -CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...) +CVE-2005-2437 NOT-FOR-US: Website Baker CVE-2005-2275 RESERVED -CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...) +CVE-2005-2274 NOT-FOR-US: MSIE -CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...) +CVE-2005-2273 NOT-FOR-US: Opera -CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...) +CVE-2005-2272 NOT-FOR-US: Sfari -CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...) +CVE-2005-2271 NOT-FOR-US: iCab -CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...) +CVE-2005-2270 {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (high) - mozilla 2:1.7.9-1 (bug #318062; bug #325851; high) - mozilla-thunderbird 1.0.6-1 (high) -CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...) +CVE-2005-2269 {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (high) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (medium; bug #318728) -CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...) +CVE-2005-2268 {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) -CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...) +CVE-2005-2267 {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) -CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...) +CVE-2005-2266 {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (low; bug #318728) -CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...) +CVE-2005-2265 {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (high) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (medium; bug #318728) -CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...) +CVE-2005-2264 {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) -CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...) +CVE-2005-2263 {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) -CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...) +CVE-2005-2262 {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) -CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...) +CVE-2005-2261 {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (medium; bug #318728) -CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...) +CVE-2005-2260 {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) -CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...) +CVE-2005-2259 NOT-FOR-US: USANet -CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...) +CVE-2005-2258 NOT-FOR-US: Squito Gallery -CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...) +CVE-2005-2257 NOT-FOR-US: PhpSlash -CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...) +CVE-2005-2256 {DSA-759-1} - phppgadmin 3.5.4-1 (bug #318284; medium) -CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...) +CVE-2005-2255 NOT-FOR-US: PhpAuction -CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...) +CVE-2005-2254 NOT-FOR-US: PhpAuction -CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...) +CVE-2005-2253 NOT-FOR-US: PhpAuction -CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...) +CVE-2005-2252 NOT-FOR-US: PhpAuction -CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...) +CVE-2005-2251 NOT-FOR-US: PHPSecurePages (phpSP) -CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...) +CVE-2005-2250 {DSA-762-1} - affix 2.1.2-2 (bug #318327; medium) -CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...) +CVE-2005-2249 NOT-FOR-US: Jinzora -CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...) +CVE-2005-2248 NOT-FOR-US: DownloadProtect -CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...) +CVE-2005-2247 NOTE: no details available - moodle 1.5.1-1 -CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...) +CVE-2005-2246 NOT-FOR-US: iPhotoAlbum -CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...) +CVE-2005-2245 NOT-FOR-US: BIG-IP -CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...) +CVE-2005-2244 NOT-FOR-US: Cisco -CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...) +CVE-2005-2243 NOT-FOR-US: Cisco -CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) +CVE-2005-2242 NOT-FOR-US: Cisco -CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) +CVE-2005-2241 NOT-FOR-US: Cisco -CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) +CVE-2005-2240 {DSA-1003-1} - xpvm 1.2.5-8 (bug #318285; medium) -CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...) +CVE-2005-2239 - oftpd 20040304-1 (bug #318286; medium) NOTE: This was fixed in the patch set maintained by Werner Koch, it's included -CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...) +CVE-2005-2238 NOT-FOR-US: AIX -CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...) +CVE-2005-2237 NOT-FOR-US: AIX -CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...) +CVE-2005-2236 NOT-FOR-US: AIX -CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...) +CVE-2005-2235 NOT-FOR-US: AIX -CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...) +CVE-2005-2234 NOT-FOR-US: AIX -CVE-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 ...) +CVE-2005-2233 NOT-FOR-US: AIX -CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...) +CVE-2005-2232 NOT-FOR-US: AIX -CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...) +CVE-2005-2231 {DSA-761-2} - heartbeat 1.2.3-12 (bug #318287; medium) -CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...) +CVE-2005-2230 - elmo 1.3.0-1.1 (bug #318291; low) [sarge] - elmo <no-dsa> (Minor issue) -CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...) +CVE-2005-2229 NOT-FOR-US: Blog Torrent -CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...) +CVE-2005-2228 NOT-FOR-US: Web Wiz Forums -CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...) +CVE-2005-2227 NOT-FOR-US: Softiacom wMailserver -CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...) +CVE-2005-2226 NOT-FOR-US: Outlook -CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...) +CVE-2005-2225 NOT-FOR-US: Microsoft -CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...) +CVE-2005-2224 NOT-FOR-US: Microsoft -CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...) +CVE-2005-2223 NOT-FOR-US: MailEnable -CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...) +CVE-2005-2222 NOT-FOR-US: MailEnable -CVE-2005-2221 (** DISPUTED ** ...) +CVE-2005-2221 NOT-FOR-US: Dragonfly -CVE-2005-2220 (** DISPUTED ** ...) +CVE-2005-2220 NOT-FOR-US: Dragonfly -CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...) +CVE-2005-2219 NOT-FOR-US: Hosting Controller -CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...) +CVE-2005-2218 - kfreebsd5-source 5.3-17 (medium) -CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...) +CVE-2005-2217 NOT-FOR-US: Dansie Shopping Cart -CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...) +CVE-2005-2216 NOT-FOR-US: PhotoGal -CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...) +CVE-2005-2215 - mediawiki 1.4.9 -CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...) +CVE-2005-2214 - apt-setup <unfixed> (bug #305142; unimportant) NOTE: That's by design. We want to provide non-root users access to the source code, NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive NOTE: as it'll be sent non-encrypted over the wire. -CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...) +CVE-2005-2213 NOT-FOR-US: MMS Ripper -CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...) +CVE-2005-2212 NOTE: duplicate of CVE-2005-1856 NOTE: Mitre contacted - micah April 20, 2006 NOTE: Mitre re-contacted - micah June 5, 2006 -CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) +CVE-2005-2211 NOTE: duplicate of CVE-2005-1855 NOTE: Mitre contacted - micah April 20, 2006 NOTE: Mitre re-contacted - micah June 5, 2006 -CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...) +CVE-2005-2210 NOT-FOR-US: Internet Download Manager -CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) +CVE-2005-2209 NOT-FOR-US: ScanShare -CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...) +CVE-2005-2208 NOT-FOR-US: PrivaShare -CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...) +CVE-2005-2207 NOT-FOR-US: CartWIZ -CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...) +CVE-2005-2206 NOT-FOR-US: CartWIZ -CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...) +CVE-2005-2205 NOT-FOR-US: kaiseki.cgi -CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...) +CVE-2005-2204 NOT-FOR-US: SiteMinder -CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...) +CVE-2005-2203 NOT-FOR-US: phpWishlist -CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...) +CVE-2005-2202 NOT-FOR-US: Xerox Hardware issue -CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...) +CVE-2005-2201 NOT-FOR-US: Xerox hardware -CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...) +CVE-2005-2200 NOT-FOR-US: Xerox hardware -CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) +CVE-2005-2199 NOT-FOR-US: PPA web photo gallery -CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...) +CVE-2005-2198 NOT-FOR-US: SPiD -CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...) +CVE-2005-2197 NOT-FOR-US: Id Board -CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...) +CVE-2005-2196 NOT-FOR-US: Apple Airport -CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...) +CVE-2005-2195 NOT-FOR-US: Apple Darwin Streaming Server -CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 ...) +CVE-2005-2194 NOT-FOR-US: Apple -CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...) +CVE-2005-2193 NOT-FOR-US: PunBB -CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...) +CVE-2005-2192 NOT-FOR-US: SimplePHPBlog -CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...) +CVE-2005-2191 NOT-FOR-US: Comersus -CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...) +CVE-2005-2190 NOT-FOR-US: Comersus -CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...) +CVE-2005-2189 NOT-FOR-US: Lantronix SecureLinx -CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...) +CVE-2005-2188 NOT-FOR-US: McAfee IntruShield -CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...) +CVE-2005-2187 NOT-FOR-US: McAfee IntruShield -CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...) +CVE-2005-2186 NOT-FOR-US: McAfee IntruShield -CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...) +CVE-2005-2185 NOT-FOR-US: eRoom -CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...) +CVE-2005-2184 NOT-FOR-US: eRoom -CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...) +CVE-2005-2183 NOT-FOR-US: PhpXmail -CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...) +CVE-2005-2182 NOT-FOR-US: PhpXmail -CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...) +CVE-2005-2181 NOT-FOR-US: SIP phone hardware issue -CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...) +CVE-2005-2180 - gnats 4.0 (bug #318481; high) -CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...) +CVE-2005-2179 NOT-FOR-US: Jaws -CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...) +CVE-2005-2178 NOTE: How bizarre, they assign a CVE Id without knowing which product contains NOTE: the affected probe.cgi -CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...) +CVE-2005-2177 {DSA-873-1} - net-snmp 5.2.1.2-1 (bug #318420; low) - ucd-snmp 4.2.5-5.1 (bug #337394; low) [sarge] - ucd-snmp <no-dsa> (Minor issue) -CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...) +CVE-2005-2176 NOT-FOR-US: Novell NetMail -CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...) +CVE-2005-2175 NOT-FOR-US: Notes -CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...) +CVE-2005-2174 [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18.3-1 (low) -CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...) +CVE-2005-2173 [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18.3-1 (low) @@ -6521,91 +6521,91 @@ CVE-2005-2172 RESERVED CVE-2005-2171 RESERVED -CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...) +CVE-2005-2170 NOT-FOR-US: Tivoli CVE-2005-2348 REJECTED -CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...) +CVE-2005-2169 NOT-FOR-US: PHPSource Printer -CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...) +CVE-2005-2168 NOT-FOR-US: Plague -CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...) +CVE-2005-2167 NOT-FOR-US: Plague -CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...) +CVE-2005-2166 NOT-FOR-US: Plague -CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...) +CVE-2005-2165 NOT-FOR-US: GlobalNoteScript -CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...) +CVE-2005-2164 NOT-FOR-US: Covide -CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...) +CVE-2005-2163 NOT-FOR-US: AutoIndex PHP Script -CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...) +CVE-2005-2162 NOT-FOR-US: MyGuestbook -CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...) +CVE-2005-2161 {DSA-768-1} - phpbb2 2.0.13+1-6sarge1 (bug #317739; high) -CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...) +CVE-2005-2160 NOT-FOR-US: IMail -CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...) +CVE-2005-2159 NOT-FOR-US: PlanetDNS -CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...) +CVE-2005-2158 NOT-FOR-US: JBoss -CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...) +CVE-2005-2157 NOT-FOR-US: nabopoll -CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...) +CVE-2005-2156 NOT-FOR-US: PHPNews -CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...) +CVE-2005-2155 NOT-FOR-US: EasyPHPCalender -CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...) +CVE-2005-2154 NOT-FOR-US: osTicket -CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...) +CVE-2005-2153 NOT-FOR-US: osTicket -CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...) +CVE-2005-2152 NOT-FOR-US: Geeklog -CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...) +CVE-2005-2151 {DSA-784-1} - courier 0.47-6 (bug #320290; low) -CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...) +CVE-2005-2150 NOT-FOR-US: Microsoft -CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...) +CVE-2005-2149 {DSA-764-1} - cacti 0.8.6f-1 (bug #316590; high) -CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...) +CVE-2005-2148 {DSA-764-1} - cacti 0.8.6f-1 (bug #316590; high) -CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...) +CVE-2005-2147 {DSA-739-1} - trac 0.8.4-1 [sarge] - trac 0.8.1-3sarge1 -CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...) +CVE-2005-2146 NOT-FOR-US: SSH Tectia Server -CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...) +CVE-2005-2145 NOT-FOR-US: Prevx Pro -CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...) +CVE-2005-2144 NOT-FOR-US: Prevx Pro -CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...) +CVE-2005-2143 NOT-FOR-US: Microsoft -CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...) +CVE-2005-2142 NOT-FOR-US: Golden FTP Server -CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...) +CVE-2005-2141 NOT-FOR-US: TCP Chat -CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...) +CVE-2005-2140 NOT-FOR-US: FSboard -CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...) +CVE-2005-2139 NOT-FOR-US: Pavsta -CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...) +CVE-2005-2138 NOT-FOR-US: Comdev eCommerce -CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...) +CVE-2005-2137 NOT-FOR-US: NateOn Messenger -CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...) +CVE-2005-2136 NOT-FOR-US: Raritan Dominion SX -CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...) +CVE-2005-2135 NOT-FOR-US: EtoShop -CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...) +CVE-2005-2134 NOT-FOR-US: NetBSD CVE-2005-2133 REJECTED -CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...) +CVE-2005-2132 NOT-FOR-US: SCO UnixWare CVE-2005-2131 RESERVED @@ -6613,80 +6613,80 @@ CVE-2005-2130 RESERVED CVE-2005-2129 RESERVED -CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...) +CVE-2005-2128 NOT-FOR-US: Windows -CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) +CVE-2005-2127 NOT-FOR-US: Windows -CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...) +CVE-2005-2126 NOT-FOR-US: Windows CVE-2005-2125 RESERVED -CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...) +CVE-2005-2124 NOT-FOR-US: Windows -CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...) +CVE-2005-2123 NOT-FOR-US: Windows -CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...) +CVE-2005-2122 NOT-FOR-US: Windows CVE-2005-2121 RESERVED -CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...) +CVE-2005-2120 NOT-FOR-US: Windows -CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...) +CVE-2005-2119 NOT-FOR-US: Microsoft -CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...) +CVE-2005-2118 NOT-FOR-US: Windows -CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...) +CVE-2005-2117 NOT-FOR-US: Windows CVE-2005-2116 REJECTED -CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...) +CVE-2005-2115 NOT-FOR-US: Soldier of Fortune -CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...) +CVE-2005-2114 NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits [sarge] - mozilla <not-affected> (Unreproducible) - mozilla 2:1.7.10-1 (bug #318723; medium) -CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...) +CVE-2005-2113 NOT-FOR-US: Xoops -CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...) +CVE-2005-2112 NOT-FOR-US: Xoops -CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...) +CVE-2005-2111 NOT-FOR-US: Community Link Pro Web Editor -CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...) +CVE-2005-2110 - wordpress 1.5.1.3-1 (bug #316402) -CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...) +CVE-2005-2109 - wordpress 1.5.1.3-1 (bug #316402) -CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...) +CVE-2005-2108 - wordpress 1.5.1.3-1 (bug #316402) -CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) +CVE-2005-2107 - wordpress 1.5.1.3-1 (bug #316402) -CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...) +CVE-2005-2106 {DSA-745-1} - drupal 4.5.4-1 (bug #316362) -CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...) +CVE-2005-2105 NOT-FOR-US: IOS -CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...) +CVE-2005-2104 NOT-FOR-US: sysreport -CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...) +CVE-2005-2103 {DTSA-5-1} - gaim 1:1.4.0-5 (high; bug #323706) -CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...) +CVE-2005-2102 {DTSA-5-1} - gaim 1:1.4.0-5 (medium; bug #323706) -CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...) +CVE-2005-2101 {DSA-818-1} - kdeedu 4:3.4.2-1 (low) -CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...) +CVE-2005-2100 - linux-2.6 <not-affected> (Red Hat specific according to Horms) - kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms) -CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...) +CVE-2005-2099 {DTSA-16-1} NOTE: 2.6.8 and 2.4.27 not affected - linux-2.6 2.6.12-3 (bug #323039; medium) -CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...) +CVE-2005-2098 {DTSA-16-1} NOTE: 2.6.8 and 2.4.27 not affected - linux-2.6 2.6.12-3 (bug #323039; medium) -CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...) +CVE-2005-2097 {DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1} - kdegraphics 4:3.4.2-1 (bug #322458; low) - xpdf 3.00-15 (bug #322462; low) @@ -6701,7 +6701,7 @@ CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table [woody] - cupsys <not-affected> (Vulnerable code not present) - poppler 0.4.0-1 (low) - libextractor 0.5.8-1 (medium) -CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...) +CVE-2005-2096 {DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1} NOTE: Several packages ship embedded copies of zlib, there are a lot probably more NOTE: Florian Weimer is doing a comprehensive audit using clamav @@ -6748,384 +6748,384 @@ CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a de - rsync <not-affected> (Uses zlib 1.1, which is not affected) NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need, NOTE: as the included version was never affected, despite claiming them so. -CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the ...) +CVE-2005-2095 {DSA-756-1} - squirrelmail 2:1.4.4-6sarge1 (bug #317094) -CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...) +CVE-2005-2094 NOT-FOR-US: Sun -CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...) +CVE-2005-2093 NOT-FOR-US: Oracle -CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...) +CVE-2005-2092 NOT-FOR-US: BEA WebLogic -CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...) +CVE-2005-2091 NOT-FOR-US: Websphere -CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...) +CVE-2005-2090 - tomcat4 4.1.28-1 NOTE: tomcat5 in experimental has this fix as well -CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...) +CVE-2005-2089 NOT-FOR-US: Microsoft -CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...) +CVE-2005-2088 {DSA-805-1 DSA-803-1} - apache 1.3.33-8 (bug #322607; medium) - apache2 2.0.54-5 (bug #316173; medium) -CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating ...) +CVE-2005-2087 NOT-FOR-US: Microsoft -CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...) +CVE-2005-2086 - phpbb2 <not-affected> (phpbb versions in Debian not affected) -CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...) +CVE-2005-2085 NOT-FOR-US: Inframail -CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...) +CVE-2005-2084 NOT-FOR-US: Community Forum -CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...) +CVE-2005-2083 NOT-FOR-US: IA eMailServer -CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...) +CVE-2005-2082 NOT-FOR-US: imTRSET -CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...) +CVE-2005-2081 - asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant) NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands -CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...) +CVE-2005-2080 NOT-FOR-US: Veritas Backup -CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...) +CVE-2005-2079 NOT-FOR-US: Veritas Backup -CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...) +CVE-2005-1932 NOT-FOR-US: Lpanel -CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...) +CVE-2005-1931 NOT-FOR-US: GoodTech SMTP Server -CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) +CVE-2005-2078 NOT-FOR-US: BisonFTP Server -CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) +CVE-2005-2077 NOT-FOR-US: Hosting Controller -CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) +CVE-2005-2076 NOT-FOR-US: HP Version Control Repository Manager -CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) +CVE-2005-2075 NOT-FOR-US: PHP-Fusion -CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) +CVE-2005-2074 NOT-FOR-US: PHP-Fusion -CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) +CVE-2005-2073 NOT-FOR-US: DB2 -CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...) +CVE-2005-2072 NOT-FOR-US: Solaris -CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) +CVE-2005-2071 NOT-FOR-US: Solaris -CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) +CVE-2005-2070 {DSA-737-1 DTSA-3-1} - clamav 0.86.1 (bug #318755; medium) -CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...) +CVE-2005-2069 {DSA-785-1} - openldap2.2 2.2.26-3 (bug #316674; medium) - openldap2 2.1.30-11 (medium) - libpam-ldap 178-1sarge1 (bug #316972; medium) - libnss-ldap 238-1.1 (bug #316973; medium) -CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...) +CVE-2005-2068 - kfreebsd-source <unfixed> -CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) +CVE-2005-2067 NOT-FOR-US: ASP Nuke -CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) +CVE-2005-2066 NOT-FOR-US: ASP Nuke -CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) +CVE-2005-2065 NOT-FOR-US: ASP Nuke -CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) +CVE-2005-2064 NOT-FOR-US: ASP Nuke -CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-2063 NOT-FOR-US: ActiveBuyAndSell -CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) +CVE-2005-2062 NOT-FOR-US: ActiveBuyAndSell -CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) +CVE-2005-2061 NOT-FOR-US: Infopop UBB.Threads -CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) +CVE-2005-2060 NOT-FOR-US: Infopop UBB.Threads -CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) +CVE-2005-2059 NOT-FOR-US: Infopop UBB.Threads -CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) +CVE-2005-2058 NOT-FOR-US: Infopop UBB.Threads -CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) +CVE-2005-2057 NOT-FOR-US: Infopop UBB.Threads -CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) +CVE-2005-2056 {DSA-737-1 DTSA-3-1} - clamav 0.86.1-1 (bug #318756; medium) -CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) +CVE-2005-2055 NOT-FOR-US: Affected only Real Player, not Helix Player NOTE: http://service.real.com/help/faq/security/050623_player/EN/ -CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) +CVE-2005-2054 NOT-FOR-US: Real Player NOTE: This didn't affected Helix, although the changelog claimed so, see NOTE: http://service.real.com/help/faq/security/050623_player/EN/ -CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...) +CVE-2005-2053 NOT-FOR-US: JAF CMS -CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...) +CVE-2005-2052 NOT-FOR-US: Real Player NOTE: This didn't affected Helix, although the changelog claimed so, see NOTE: http://service.real.com/help/faq/security/050623_player/EN/ -CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...) +CVE-2005-2051 NOT-FOR-US: BEWAC -CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...) +CVE-2005-2050 - tor 0.0.9.10-1 (medium) -CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) +CVE-2005-2049 NOT-FOR-US: Duware -CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...) +CVE-2005-2048 NOT-FOR-US: Duware -CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) +CVE-2005-2047 NOT-FOR-US: Duware -CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) +CVE-2005-2046 NOT-FOR-US: Duware -CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) +CVE-2005-2045 NOT-FOR-US: Duware -CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) +CVE-2005-2044 NOT-FOR-US: ATutor -CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) +CVE-2005-2043 NOT-FOR-US: XAMPP -CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) +CVE-2005-2042 NOT-FOR-US: ajax-spell -CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...) +CVE-2005-2041 NOT-FOR-US: ViRobot -CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) +CVE-2005-2040 {DSA-758-1} - heimdal 0.6.3-11 (bug #315065; bug #315086; high) -CVE-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) +CVE-2005-2039 - nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492) -CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) +CVE-2005-2038 NOT-FOR-US: Fortibus CMS -CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) +CVE-2005-2037 NOT-FOR-US: Fortibus CMS -CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote ...) +CVE-2005-2036 NOT-FOR-US: Cool Cafe Chat -CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) ...) +CVE-2005-2035 NOT-FOR-US: Cool Cafe Chat -CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) +CVE-2005-2034 NOT-FOR-US: iGallery -CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar ...) +CVE-2005-2033 NOT-FOR-US: iGallery -CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) +CVE-2005-2032 NOT-FOR-US: Solaris -CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) +CVE-2005-2031 NOT-FOR-US: socialMPN -CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) +CVE-2005-2030 NOT-FOR-US: Ultimate PHP Board -CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) +CVE-2005-2029 NOT-FOR-US: external script that allow interaction between amarok and a browser -CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) +CVE-2005-2028 NOT-FOR-US: MercuryBoard -CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) +CVE-2005-2027 NOT-FOR-US: Enterasys hardware issue -CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) +CVE-2005-2026 NOT-FOR-US: Enterasys hardware issue -CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) +CVE-2005-2025 NOT-FOR-US: Cisco -CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) +CVE-2005-2024 {DSA-738-1} NOTE: varying and apparently innacurate info about what versions fix it - razor 2.720-1 (low) -CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...) +CVE-2005-2023 - gnupg2 1.9.15-1 -CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) +CVE-2005-2022 NOT-FOR-US: iPlanet -CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) +CVE-2005-2021 NOT-FOR-US: cPanel -CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...) +CVE-2005-2020 NOT-FOR-US: 3com Network Supervisor -CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...) +CVE-2005-2019 NOT-FOR-US: FreeBSD ipfw CVE-2005-2018 RESERVED -CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...) +CVE-2005-2017 NOT-FOR-US: Symantec AntiVirus CVE-2005-2016 RESERVED CVE-2005-2015 RESERVED -CVE-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) +CVE-2005-2014 NOT-FOR-US: paFAQ -CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) +CVE-2005-2013 NOT-FOR-US: paFAQ -CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...) +CVE-2005-2012 NOT-FOR-US: paFAQ -CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) +CVE-2005-2011 NOT-FOR-US: paFAQ -CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...) +CVE-2005-2010 NOT-FOR-US: Ublog Reload -CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) +CVE-2005-2009 NOT-FOR-US: Ublog Reload -CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) +CVE-2005-2008 - yaws 1.56-1 (low) -CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) +CVE-2005-2007 - trac 0.8.4-1 (bug #315145) [sarge] - trac 0.8.1-3sarge1 -CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) +CVE-2005-2006 NOT-FOR-US: JBOSS -CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...) +CVE-2005-2005 NOT-FOR-US: Ultimate PHP Board -CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...) +CVE-2005-2004 NOT-FOR-US: Ultimate PHP Board -CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) +CVE-2005-2003 NOT-FOR-US: Ultimate PHP Board -CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...) +CVE-2005-2002 NOT-FOR-US: Mambo -CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) +CVE-2005-2001 NOT-FOR-US: paFileDB -CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...) +CVE-2005-2000 NOT-FOR-US: paFileDB -CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) +CVE-2005-1999 NOT-FOR-US: paFileDB -CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) +CVE-2005-1998 NOT-FOR-US: McGallery -CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) +CVE-2005-1997 NOT-FOR-US: McGallery -CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site ...) +CVE-2005-1996 NOT-FOR-US: Bitrix Site Manager -CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) +CVE-2005-1995 NOT-FOR-US: Bitrix Site Manager -CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...) +CVE-2005-1994 NOT-FOR-US: Finjan SurfinGate -CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...) +CVE-2005-1993 {DSA-735-2 DSA-735-1} - sudo 1.6.8p9-1 (bug #315718; bug #315115; medium) -CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) +CVE-2005-1992 {DSA-748-1} - ruby1.8 1.8.2-8 (bug #315064; medium) - ruby1.9 1.9.0+20050623-1 (bug #315064; medium) CVE-2005-1991 RESERVED -CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...) +CVE-2005-1990 NOT-FOR-US: MSIE -CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) +CVE-2005-1989 NOT-FOR-US: MSIE -CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) +CVE-2005-1988 NOT-FOR-US: MSIE -CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in ...) +CVE-2005-1987 NOT-FOR-US: Microsoft CVE-2005-1986 RESERVED -CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...) +CVE-2005-1985 NOT-FOR-US: Microsoft -CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...) +CVE-2005-1984 NOT-FOR-US: Spoolsv.exe -CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...) +CVE-2005-1983 NOT-FOR-US: Microsoft -CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...) +CVE-2005-1982 NOT-FOR-US: Microsoft -CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...) +CVE-2005-1981 NOT-FOR-US: Microsoft -CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...) +CVE-2005-1980 NOT-FOR-US: Microsoft -CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...) +CVE-2005-1979 NOT-FOR-US: Microsoft -CVE-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory ...) +CVE-2005-1978 NOT-FOR-US: Microsoft CVE-2005-1977 RESERVED -CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...) +CVE-2005-1976 NOT-FOR-US: Novell NetMail -CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...) +CVE-2005-1975 NOT-FOR-US: Annuaire -CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...) +CVE-2005-1974 NOT-FOR-US: Sun Java -CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) +CVE-2005-1973 NOT-FOR-US: Sun Java -CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) +CVE-2005-1972 NOT-FOR-US: InteractivePHP FusionBB -CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) +CVE-2005-1971 NOT-FOR-US: InteractivePHP FusionBB -CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...) +CVE-2005-1970 NOT-FOR-US: pcAnywhere -CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...) +CVE-2005-1969 NOT-FOR-US: Pragma Telnetserver -CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...) +CVE-2005-1968 NOT-FOR-US: ProductCart Ecommerce -CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) +CVE-2005-1967 NOT-FOR-US: ProductCart Ecommerce -CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) +CVE-2005-1966 NOT-FOR-US: e107 -CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...) +CVE-2005-1965 NOT-FOR-US: Broadpool Siteframe -CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia ...) +CVE-2005-1964 NOT-FOR-US: Ovidentia Portal -CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) +CVE-2005-1963 NOT-FOR-US: Cerberus Helpdesk -CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...) +CVE-2005-1962 NOT-FOR-US: Cerberus Helpdesk -CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...) +CVE-2005-1961 NOT-FOR-US: C-JDBC -CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...) +CVE-2005-1960 NOT-FOR-US: C.J. Steele Tattle -CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...) +CVE-2005-1959 NOT-FOR-US: JamMail CVE-2005-1958 REJECTED -CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...) +CVE-2005-1957 NOT-FOR-US: File Upload Manager -CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) +CVE-2005-1956 NOT-FOR-US: File Upload Manager -CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) +CVE-2005-1955 NOT-FOR-US: singapore -CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...) +CVE-2005-1954 NOT-FOR-US: singapore -CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...) +CVE-2005-1953 NOT-FOR-US: Pico Server -CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...) +CVE-2005-1952 NOT-FOR-US: Pico Server -CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...) +CVE-2005-1951 NOT-FOR-US: osCommerce -CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) +CVE-2005-1950 NOT-FOR-US: Webhints -CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...) +CVE-2005-1949 NOT-FOR-US: e107 -CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...) +CVE-2005-1948 NOT-FOR-US: Invision Gallery -CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...) +CVE-2005-1947 NOT-FOR-US: Invision Gallery -CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...) +CVE-2005-1946 NOT-FOR-US: Invision Blog -CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) +CVE-2005-1945 NOT-FOR-US: Invision Blog -CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...) +CVE-2005-1944 NOT-FOR-US: xmysqladmin -CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) +CVE-2005-1943 NOT-FOR-US: Loki download manager -CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) +CVE-2005-1942 NOT-FOR-US: Cisco -CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) +CVE-2005-1941 NOT-FOR-US: SilverCity CVE-2005-1940 RESERVED -CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business ...) +CVE-2005-1939 NOT-FOR-US: Ipswitch WhatsUp CVE-2005-1938 REJECTED -CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...) +CVE-2005-1937 {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.6-1 (medium) - mozilla 2:1.7.10-1 (medium) [woody] - mozilla <not-affected> (regression of a previous security fix) -CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...) +CVE-2005-1936 NOT-FOR-US: Xerox hardware issue -CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...) +CVE-2005-1935 NOT-FOR-US: Microsoft -CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...) +CVE-2005-1933 NOT-FOR-US: Apple -CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) +CVE-2005-1934 {DSA-734-1} - gaim 1:1.3.1-1 (bug #315356; low) -CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component ...) +CVE-2005-1930 NOT-FOR-US: Trend Micro ServerProtect -CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...) +CVE-2005-1929 NOT-FOR-US: Trend Micro ServerProtect -CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console ...) +CVE-2005-1928 NOT-FOR-US: Trend Micro ServerProtect CVE-2005-1927 RESERVED CVE-2005-1926 RESERVED -CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) +CVE-2005-1925 NOT-FOR-US: Tikiwiki -CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...) +CVE-2005-1924 NOT-FOR-US: External Squirrelmail plugin not packaged in Debian -CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) +CVE-2005-1923 {DSA-737-1 DTSA-3-1} - clamav 0.86.1 (bug #316401; bug #316462; medium) -CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...) +CVE-2005-1922 {DSA-737-1 DTSA-3-1} - clamav 0.86.1-1 (low) -CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...) +CVE-2005-1921 {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1} - serendipity 1.0-1 - drupal 4.5.4-1 (high; bug #316362) @@ -7134,126 +7134,126 @@ CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (a - phpwiki 1.3.7-4 (bug #316714; high) - php4 4:4.3.10-16 (high; bug #316447) - horde3 <not-affected> (horde3 ships different XMLRPC code) -CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...) +CVE-2005-1920 {DSA-804-2} - kdelibs 4:3.4.2-1 (bug #319016; medium) CVE-2005-1919 REJECTED -CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability ...) +CVE-2005-1918 - tar 1.14-2.2 NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway -CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...) +CVE-2005-1917 NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one -CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...) +CVE-2005-1916 {DSA-760-1 DTSA-4-1} - ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low) -CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...) +CVE-2005-1915 NOT-FOR-US: log4sh -CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...) +CVE-2005-1914 {DSA-754-1 DTSA-2-1} - centericq 4.20.0-7 (medium) -CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...) +CVE-2005-1913 {DTSA-16-1} - linux-2.6 2.6.12-1 (medium) - kernel-source-2.6.11 2.6.11-6 (medium) CVE-2005-1912 REJECTED -CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) +CVE-2005-1911 - leafnode 1.11.3.rel-1 (bug #338886; low) [sarge] - leafnode 1.11.2.rel-1.0sarge0 -CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) +CVE-2005-1910 NOT-FOR-US: WWWeb Concepts Events System -CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) +CVE-2005-1909 NOT-FOR-US: 602LAN SUITE -CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) +CVE-2005-1908 NOT-FOR-US: Perception LiteWeb -CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) +CVE-2005-1907 NOT-FOR-US: Microsoft -CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) +CVE-2005-1906 NOT-FOR-US: livingmailing -CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) +CVE-2005-1905 NOT-FOR-US: Kaspersky -CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) +CVE-2005-1904 NOT-FOR-US: JiRo's Upload Systems -CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) +CVE-2005-1903 NOT-FOR-US: SPA-PRO Mail -CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) +CVE-2005-1902 NOT-FOR-US: SPA-PRO Mail -CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) +CVE-2005-1901 NOT-FOR-US: Sawmill -CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...) +CVE-2005-1900 NOT-FOR-US: Sawmill -CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) +CVE-2005-1899 NOT-FOR-US: RakNet -CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) +CVE-2005-1898 NOT-FOR-US: phpThumb -CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) +CVE-2005-1897 NOT-FOR-US: FlexCast -CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) +CVE-2005-1896 NOT-FOR-US: FlatNuke -CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) +CVE-2005-1895 NOT-FOR-US: FlatNuke -CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) +CVE-2005-1894 NOT-FOR-US: FlatNuke -CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) +CVE-2005-1893 NOT-FOR-US: FlatNuke -CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) +CVE-2005-1892 NOT-FOR-US: FlatNuke -CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) +CVE-2005-1891 NOT-FOR-US: AOL Instant Messenger -CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) +CVE-2005-1890 NOT-FOR-US: Mortiforo -CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) +CVE-2005-1889 NOT-FOR-US: Sun ONE -CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) +CVE-2005-1888 - mediawiki 1.4.9 (bug #276057) -CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) +CVE-2005-1887 NOT-FOR-US: Solaris -CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) +CVE-2005-1886 NOT-FOR-US: YaPiG -CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) +CVE-2005-1885 NOT-FOR-US: YaPiG -CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) +CVE-2005-1884 NOT-FOR-US: YaPiG -CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) +CVE-2005-1883 NOT-FOR-US: YaPiG -CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG ...) +CVE-2005-1882 NOT-FOR-US: YaPiG -CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) +CVE-2005-1881 NOT-FOR-US: YaPiG -CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) +CVE-2005-1880 NOT-FOR-US: everybuddy -CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) +CVE-2005-1879 NOT-FOR-US: LutelWall -CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) +CVE-2005-1878 NOT-FOR-US: GIPTables -CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) +CVE-2005-1877 NOT-FOR-US: Lpanel -CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) +CVE-2005-1876 NOT-FOR-US: CuteNews -CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) +CVE-2005-1875 NOT-FOR-US: Exhibit Engine -CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) +CVE-2005-1874 NOT-FOR-US: Dzip -CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) +CVE-2005-1873 NOT-FOR-US: Crob -CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) +CVE-2005-1872 NOT-FOR-US: WebSphere -CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) +CVE-2005-1871 - drupal 4.5.3-1 -CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in ...) +CVE-2005-1870 NOT-FOR-US: Popper -CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat ...) +CVE-2005-1869 NOT-FOR-US: MWChat -CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) +CVE-2005-1868 NOT-FOR-US: I-Man -CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) +CVE-2005-1867 NOT-FOR-US: Symantec -CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) +CVE-2005-1866 NOT-FOR-US: Calendarix -CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) +CVE-2005-1865 NOT-FOR-US: Calendarix -CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...) +CVE-2005-1864 NOT-FOR-US: Calendarix CVE-2005-1863 REJECTED @@ -7263,63 +7263,63 @@ CVE-2005-1861 REJECTED CVE-2005-1860 REJECTED -CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...) +CVE-2005-1859 NOT-FOR-US: arshell -CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...) +CVE-2005-1857 {DSA-786-1} - simpleproxy 3.2-4 (medium) -CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...) +CVE-2005-1856 {DSA-787-1} - backup-manager 0.5.8-2 (bug #315582; low) NOTE: maybe a duplicate of CVE-2005-2212, author contacted -CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...) +CVE-2005-1855 {DSA-787-1} - backup-manager 0.5.8-2 (medium) NOTE: maybe a duplicate of CVE-2005-2211, author contacted -CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...) +CVE-2005-1854 {DSA-772-1} - apt-cacher 0.9.10 (high) -CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...) +CVE-2005-1853 {DSA-770-1} - gopher 3.0.8 (low) -CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...) +CVE-2005-1852 {DSA-767-1 DTSA-4-1} - kdenetwork 4:3.3.2-5 (bug #319443; unimportant) NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when NOTE: no shared lib version is found. As the Debian package has a dependency on NOTE: it the maintainer does not intent to fix it, see # 319443 - ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium) -CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...) +CVE-2005-1851 {DSA-760-1 DTSA-4-1} - ekg 1:1.5+20050712+1.6rc2-1 (low) -CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...) +CVE-2005-1850 {DSA-760-1 DTSA-4-1} - ekg 1:1.5+20050712+1.6rc2-1 (low) -CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...) +CVE-2005-1849 {DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1} NOTE: This is only contrib code not built in the binary packages AFAIK - zlib 1:1.2.3-1 (low) - zsync 0.4.1-1 (low) - sash 3.7-5sarge1 (low) NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded. -CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...) +CVE-2005-1848 {DSA-750-1} - dhcpcd 1:1.3.22pl4-22 (medium) -CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...) +CVE-2005-1847 NOT-FOR-US: YaMT -CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) +CVE-2005-1846 NOT-FOR-US: YaMT CVE-2005-1845 REJECTED CVE-2005-1844 REJECTED -CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) +CVE-2005-1843 NOT-FOR-US: Windows -CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) +CVE-2005-1842 NOT-FOR-US: Windows -CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...) +CVE-2005-1841 NOT-FOR-US: acroread -CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...) +CVE-2005-1858 {DSA-744-1} - fuse 2.3.0-1 CVE-2005-2349 [Directory traversal in zoo] @@ -7328,198 +7328,198 @@ CVE-2005-2349 [Directory traversal in zoo] CVE-2005-2350 [Cross Site Scripting in websieve] RESERVED - websieve <removed> (bug #311838; low) -CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) +CVE-2005-1840 NOT-FOR-US: phpCMS -CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) +CVE-2005-1839 NOT-FOR-US: Liberum -CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) +CVE-2005-1838 NOT-FOR-US: Liberum -CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username ...) +CVE-2005-1837 NOT-FOR-US: Fortinet firewall -CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) +CVE-2005-1836 NOT-FOR-US: NEXTWEB -CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) +CVE-2005-1835 NOT-FOR-US: NEXTWEB -CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) +CVE-2005-1834 NOT-FOR-US: NEXTWEB -CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) +CVE-2005-1833 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) +CVE-2005-1832 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-1831 (** DISPUTED ** ...) +CVE-2005-1831 - sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side) -CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) +CVE-2005-1830 NOT-FOR-US: SoftICE -CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) +CVE-2005-1829 NOT-FOR-US: Microsoft -CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) +CVE-2005-1828 NOT-FOR-US: D-Link hardware issue -CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) +CVE-2005-1827 NOT-FOR-US: D-Link hardware issue -CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) +CVE-2005-1826 NOT-FOR-US: HP Radia -CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) +CVE-2005-1825 NOT-FOR-US: HP Radia -CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) +CVE-2005-1824 - mailutils 1:0.6.1-2 -CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) +CVE-2005-1823 NOT-FOR-US: Qualiteam X-Cart -CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) +CVE-2005-1822 NOT-FOR-US: Qualiteam X-Cart -CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in ...) +CVE-2005-1821 NOT-FOR-US: PowerDownload -CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) +CVE-2005-1820 NOT-FOR-US: Zeroboard -CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) +CVE-2005-1819 NOT-FOR-US: NikoSoft WebMail -CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) +CVE-2005-1818 NOT-FOR-US: NewLife Blogger -CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) +CVE-2005-1817 NOT-FOR-US: Invision Power Board -CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) +CVE-2005-1816 NOT-FOR-US: Invision Power Board -CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) +CVE-2005-1815 NOT-FOR-US: Hummingbird Connectivity -CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) +CVE-2005-1814 NOT-FOR-US: PicoWebServer -CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) +CVE-2005-1813 NOT-FOR-US: FutureSoft TFTP Server -CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) +CVE-2005-1812 NOT-FOR-US: FutureSoft TFTP Server -CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) +CVE-2005-1811 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) +CVE-2005-1810 - wordpress 1.5.1.2-1 -CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) +CVE-2005-1809 NOT-FOR-US: Sony hardware issue -CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) +CVE-2005-1808 NOT-FOR-US: Stronghold game -CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) +CVE-2005-1807 - libphp-phpmailer 1.73 -CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) +CVE-2005-1806 NOT-FOR-US: PeerCast -CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) +CVE-2005-1805 NOT-FOR-US: Online Solutions for Educators -CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) +CVE-2005-1804 NOT-FOR-US: Net Portal Dynamic System -CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) +CVE-2005-1803 NOT-FOR-US: Net Portal Dynamic System -CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) +CVE-2005-1802 NOT-FOR-US: Nortel hardware -CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) +CVE-2005-1801 NOT-FOR-US: Nokia hardware -CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) +CVE-2005-1800 NOT-FOR-US: Jaws glossary gadget -CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) +CVE-2005-1799 NOT-FOR-US: FreeStyle Wiki -CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) +CVE-2005-1798 NOT-FOR-US: ServersCheck -CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) +CVE-2005-1797 NOTE: Cryptographic attack on AES, cannot be fixed -CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) +CVE-2005-1796 {DSA-749-1} - ettercap 1:0.7.1-1.1 (bug #311615) -CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) +CVE-2005-1795 NOT-FOR-US: ClamAV on Mac OS X -CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) +CVE-2005-1794 NOT-FOR-US: Microsoft -CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) +CVE-2005-1793 NOT-FOR-US: Microsoft -CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) +CVE-2005-1792 NOT-FOR-US: Microsoft -CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) +CVE-2005-1791 NOT-FOR-US: Microsoft -CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...) +CVE-2005-1790 {CVE-2005-3896} NOT-FOR-US: Microsoft NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896. -CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) +CVE-2005-1789 NOT-FOR-US: India Software Solution shopping cart -CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) +CVE-2005-1788 NOT-FOR-US: Hosting Controller -CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) +CVE-2005-1787 NOT-FOR-US: phpStat -CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) +CVE-2005-1786 NOT-FOR-US: FunkyASP -CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) +CVE-2005-1785 NOT-FOR-US: ZonGG -CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) +CVE-2005-1784 NOT-FOR-US: Hosting Controller -CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) +CVE-2005-1783 NOT-FOR-US: BookReview -CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) +CVE-2005-1782 NOT-FOR-US: BookReview -CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) +CVE-2005-1781 NOT-FOR-US: MailEnable -CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) +CVE-2005-1780 NOT-FOR-US: Active News Manager -CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) +CVE-2005-1779 NOT-FOR-US: MaxWebPortal -CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) +CVE-2005-1778 NOT-FOR-US: PostNuke -CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) +CVE-2005-1777 NOT-FOR-US: PostNuke -CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) +CVE-2005-1776 NOT-FOR-US: C'Nedra -CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) +CVE-2005-1775 NOT-FOR-US: Terminator game -CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) +CVE-2005-1774 - davfs2 0.2.4-1 (bug #310757; medium) -CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) +CVE-2005-1773 NOT-FOR-US: Listserv -CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) +CVE-2005-1772 NOT-FOR-US: Terminator game -CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) +CVE-2005-1771 NOT-FOR-US: HPUX -CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) +CVE-2005-1770 NOT-FOR-US: Avast -CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) +CVE-2005-1769 {DSA-756-1} - squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium) -CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...) +CVE-2005-1768 {DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (medium; bug #319629) -CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...) +CVE-2005-1767 {DSA-922-1 DSA-921-1} - linux-2.6 2.6.12-1 - kernel-source-2.4.27 2.4.27-11 NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic) -CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...) +CVE-2005-1766 {DSA-826-1} - helix-player 1.0.5-1 (bug #316276; high) NOTE: Helix Player is affected according to: NOTE: <http://service.real.com/help/faq/security/050623_player/EN/> -CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) +CVE-2005-1765 {DSA-922-1 DTSA-16-1} - linux-2.6 2.6.12-1 (medium) - kernel-source-2.4.27 <not-affected> -CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...) +CVE-2005-1764 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) - kernel-source-2.4.27 <not-affected> -CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) +CVE-2005-1763 {DSA-922-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5) -CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...) +CVE-2005-1762 {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5) - kernel-source-2.4.27 2.4.27-11 -CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...) +CVE-2005-1761 {DSA-1018-1 DSA-922-1 DTSA-16-1} - linux-2.6 2.6.12-1 (medium) -CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) +CVE-2005-1760 NOT-FOR-US: sysreport -CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...) +CVE-2005-1759 - shtool 2.0.1-2 (low) [sarge] - shtool <no-dsa> (Minor issue) - mysql-ocaml 1.0.3-6 (unimportant) - php4 4:4.4.0-1 (unimportant) -CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...) +CVE-2005-1758 NOT-FOR-US: Novell -CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...) +CVE-2005-1757 NOT-FOR-US: Novell -CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...) +CVE-2005-1756 NOT-FOR-US: Novell -CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) +CVE-2005-1751 {DSA-789-1 DTSA-15-1} - shtool 2.0.1-2 (bug #311206; low) [sarge] - shtool <no-dsa> (Minor issue) @@ -7540,203 +7540,203 @@ CVE-2005-XXXX [osh buffer overflow] - osh 1.7-13 (bug #311369) CVE-2005-XXXX [xile buffer overrun in terminal code] - zile 2.0.4-2 -CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...) +CVE-2005-1750 NOT-FOR-US: ezwdc NewsletterEz -CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...) +CVE-2005-1749 NOT-FOR-US: BEA Weblogic -CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...) +CVE-2005-1748 NOT-FOR-US: BEA Weblogic -CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) +CVE-2005-1747 NOT-FOR-US: BEA Weblogic -CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...) +CVE-2005-1746 NOT-FOR-US: BEA Weblogic -CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) +CVE-2005-1745 NOT-FOR-US: BEA Weblogic -CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...) +CVE-2005-1744 NOT-FOR-US: BEA Weblogic -CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...) +CVE-2005-1743 NOT-FOR-US: BEA Weblogic -CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) +CVE-2005-1742 NOT-FOR-US: BEA Weblogic -CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...) +CVE-2005-1741 NOT-FOR-US: Halo -CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) +CVE-2005-1740 - net-snmp <not-affected> (fixproc not installed in Debian package) -CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) +CVE-2005-1739 - imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812) -CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...) +CVE-2005-1738 NOT-FOR-US: Iron Bars Shell -CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) +CVE-2005-1737 NOT-FOR-US: PROMS -CVE-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) +CVE-2005-1736 NOT-FOR-US: PROMS -CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...) +CVE-2005-1735 NOT-FOR-US: PROMS -CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...) +CVE-2005-1734 NOT-FOR-US: PROMS -CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...) +CVE-2005-1733 NOT-FOR-US: Cookie Cart -CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) +CVE-2005-1732 NOT-FOR-US: Cookie Cart CVE-2005-1731 REJECTED -CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...) +CVE-2005-1730 NOT-FOR-US: Novell iManager -CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) +CVE-2005-1729 NOT-FOR-US: Novell -CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) +CVE-2005-1728 NOT-FOR-US: Apple -CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) +CVE-2005-1727 NOT-FOR-US: Apple -CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users ...) +CVE-2005-1726 NOT-FOR-US: Apple -CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...) +CVE-2005-1725 NOT-FOR-US: Apple -CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...) +CVE-2005-1724 NOT-FOR-US: Apple -CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) +CVE-2005-1723 NOT-FOR-US: Apple -CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...) +CVE-2005-1722 NOT-FOR-US: Apple -CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) +CVE-2005-1721 NOT-FOR-US: Apple -CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) +CVE-2005-1720 NOT-FOR-US: Apple -CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) +CVE-2005-1719 NOT-FOR-US: avast! antivirus -CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) +CVE-2005-1718 NOT-FOR-US: War Times -CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...) +CVE-2005-1717 NOT-FOR-US: Zyxel hardware -CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...) +CVE-2005-1716 NOT-FOR-US: TOPo -CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...) +CVE-2005-1715 NOT-FOR-US: TOPo -CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...) +CVE-2005-1714 NOT-FOR-US: SurgeMail -CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) +CVE-2005-1713 NOT-FOR-US: Serendipity -CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...) +CVE-2005-1712 NOT-FOR-US: Serendipity -CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...) +CVE-2005-1711 NOT-FOR-US: Gibraltar Firewall -CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...) +CVE-2005-1710 NOT-FOR-US: Blue Coat -CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) +CVE-2005-1709 NOT-FOR-US: Blue Coat -CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...) +CVE-2005-1708 NOT-FOR-US: Blue Coat -CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) +CVE-2005-1707 NOT-FOR-US: Gentoo -CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) +CVE-2005-1706 - mailscanner 4.42.9 (bug #310774; low) [sarge] - mailscanner <no-dsa> (Minor issue) -CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) +CVE-2005-1705 - gdb 6.3-6 -CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) +CVE-2005-1704 - gdb 6.3-6 -CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) +CVE-2005-1703 NOT-FOR-US: Warrior Kings: Battles -CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) +CVE-2005-1702 NOT-FOR-US: Warrior Kings: Battles -CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) +CVE-2005-1701 NOT-FOR-US: PortailPHP -CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...) +CVE-2005-1700 NOT-FOR-US: PostNuke -CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...) +CVE-2005-1699 NOT-FOR-US: PostNuke -CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...) +CVE-2005-1698 NOT-FOR-US: PostNuke -CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...) +CVE-2005-1697 NOT-FOR-US: PostNuke -CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) +CVE-2005-1696 NOT-FOR-US: PostNuke -CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) +CVE-2005-1695 NOT-FOR-US: PostNuke -CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...) +CVE-2005-1694 NOT-FOR-US: PostNuke -CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) +CVE-2005-1693 NOT-FOR-US: CA Antivirus -CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...) +CVE-2005-1692 - gxine 0.4.7-0.1 (bug #310712; medium) -CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...) +CVE-2005-1691 NOT-FOR-US: SAP CVE-2005-1690 REJECTED -CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT ...) +CVE-2005-1689 {DSA-757-1} - krb5 1.3.6-4 (medium) -CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) +CVE-2005-1688 - wordpress 1.5.1-1 -CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...) +CVE-2005-1687 - wordpress 1.5.1-1 -CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...) +CVE-2005-1686 {DSA-753-1} NOTE: Only exploitable under rare circumstances - gedit 2.10.3-1 (low) -CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...) +CVE-2005-1685 NOT-FOR-US: episodex -CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...) +CVE-2005-1684 NOT-FOR-US: episodex -CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...) +CVE-2005-1683 NOT-FOR-US: Microsoft -CVE-2005-1682 (** DISPUTED ** ...) +CVE-2005-1682 NOT-FOR-US: Solstice Internet Mail Server -CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21, ...) +CVE-2005-1681 NOT-FOR-US: phpATM -CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...) +CVE-2005-1680 NOT-FOR-US: D-Link hardware -CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) +CVE-2005-1679 - picasm 1.12c-1 -CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) +CVE-2005-1678 NOT-FOR-US: Groove -CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) +CVE-2005-1677 NOT-FOR-US: Groove -CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...) +CVE-2005-1676 NOT-FOR-US: Groove -CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...) +CVE-2005-1675 NOT-FOR-US: Groove -CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...) +CVE-2005-1674 NOT-FOR-US: Help Center Live -CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...) +CVE-2005-1673 NOT-FOR-US: Help Center Live -CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...) +CVE-2005-1672 NOT-FOR-US: Help Center Live -CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...) +CVE-2005-1671 NOT-FOR-US: Yahoo Messenger -CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) +CVE-2005-1670 NOT-FOR-US: Extreme BlackDiamond hardware -CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) +CVE-2005-1669 NOT-FOR-US: Opera -CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) +CVE-2005-1668 NOT-FOR-US: YusASP Web Asset Manager -CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) +CVE-2005-1667 NOT-FOR-US: DataTrac Activity Console -CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...) +CVE-2005-1666 NOT-FOR-US: Orenosv -CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...) +CVE-2005-1665 NOT-FOR-US: Microsoft -CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...) +CVE-2005-1664 NOT-FOR-US: Microsoft -CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...) +CVE-2005-1663 NOT-FOR-US: Jeuce Personal Web Server -CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...) +CVE-2005-1662 NOT-FOR-US: Jeuce Personal Web Server -CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...) +CVE-2005-1661 NOT-FOR-US: Jeuce Personal Web Server -CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...) +CVE-2005-1660 NOT-FOR-US: EZGuestbook -CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...) +CVE-2005-1659 NOT-FOR-US: MyServer -CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...) +CVE-2005-1658 NOT-FOR-US: MyServer -CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) +CVE-2005-1657 NOT-FOR-US: Mercur Messaging -CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...) +CVE-2005-1656 NOT-FOR-US: Mercur Messaging -CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...) +CVE-2005-1655 NOT-FOR-US: AOL Instant Messenger -CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) +CVE-2005-1654 NOT-FOR-US: Hosting Controller CVE-2005-XXXX [Two DoS condition in ekg] - ekg 1:1.5+20050411-3 @@ -7744,137 +7744,137 @@ CVE-2005-XXXX [lcrash affected by libbfd integer overflows] - lcrash 7.0.0.pre.cvs.20050322-3 CVE-2005-XXXX [Multiple security problems in lbreakout2] - lbreakout2 2.5.2-2 -CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) +CVE-2005-1653 NOT-FOR-US: Woppoware -CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) +CVE-2005-1652 NOT-FOR-US: Woppoware -CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) +CVE-2005-1651 NOT-FOR-US: Woppoware -CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) +CVE-2005-1650 NOT-FOR-US: Woppoware -CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) +CVE-2005-1649 NOT-FOR-US: Windows -CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) +CVE-2005-1648 NOT-FOR-US: GASoft -CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) +CVE-2005-1647 NOT-FOR-US: GASoft -CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) +CVE-2005-1646 NOT-FOR-US: Fastream NETFile -CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) +CVE-2005-1645 NOT-FOR-US: Keyvan1 Gallery -CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) +CVE-2005-1644 NOT-FOR-US: Livre d'Or -CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) +CVE-2005-1643 NOT-FOR-US: Zoidcom -CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) +CVE-2005-1642 NOT-FOR-US: Woltlab Burning Board -CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) +CVE-2005-1641 NOT-FOR-US: Ignition Project -CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) +CVE-2005-1640 NOT-FOR-US: Ignition Project -CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) +CVE-2005-1639 NOT-FOR-US: Sigma -CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) +CVE-2005-1638 NOT-FOR-US: SafeHTML -CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) +CVE-2005-1637 NOT-FOR-US: NPDS -CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...) +CVE-2005-1636 {DSA-783-1} - mysql-dfsg 4.0.12-2 (bug #319526; low) - mysql-dfsg-4.1 4.1.12 (medium; bug #319526) - mysql-dfsg-5.0 5.0.11beta-3 (medium) -CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) +CVE-2005-1635 NOT-FOR-US: JGS-Portal -CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) +CVE-2005-1634 NOT-FOR-US: JGS-Portal -CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) +CVE-2005-1633 NOT-FOR-US: JGS-Portal -CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) +CVE-2005-1632 - cheetah 0.9.16-1 -CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) +CVE-2005-1631 NOT-FOR-US: Booby -CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) +CVE-2005-1630 NOT-FOR-US: phpbb attachment mod -CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) +CVE-2005-1629 NOT-FOR-US: Photopost -CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows ...) +CVE-2005-1628 NOT-FOR-US: WebAPP -CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) +CVE-2005-1627 - viewglob 2.0.1-1 [sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable) -CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) +CVE-2005-1626 NOT-FOR-US: Pico Server -CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...) +CVE-2005-1625 NOT-FOR-US: Acrobat Reader CVE-2005-1624 RESERVED CVE-2005-1623 RESERVED -CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) +CVE-2005-1622 NOT-FOR-US: MetaCart -CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) +CVE-2005-1621 NOT-FOR-US: Postnuke mod -CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) +CVE-2005-1620 NOT-FOR-US: Skull-Splitter Guestbook -CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2005-1619 NOT-FOR-US: PHPMyChat -CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) +CVE-2005-1618 NOT-FOR-US: Yahoo Messenger -CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) +CVE-2005-1617 NOT-FOR-US: Willings WebCAM -CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) +CVE-2005-1616 NOT-FOR-US: Ultimate PHP Board -CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) +CVE-2005-1615 NOT-FOR-US: Ultimate PHP Board -CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) +CVE-2005-1614 NOT-FOR-US: Ultimate PHP Board -CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...) +CVE-2005-1613 NOT-FOR-US: OpenBB -CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...) +CVE-2005-1612 NOT-FOR-US: OpenBB -CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...) +CVE-2005-1611 NOT-FOR-US: Web Crossing -CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) +CVE-2005-1610 NOT-FOR-US: Tru-Zone NukeET -CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) +CVE-2005-1609 NOT-FOR-US: Sun StorEdge 6130 Arrays -CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...) +CVE-2005-1608 NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke -CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...) +CVE-2005-1607 NOT-FOR-US: Remote Cart -CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) +CVE-2005-1606 NOT-FOR-US: H-Sphere Winbox -CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...) +CVE-2005-1605 NOT-FOR-US: guestbook for SiteStudio -CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) +CVE-2005-1604 NOT-FOR-US: phpATM -CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...) +CVE-2005-1603 NOT-FOR-US: NiteEnterprises Remote File Manager -CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) +CVE-2005-1602 NOT-FOR-US: Net56 Browser Based File Manager -CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...) +CVE-2005-1601 NOT-FOR-US: MRO Maximo Self Service -CVE-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) +CVE-2005-1600 NOT-FOR-US: LibTomCrypt -CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...) +CVE-2005-1599 NOT-FOR-US: Kryloff Technologies Subject Search Server -CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...) +CVE-2005-1598 NOT-FOR-US: Invision Power Board -CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...) +CVE-2005-1597 NOT-FOR-US: Invision Power Board -CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...) +CVE-2005-1596 NOT-FOR-US: Fusion SBX -CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...) +CVE-2005-1595 NOT-FOR-US: CodeThat ShoppingCart -CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...) +CVE-2005-1594 NOT-FOR-US: CodeThat ShoppingCart -CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...) +CVE-2005-1593 NOT-FOR-US: CodeThat ShoppingCart -CVE-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...) +CVE-2005-1592 NOT-FOR-US: BirdBlog -CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...) +CVE-2005-1591 NOT-FOR-US: Solaris -CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...) +CVE-2005-1590 NOT-FOR-US: Altiris Client Service for Windows CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] - clamav 0.85.1-1 (low) @@ -7882,107 +7882,107 @@ CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lin CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - xfree86 4.3.0.dfsg.1-14 (bug #308783) - xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree) -CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...) +CVE-2005-1589 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5) [sarge] - kernel-source-2.6.8 <not-affected> -CVE-2005-1588 (** DISPUTED ** ...) +CVE-2005-1588 NOT-FOR-US: Quick.cart -CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...) +CVE-2005-1587 NOT-FOR-US: Quick.cart -CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...) +CVE-2005-1586 NOT-FOR-US: Quick.Forum -CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...) +CVE-2005-1585 NOT-FOR-US: Quick.Forum -CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) +CVE-2005-1584 NOT-FOR-US: Quick.Forum -CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...) +CVE-2005-1583 NOT-FOR-US: 1Two News -CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...) +CVE-2005-1582 NOT-FOR-US: 1Two News -CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...) +CVE-2005-1581 NOT-FOR-US: bug_list.php -CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) +CVE-2005-1580 NOT-FOR-US: BoastMachine -CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) +CVE-2005-1579 NOT-FOR-US: Apple -CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...) +CVE-2005-1578 NOT-FOR-US: EnCase -CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...) +CVE-2005-1577 NOT-FOR-US: APG Classmaster -CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) +CVE-2005-1576 NOTE: appears windows specific -CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) +CVE-2005-1575 NOTE: appears windows specific -CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...) +CVE-2005-1574 NOT-FOR-US: Windows -CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...) +CVE-2005-1573 NOT-FOR-US: ASP Virtual News Manager -CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...) +CVE-2005-1572 NOT-FOR-US: ShowOff -CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...) +CVE-2005-1571 NOT-FOR-US: ShowOff -CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...) +CVE-2005-1570 NOTE: for-for-us (bttlxeForum) -CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...) +CVE-2005-1569 NOT-FOR-US: DirectTopics -CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...) +CVE-2005-1568 NOT-FOR-US: DirectTopics -CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...) +CVE-2005-1567 NOT-FOR-US: DirectTopics -CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) +CVE-2005-1566 NOT-FOR-US: Acrowave AAP-3100AR wireless router -CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) +CVE-2005-1565 [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18-7 (bug #308789; medium) -CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) +CVE-2005-1564 - bugzilla 2.16.7-7sarge1 -CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...) +CVE-2005-1563 - bugzilla 2.16.7-7sarge1 -CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...) +CVE-2005-1562 NOT-FOR-US: MaxWebPortal -CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) +CVE-2005-1561 NOT-FOR-US: MaxWebPortal -CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) +CVE-2005-1560 NOT-FOR-US: Nexusway -CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) +CVE-2005-1559 NOT-FOR-US: Nexusway -CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...) +CVE-2005-1558 NOT-FOR-US: Nexusway -CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...) +CVE-2005-1557 NOT-FOR-US: WebApp Guestbook PRO -CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...) +CVE-2005-1556 NOT-FOR-US: Gamespy cd-key validation system -CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) +CVE-2005-1555 NOT-FOR-US: JRun -CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) +CVE-2005-1554 NOT-FOR-US: WowBB -CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) +CVE-2005-1553 NOT-FOR-US: GeoVision Digital Video Surveillance System -CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...) +CVE-2005-1552 NOT-FOR-US: GeoVision Digital Video Surveillance System -CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...) +CVE-2005-1551 NOT-FOR-US: Sophos Anti-Virus -CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...) +CVE-2005-1550 NOT-FOR-US: easy message board -CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) +CVE-2005-1549 NOT-FOR-US: easy message board -CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...) +CVE-2005-1548 NOT-FOR-US: Advanced Guestbook -CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) +CVE-2005-1547 NOT-FOR-US: Bakbone Netvault -CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) +CVE-2005-1546 {DSA-743-1} - ht 0.8.0-3 (bug #308587) -CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) +CVE-2005-1545 {DSA-743-1} - ht 0.8.0-3 (bug #308587) -CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...) +CVE-2005-1544 {DSA-755-1} NOTE: CVE info about vulnerable version number is bogus - tiff 3.7.2-3 (bug #309739) - tiff3 <not-affected> (fixed prior to initial upload) -CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) +CVE-2005-1543 NOT-FOR-US: Novell Zenworks CVE-2005-1542 RESERVED @@ -8004,50 +8004,50 @@ CVE-2005-1534 RESERVED CVE-2005-1533 RESERVED -CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly ...) +CVE-2005-1532 {DSA-781-1} - mozilla-firefox 1.0.4 - mozilla 2:1.7.8 - mozilla-thunderbird 1.0.6-1 (bug #318728; high) -CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) +CVE-2005-1531 - mozilla-firefox 1.0.4 - mozilla 2:1.7.8 -CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, ...) +CVE-2005-1530 NOT-FOR-US: Sophos CVE-2005-1529 RESERVED -CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...) +CVE-2005-1528 NOT-FOR-US: QNX -CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...) +CVE-2005-1527 {DSA-892-1} - awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium) -CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in ...) +CVE-2005-1526 {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) -CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) +CVE-2005-1525 {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) -CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...) +CVE-2005-1524 {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) -CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) +CVE-2005-1523 {DSA-732-1} - mailutils 1:0.6.1-3 -CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...) +CVE-2005-1522 {DSA-732-1} - mailutils 1:0.6.1-3 -CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...) +CVE-2005-1521 {DSA-732-1} - mailutils 1:0.6.1-3 -CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...) +CVE-2005-1520 {DSA-732-1} - mailutils 1:0.6.1-3 -CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) +CVE-2005-1519 {DSA-751-1} - squid 2.5.9-9 (bug #309504) -CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...) +CVE-2005-1518 NOT-FOR-US: Solaris -CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...) +CVE-2005-1517 NOT-FOR-US: Cisco CVE-2005-XXXX [Buffer overflow in libotr] - libotr 2.0.2-1 @@ -8064,97 +8064,97 @@ CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] NOTE: Source package has been renamed from unrar to unrar-free - unrar-free 1:0.0.1-2 -CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) +CVE-2005-1512 NOT-FOR-US: PwsPHP -CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...) +CVE-2005-1511 NOT-FOR-US: PwsPHP -CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...) +CVE-2005-1510 NOT-FOR-US: PwsPHP -CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...) +CVE-2005-1509 NOT-FOR-US: PwsPHP -CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...) +CVE-2005-1508 NOT-FOR-US: PwsPHP -CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) +CVE-2005-1507 NOT-FOR-US: WebSTAR -CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...) +CVE-2005-1506 NOT-FOR-US: CJ Ultra Plus -CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...) +CVE-2005-1505 NOT-FOR-US: MacOS -CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...) +CVE-2005-1504 NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit -CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...) +CVE-2005-1503 NOT-FOR-US: MidiCart -CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...) +CVE-2005-1502 NOT-FOR-US: MidiCart -CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...) +CVE-2005-1501 NOT-FOR-US: MidiCart -CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...) +CVE-2005-1500 NOT-FOR-US: myBloggie -CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...) +CVE-2005-1499 NOT-FOR-US: myBloggie -CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...) +CVE-2005-1498 NOT-FOR-US: myBloggie -CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...) +CVE-2005-1497 NOT-FOR-US: myBloggie -CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...) +CVE-2005-1496 NOT-FOR-US: Oracle -CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...) +CVE-2005-1495 NOT-FOR-US: Oracle -CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...) +CVE-2005-1494 NOT-FOR-US: MegaBook -CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...) +CVE-2005-1493 NOT-FOR-US: SimpleCam -CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...) +CVE-2005-1492 NOT-FOR-US: Gossamer Threads Links -CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...) +CVE-2005-1491 NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...) +CVE-2005-1490 NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...) +CVE-2005-1489 NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...) +CVE-2005-1488 NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 -CVE-2005-1487 (** DISPUTED ** ...) +CVE-2005-1487 NOT-FOR-US: FishCart -CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...) +CVE-2005-1486 NOT-FOR-US: FishCart -CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...) +CVE-2005-1485 NOT-FOR-US: Golden FTP Server Pro -CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) +CVE-2005-1484 NOT-FOR-US: Golden FTP Server Pro -CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...) +CVE-2005-1483 NOT-FOR-US: ArticleLive -CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...) +CVE-2005-1482 NOT-FOR-US: ArticleLive -CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...) +CVE-2005-1481 NOT-FOR-US: ASP Inline Corporate Calendar -CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...) +CVE-2005-1480 NOT-FOR-US: RaidenFTPD -CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...) +CVE-2005-1479 NOT-FOR-US: JGS-Portal -CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...) +CVE-2005-1478 NOT-FOR-US: DMail -CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...) +CVE-2005-1516 NOT-FOR-US: DMail -CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...) +CVE-2005-1515 - qmail 1.03-38 -CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...) +CVE-2005-1514 - qmail 1.03-38 -CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...) +CVE-2005-1513 - qmail 1.03-38 -CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) +CVE-2005-1477 - mozilla-firefox 1.0.4-1 -CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) +CVE-2005-1476 - mozilla-firefox 1.0.4-1 -CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) +CVE-2005-1475 NOT-FOR-US: Opera -CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) +CVE-2005-1474 NOT-FOR-US: Apple -CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) +CVE-2005-1473 NOT-FOR-US: Apple -CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) +CVE-2005-1472 NOT-FOR-US: Apple -CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) +CVE-2005-1471 NOT-FOR-US: RSA SecurID Web Agent CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] - mailutils 1:0.6.1-2 @@ -8165,7 +8165,7 @@ CVE-2005-2352 [Temp file races in gs-gpl addons scripts] - gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant) CVE-2005-XXXX [Possible SQL injection in freeradius] - freeradius 1.0.2-4 -CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...) +CVE-2005-2353 {DSA-1051-1 DSA-1046-1} - mozilla-thunderbird 1.0.6-1 (bug #306893; low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) @@ -8182,41 +8182,41 @@ CVE-2005-XXXX [trackballs: Follows symlinks as gid games] NOTE: CVE request sent to mitre (who sent this? any response?) NOTE: Trackballs doesn't run as gid games anymore, high-score files are NOTE: stored in user's home directories instead. -CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) +CVE-2005-1470 - ethereal 0.10.10-2sarge2 -CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) +CVE-2005-1469 - ethereal 0.10.10-2sarge2 -CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...) +CVE-2005-1468 - ethereal 0.10.10-2sarge2 -CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...) +CVE-2005-1467 - ethereal 0.10.10-2sarge2 -CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...) +CVE-2005-1466 - ethereal 0.10.10-2sarge2 -CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...) +CVE-2005-1465 - ethereal 0.10.10-2sarge2 -CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...) +CVE-2005-1464 - ethereal 0.10.10-2sarge2 -CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...) +CVE-2005-1463 - ethereal 0.10.10-2sarge2 -CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before ...) +CVE-2005-1462 - ethereal 0.10.10-2sarge2 -CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...) +CVE-2005-1461 - ethereal 0.10.10-2sarge2 -CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...) +CVE-2005-1460 - ethereal 0.10.10-2sarge2 -CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...) +CVE-2005-1459 - ethereal 0.10.10-2sarge2 -CVE-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal ...) +CVE-2005-1458 - ethereal 0.10.10-2sarge2 -CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...) +CVE-2005-1457 - ethereal 0.10.10-2sarge2 -CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...) +CVE-2005-1456 - ethereal 0.10.10-2sarge2 -CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...) +CVE-2005-1455 - freeradius 1.0.2-4 -CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...) +CVE-2005-1454 - freeradius 1.0.2-4 -CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...) +CVE-2005-1453 - leafnode 1.11.2.rel-1 CVE-2005-XXXX [Missing input validation in xtradius] - xtradius 1.2.1-beta2-2 (bug #307796; unimportant) @@ -8233,129 +8233,129 @@ CVE-2005-XXXX [Buffer overflow in elog's header buffer] - elog 2.5.7+r1558-3 (bug #349528; high) CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] - ipsec-tools 1:0.5.2-1 -CVE-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...) +CVE-2005-1452 - serendipity 1.0-1 -CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) +CVE-2005-1451 - serendipity 1.0-1 -CVE-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) +CVE-2005-1450 - serendipity 1.0-1 -CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...) +CVE-2005-1449 - serendipity 1.0-1 -CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) +CVE-2005-1448 - serendipity 1.0-1 -CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...) +CVE-2005-1447 NOT-FOR-US: SitePanel -CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) +CVE-2005-1446 NOT-FOR-US: SitePanel -CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...) +CVE-2005-1445 NOT-FOR-US: SitePanel -CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) +CVE-2005-1444 NOT-FOR-US: SitePanel -CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) +CVE-2005-1443 NOT-FOR-US: Invision Power Board -CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) +CVE-2005-1442 NOT-FOR-US: Lotus Domino -CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...) +CVE-2005-1441 NOT-FOR-US: Lotus Domino -CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...) +CVE-2005-1440 NOT-FOR-US: ViArt Shop -CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) +CVE-2005-1439 NOT-FOR-US: osTicket -CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...) +CVE-2005-1438 NOT-FOR-US: osTicket -CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) +CVE-2005-1437 NOT-FOR-US: osTicket -CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) +CVE-2005-1436 NOT-FOR-US: osTicket -CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...) +CVE-2005-1435 - openwebmail <removed> -CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) +CVE-2005-1434 NOT-FOR-US: HP OpenView -CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...) +CVE-2005-1433 NOT-FOR-US: HP OpenView CVE-2005-1432 RESERVED -CVE-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) +CVE-2005-1431 - gnutls11 1.0.16-13.1 (bug #309111; bug #307641) -CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) +CVE-2005-1430 NOT-FOR-US: Mac OS X -CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) +CVE-2005-1429 NOT-FOR-US: WWWguestbook -CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) +CVE-2005-1428 NOT-FOR-US: Uapplication Uphotogallery -CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) +CVE-2005-1427 NOT-FOR-US: Uapplication Uphotogallery -CVE-2005-1426 (Uapplication Ublog Reload stores sensitive information under the web ...) +CVE-2005-1426 NOT-FOR-US: Uapplication Ublog -CVE-2005-1425 (Uapplication Uguestbook 1.0 stores sensitive information under the web ...) +CVE-2005-1425 NOT-FOR-US: Uapplication Uguestbook -CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) +CVE-2005-1424 NOT-FOR-US: GoText -CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) +CVE-2005-1423 NOT-FOR-US: 602 LAN SUITE -CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) +CVE-2005-1422 NOT-FOR-US: Raysoft Video Cam Server -CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) +CVE-2005-1421 NOT-FOR-US: Raysoft Video Cam Server -CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) +CVE-2005-1420 NOT-FOR-US: Raysoft Video Cam Server -CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...) +CVE-2005-1419 NOT-FOR-US: Ocean12 Mailing list manager -CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) +CVE-2005-1418 NOT-FOR-US: Netleaf -CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) +CVE-2005-1417 NOT-FOR-US: MaxWebPortal -CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...) +CVE-2005-1416 NOT-FOR-US: 04WebServer -CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...) +CVE-2005-1415 NOT-FOR-US: GlobalSCAPE Secure FTP Server -CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...) +CVE-2005-1414 NOT-FOR-US: FilePocket -CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...) +CVE-2005-1413 NOT-FOR-US: enVivo -CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...) +CVE-2005-1412 NOT-FOR-US: ECommPro -CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...) +CVE-2005-1411 NOT-FOR-US: ICUII -CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...) +CVE-2005-1410 - postgresql 7.4.7-6 -CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) +CVE-2005-1409 - postgresql 7.4.7-6 -CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) +CVE-2005-1408 NOT-FOR-US: Apple -CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) +CVE-2005-1407 NOT-FOR-US: Skype -CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) +CVE-2005-1406 - kfreebsd5-source 5.3-10 -CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) +CVE-2005-1405 NOT-FOR-US: Lotus Domino -CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) +CVE-2005-1404 NOT-FOR-US: MyPHP Forum -CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...) +CVE-2005-1403 NOT-FOR-US: JW Amazon Web Store -CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) +CVE-2005-1402 NOT-FOR-US: NeL libarary -CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) +CVE-2005-1401 NOT-FOR-US: Mtp-Target -CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...) +CVE-2005-1400 - kfreebsd5-source 5.3-10 -CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...) +CVE-2005-1399 - kfreebsd5-source 5.3-10 -CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) +CVE-2005-1398 NOT-FOR-US: PHPCart -CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) +CVE-2005-1397 NOT-FOR-US: PHPCalender -CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) +CVE-2005-1396 NOT-FOR-US: ARPUS Ceterm -CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) +CVE-2005-1395 NOT-FOR-US: ARPUS Ceterm -CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) +CVE-2005-1394 NOT-FOR-US: ArcGIS -CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) +CVE-2005-1393 NOT-FOR-US: ArcGIS -CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) +CVE-2005-1392 - phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway) -CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) +CVE-2005-1391 {DSA-934-1} [sarge] - pound 1.8.2-1sarge1 - pound 1.8.2-1.1 (bug #307852; bug #311548; medium) @@ -8363,289 +8363,289 @@ CVE-2005-1390 REJECTED CVE-2005-1389 REJECTED -CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) +CVE-2005-1388 NOT-FOR-US: SURVIVOR -CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) +CVE-2005-1387 NOT-FOR-US: Mac OS X -CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) +CVE-2005-1386 NOT-FOR-US: PHP-Nuke -CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) +CVE-2005-1385 NOT-FOR-US: Safari -CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) +CVE-2005-1384 NOT-FOR-US: phpCoin -CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) +CVE-2005-1383 NOT-FOR-US: Oracle -CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) +CVE-2005-1382 NOT-FOR-US: Oracle -CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) +CVE-2005-1381 NOT-FOR-US: Oracle -CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) +CVE-2005-1380 NOT-FOR-US: BEA Weblogic -CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) +CVE-2005-1379 - lam <not-affected> (Mandrake specific packaging flaw) -CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) +CVE-2005-1378 NOT-FOR-US: phpbb mod -CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...) +CVE-2005-1377 NOT-FOR-US: Claroline -CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) +CVE-2005-1376 NOT-FOR-US: Claroline -CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) +CVE-2005-1375 NOT-FOR-US: Claroline -CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) +CVE-2005-1374 NOT-FOR-US: Claroline -CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) +CVE-2005-1373 NOT-FOR-US: Koobi CMS -CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) +CVE-2005-1372 NOT-FOR-US: NetVault -CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) +CVE-2005-1371 NOT-FOR-US: NetVault -CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) +CVE-2005-1370 NOT-FOR-US: HP OpenView -CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) +CVE-2005-1369 - kernel-source-2.4.27 <not-affected> - kernel-source-2.6.8 2.6.8-16 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8) -CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) +CVE-2005-1368 [sarge] - kernel-source-2.6.8 <not-affected> - kernel-source-2.4.27 <not-affected> - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8) -CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) +CVE-2005-1367 NOT-FOR-US: pServ -CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) +CVE-2005-1366 NOT-FOR-US: pServ -CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) +CVE-2005-1365 NOT-FOR-US: pServ CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd] - shadow 4.0.8 [sarge] - shadow <not-affected> (was introduced after version 4.0.3) [woody] - shadow <not-affected> (was introduced after version 4.0.3) -CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...) +CVE-2005-1364 NOT-FOR-US: MetaBid Auctions -CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...) +CVE-2005-1363 NOT-FOR-US: MetaCart -CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...) +CVE-2005-1362 NOT-FOR-US: MetaCart -CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...) +CVE-2005-1361 NOT-FOR-US: MetaCart -CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 ...) +CVE-2005-1360 NOT-FOR-US: GrayCMS -CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...) +CVE-2005-1359 NOT-FOR-US: text.cgi -CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...) +CVE-2005-1358 NOT-FOR-US: text.cgi -CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) +CVE-2005-1357 NOT-FOR-US: text.cgi -CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...) +CVE-2005-1356 NOT-FOR-US: includer.cgi -CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) +CVE-2005-1355 NOT-FOR-US: includer.cgi -CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...) +CVE-2005-1354 NOT-FOR-US: forum.pl -CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...) +CVE-2005-1353 NOT-FOR-US: forum.pl -CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...) +CVE-2005-1352 NOT-FOR-US: ad.cgi -CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...) +CVE-2005-1351 NOT-FOR-US: ad.cgi -CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...) +CVE-2005-1350 NOT-FOR-US: ad.cgi -CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...) +CVE-2005-1349 {DSA-727-1} - libconvert-uulib-perl 1.0.5.1 -CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) +CVE-2005-1348 NOT-FOR-US: MailEnable -CVE-2005-1347 (** UNVERIFIABLE ** ...) +CVE-2005-1347 NOT-FOR-US: acrobat -CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) +CVE-2005-1346 NOT-FOR-US: Symantec -CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...) +CVE-2005-1345 {DSA-721-1} - squid 2.5.9-7 -CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...) +CVE-2005-1344 - apache2 2.0.54-3 (bug #322604) -CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...) +CVE-2005-1343 NOT-FOR-US: vpnd for Mac OS X -CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...) +CVE-2005-1342 NOT-FOR-US: Apple Terminal -CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...) +CVE-2005-1341 NOT-FOR-US: Apple Terminal -CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...) +CVE-2005-1340 NOT-FOR-US: Mac OS X -CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...) +CVE-2005-1339 - lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot) -CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...) +CVE-2005-1338 NOT-FOR-US: Mac OS X -CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...) +CVE-2005-1337 NOT-FOR-US: Mac OS X -CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...) +CVE-2005-1336 NOT-FOR-US: Mac OS X -CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...) +CVE-2005-1335 NOT-FOR-US: Mac OS X CVE-2005-1334 REJECTED -CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...) +CVE-2005-1333 NOT-FOR-US: Mac OS X -CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...) +CVE-2005-1332 NOT-FOR-US: Mac OS X -CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...) +CVE-2005-1331 NOT-FOR-US: Mac OS X -CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...) +CVE-2005-1330 NOT-FOR-US: Mac OS X -CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...) +CVE-2005-1329 NOT-FOR-US: OneWorldStore -CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...) +CVE-2005-1328 NOT-FOR-US: OneWorldStore -CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...) +CVE-2005-1327 NOT-FOR-US: Woltlab Burning Board -CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...) +CVE-2005-1326 NOT-FOR-US: VooDoo cIRCle BOTNET -CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...) +CVE-2005-1325 NOT-FOR-US: phpMyVisites -CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) +CVE-2005-1324 NOT-FOR-US: phpMyVisites -CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) +CVE-2005-1323 NOT-FOR-US: NetTerm -CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) +CVE-2005-1322 - nag 1.1-3.1 (bug #307173) -CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) +CVE-2005-1321 - sork-vacation 2.2.2-1 -CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...) +CVE-2005-1320 - mnemo 1.1-2.1 (bug #307180) - mnemo2 <not-affected> (fixed before 2.1.1) -CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...) +CVE-2005-1319 - imp4 <not-affected> - imp3 3.2.8-1 (bug #328218; low) -CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...) +CVE-2005-1318 - sork-forwards 2.2.2-1 -CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...) +CVE-2005-1317 NOT-FOR-US: Hord Chora module -CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...) +CVE-2005-1316 - sork-accounts 2.1.2-1 -CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...) +CVE-2005-1315 - turba 1.2.5-1 -CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...) +CVE-2005-1314 - kronolith 1.1.4-1 -CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) +CVE-2005-1313 - sork-passwd 2.2.2-1 -CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 ...) +CVE-2005-1312 NOT-FOR-US: Yappa-NG -CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) +CVE-2005-1311 NOT-FOR-US: Yappa-NG -CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) +CVE-2005-1310 NOT-FOR-US: bBlog -CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) +CVE-2005-1309 NOT-FOR-US: bBlog -CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) +CVE-2005-1308 - courier <unfixed> (bug #307575; unimportant) -CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...) +CVE-2005-1307 NOT-FOR-US: Adobe Version Cue -CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...) +CVE-2005-1306 NOT-FOR-US: Adobe Reader 7 -CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) +CVE-2005-1305 NOT-FOR-US: hyper.cgi -CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) +CVE-2005-1304 NOT-FOR-US: citat.pl -CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...) +CVE-2005-1303 NOT-FOR-US: citat.pl -CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) +CVE-2005-1302 NOT-FOR-US: Confixx -CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) +CVE-2005-1301 NOT-FOR-US: nProtect:Netizen -CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...) +CVE-2005-1300 NOT-FOR-US: inserter.cgi -CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...) +CVE-2005-1299 NOT-FOR-US: inserter.cgi -CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...) +CVE-2005-1298 NOT-FOR-US: inserter.cgi -CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...) +CVE-2005-1297 NOT-FOR-US: include.cgi -CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...) +CVE-2005-1296 NOT-FOR-US: include.cgi -CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) +CVE-2005-1295 NOT-FOR-US: include.cgi -CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...) +CVE-2005-1294 - affix-kernel 2.1.1-1.1 -CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...) +CVE-2005-1293 NOT-FOR-US: StorePortal -CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...) +CVE-2005-1292 NOT-FOR-US: CartWIZ ASP Cart -CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) +CVE-2005-1291 NOT-FOR-US: CartWIZ ASP Cart -CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) +CVE-2005-1290 - phpbb2 2.0.13-6sarge1 (low) -CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) +CVE-2005-1289 NOT-FOR-US: E-Cart -CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) +CVE-2005-1288 NOT-FOR-US: ACS Blog -CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...) +CVE-2005-1287 NOT-FOR-US: BK Forum -CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows ...) +CVE-2005-1286 NOT-FOR-US: Bitdefender -CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...) +CVE-2005-1285 NOT-FOR-US: Woltlab Burning Board -CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...) +CVE-2005-1284 NOT-FOR-US: Argosoft Mail Server Pro -CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...) +CVE-2005-1283 NOT-FOR-US: Argosoft Mail Server Pro -CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...) +CVE-2005-1282 NOT-FOR-US: Argosoft Mail Server Pro -CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) +CVE-2005-1281 - ethereal 0.10.10-2 -CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...) +CVE-2005-1280 - ethereal 0.10.10-2 - tcpdump 3.8.3-4 -CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-1279 {DSA-850-1} - tcpdump 3.8.3-4 -CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) +CVE-2005-1278 - tcpdump 3.8.3-4 (bug #307920) CVE-2005-1277 REJECTED CVE-2005-1276 RESERVED -CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) +CVE-2005-1275 - imagemagick 6:6.0.6.2-2.3 (bug #306424) -CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) +CVE-2005-1274 - maxdb-7.5.00 7.5.00.24-3 CVE-2005-1273 RESERVED -CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...) +CVE-2005-1272 NOT-FOR-US: Backup Agent for Microsoft SQL CVE-2005-1271 REJECTED -CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...) +CVE-2005-1270 - rkhunter 1.2.7-14 (medium) CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 -CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) +CVE-2005-1269 {DSA-734-1} - gaim 1:1.3.1-1 (bug #315356; low) -CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...) +CVE-2005-1268 {DSA-805-1} - apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low) - apache <not-affected> (Not affected, see #322613) -CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) +CVE-2005-1267 {DSA-854-1} - tcpdump 3.9.0.cvs.20050614-1 (medium) -CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...) +CVE-2005-1266 {DSA-736-2 DSA-736-1} - spamassassin 3.0.4-1 (bug #314447; medium) -CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...) +CVE-2005-1265 {DSA-922-1} - linux-2.6 2.6.12-1 -CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) +CVE-2005-1264 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10) [sarge] - kernel-source-2.6.8 2.6.8-16 -CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...) +CVE-2005-1263 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4) [sarge] - kernel-source-2.6.8 2.6.8-16 [sarge] - kernel-source-2.4.27 2.4.27-10 NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H -CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-1262 - gaim 1:1.2.1-1.1 -CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...) +CVE-2005-1261 - gaim 1:1.2.1-1.1 -CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...) +CVE-2005-1260 {DSA-741-1} - bzip2 1.0.2-7 CVE-2005-1259 @@ -8654,290 +8654,290 @@ CVE-2005-1258 RESERVED CVE-2005-1257 RESERVED -CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) +CVE-2005-1256 NOT-FOR-US: IMail -CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) +CVE-2005-1255 NOT-FOR-US: IMail -CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) +CVE-2005-1254 NOT-FOR-US: IMail CVE-2005-1253 RESERVED -CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) +CVE-2005-1252 NOT-FOR-US: IMail CVE-2005-1251 RESERVED -CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...) +CVE-2005-1250 NOT-FOR-US: IpSwitch -CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) +CVE-2005-1249 NOT-FOR-US: IMail -CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) +CVE-2005-1248 NOT-FOR-US: Apple iTunes -CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) +CVE-2005-1247 NOT-FOR-US: Novell Nsure Audit -CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...) +CVE-2005-1246 NOT-FOR-US: snmppd CVE-2005-XXXX [Multiple security problems in Quake 2] NOTE: this release added lots of warnings about the security problems - quake2 1:0.3-1.1 -CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) +CVE-2005-1245 - mediawiki 1.4.9 (bug #276057) -CVE-2005-1244 (** DISPUTED ** ...) +CVE-2005-1244 NOT-FOR-US: AS/400 FTP server addon -CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...) +CVE-2005-1243 NOT-FOR-US: AS/400 FTP server addon -CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) +CVE-2005-1242 NOT-FOR-US: AS/400 FTP server addon -CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...) +CVE-2005-1241 NOT-FOR-US: AS/400 FTP server addon -CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...) +CVE-2005-1240 NOT-FOR-US: AS/400 FTP server addon -CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...) +CVE-2005-1239 NOT-FOR-US: AS/400 FTP server addon -CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) +CVE-2005-1238 NOT-FOR-US: AS/400 FTP server -CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...) +CVE-2005-1237 NOT-FOR-US: FlexPHPNews -CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...) +CVE-2005-1236 NOT-FOR-US: DUPortal -CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...) +CVE-2005-1235 NOT-FOR-US: phpbb-Auction -CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) +CVE-2005-1234 NOT-FOR-US: phpbb-Auction -CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...) +CVE-2005-1233 NOT-FOR-US: PHP Labs proFile -CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) +CVE-2005-1232 NOT-FOR-US: Sun ONE Proxy Server -CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...) +CVE-2005-1231 NOT-FOR-US: JAWS -CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) +CVE-2005-1230 NOT-FOR-US: Yawcan -CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) +CVE-2005-1229 {DSA-846-1} - cpio 2.6-6 (bug #306693; medium) -CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) +CVE-2005-1228 {DSA-752-1} - gzip 1.3.5-10 -CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) +CVE-2005-1227 NOT-FOR-US: PHPProjekt -CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...) +CVE-2005-1226 NOT-FOR-US: Coppermine Photo Gallery -CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) +CVE-2005-1225 NOT-FOR-US: Coppermine Photo Gallery -CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...) +CVE-2005-1224 NOT-FOR-US: DUPortal -CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) +CVE-2005-1223 NOT-FOR-US: Ocean12 Calender manager -CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...) +CVE-2005-1222 NOT-FOR-US: Annuaire Netref -CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) +CVE-2005-1221 NOT-FOR-US: ECommPro -CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...) +CVE-2005-1220 NOT-FOR-US: Shoutbox -CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...) +CVE-2005-1219 NOT-FOR-US: Microsoft Color Management Module -CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...) +CVE-2005-1218 NOT-FOR-US: Microsoft Color Management Module CVE-2005-1217 RESERVED -CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...) +CVE-2005-1216 NOT-FOR-US: Microsoft -CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...) +CVE-2005-1215 NOT-FOR-US: Microsoft -CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...) +CVE-2005-1214 NOT-FOR-US: Microsoft -CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...) +CVE-2005-1213 NOT-FOR-US: Microsoft -CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...) +CVE-2005-1212 NOT-FOR-US: Microsoft -CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...) +CVE-2005-1211 NOT-FOR-US: Microsoft CVE-2005-1210 RESERVED CVE-2005-1209 RESERVED -CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...) +CVE-2005-1208 NOT-FOR-US: Microsoft -CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) +CVE-2005-1207 NOT-FOR-US: Microsoft -CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...) +CVE-2005-1206 NOT-FOR-US: Microsoft -CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...) +CVE-2005-1205 NOT-FOR-US: Microsoft CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] - libpam-ssh 1.91.0-9 -CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...) +CVE-2005-1204 NOT-FOR-US: Desktop Rover -CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...) +CVE-2005-1203 - egroupware 1.0.0.007-2.dfsg-1 -CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...) +CVE-2005-1202 - egroupware 1.0.0.007-2.dfsg-1 -CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) +CVE-2005-1201 NOT-FOR-US: AZbb -CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ ...) +CVE-2005-1200 NOT-FOR-US: AZbb -CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...) +CVE-2005-1199 NOT-FOR-US: UBB.threads -CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...) +CVE-2005-1198 NOT-FOR-US: Anaconda Foundation Directory -CVE-2005-1197 (SQL injection vulnerability in the ...) +CVE-2005-1197 NOT-FOR-US: Oracle -CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...) +CVE-2005-1196 NOT-FOR-US: PHPBB Knowledgebase Mod -CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...) +CVE-2005-1195 - xine-lib 1.0.1-1 - mplayer <not-affected> (fixed in 1.0-pre7, which was released before etch) -CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) +CVE-2005-1194 - nasm 0.98.38-1.2 (bug #309049) -CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...) +CVE-2005-1193 - phpbb2 2.0.13-6sarge1 (medium) -CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) +CVE-2005-1192 NOT-FOR-US: HP-UX -CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...) +CVE-2005-1191 NOT-FOR-US: Windows -CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...) +CVE-2005-1190 NOT-FOR-US: WebcamXP -CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...) +CVE-2005-1189 NOT-FOR-US: WebcamXP -CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...) +CVE-2005-1188 NOT-FOR-US: ComersusCart -CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...) +CVE-2005-1187 NOT-FOR-US: WinHex -CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...) +CVE-2005-1186 NOT-FOR-US: Musicmatch -CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox ...) +CVE-2005-1185 NOT-FOR-US: Musicmatch -CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...) +CVE-2005-1184 NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced -CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...) +CVE-2005-1183 NOT-FOR-US: mvnForum -CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...) +CVE-2005-1182 NOT-FOR-US: iSeries OS -CVE-2005-1181 (** DISPUTED ** ...) +CVE-2005-1181 NOT-FOR-US: Ariadne CMS -CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...) +CVE-2005-1180 NOT-FOR-US: PHP-Nuke -CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...) +CVE-2005-1179 NOT-FOR-US: Xerox -CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...) +CVE-2005-1178 NOT-FOR-US: Oracle -CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...) +CVE-2005-1177 - webmin <not-affected> NOTE: I haven't found further information on this, but this appears to only NOTE: affect non-Debian setups -CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) +CVE-2005-1176 NOT-FOR-US: AIX -CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...) +CVE-2005-1175 {DSA-757-1} - krb5 1.3.6-4 (bug #318437; medium) -CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...) +CVE-2005-1174 {DSA-757-1} - krb5 1.3.6-4 (bug #318437; medium) -CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...) +CVE-2005-1173 NOT-FOR-US: PMSoftware Simple Web Server -CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...) +CVE-2005-1172 NOT-FOR-US: Coppermine Photo Gallery -CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...) +CVE-2005-1171 NOT-FOR-US: moddb phpbb2 add-on -CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...) +CVE-2005-1170 NOT-FOR-US: moddb phpbb2 add-on -CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...) +CVE-2005-1169 NOT-FOR-US: Mafia Blog -CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...) +CVE-2005-1168 NOT-FOR-US: Musicmatch -CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...) +CVE-2005-1167 NOT-FOR-US: Musicmatch -CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...) +CVE-2005-1166 NOT-FOR-US: Dameware -CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-1165 NOT-FOR-US: Yager game -CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-1164 NOT-FOR-US: Yager game -CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...) +CVE-2005-1163 NOT-FOR-US: Yager game -CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...) +CVE-2005-1162 NOT-FOR-US: OneWorldStore -CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...) +CVE-2005-1161 NOT-FOR-US: OneWorldStore -CVE-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...) +CVE-2005-1160 {DSA-781-1} - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 - mozilla-thunderbird 1.0.6-1 (bug #318728; high) -CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...) +CVE-2005-1159 {DSA-781-1} - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CVE-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow ...) +CVE-2005-1158 - mozilla-firefox 1.0.3-1 -CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) +CVE-2005-1157 - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 -CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...) +CVE-2005-1156 - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 -CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...) +CVE-2005-1155 - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 -CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...) +CVE-2005-1154 - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 -CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...) +CVE-2005-1153 - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 -CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...) +CVE-2005-1152 {DSA-728-1} - qpopper 4.0.5-4sarge1 -CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...) +CVE-2005-1151 {DSA-728-1} - qpopper 4.0.5-4sarge1 -CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) +CVE-2005-1150 NOT-FOR-US: Sun Java -CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...) +CVE-2005-1149 NOT-FOR-US: ACNews -CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...) +CVE-2005-1148 NOT-FOR-US: CalenderScript -CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...) +CVE-2005-1147 NOT-FOR-US: CalenderScript -CVE-2005-1146 (** DISPUTED ** ...) +CVE-2005-1146 NOT-FOR-US: CalenderScript -CVE-2005-1145 (** DISPUTED ** ...) +CVE-2005-1145 NOT-FOR-US: CalenderScript -CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...) +CVE-2005-1144 NOT-FOR-US: EasyPHPCalender -CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2005-1143 NOT-FOR-US: EasyPHPCalender -CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...) +CVE-2005-1142 - gocr 0.39-5 -CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) +CVE-2005-1141 - gocr 0.39-5 -CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...) +CVE-2005-1140 NOT-FOR-US: MyBloggie -CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...) +CVE-2005-1139 NOT-FOR-US: Opera -CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...) +CVE-2005-1138 NOT-FOR-US: Kerio -CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...) +CVE-2005-1137 NOT-FOR-US: sphpBlog -CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...) +CVE-2005-1136 NOT-FOR-US: sphpBlog -CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) +CVE-2005-1135 NOT-FOR-US: sphpBlog -CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) +CVE-2005-1134 NOT-FOR-US: Serendipity -CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) +CVE-2005-1133 NOT-FOR-US: AS/400 system software -CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...) +CVE-2005-1132 NOT-FOR-US: LG mobile phone -CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) +CVE-2005-1131 NOT-FOR-US: Veritas Focalpoint Server -CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) +CVE-2005-1130 NOT-FOR-US: PinnacleCart -CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...) +CVE-2005-1129 - egroupware 1.0.0.007-2.dfsg-1 -CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...) +CVE-2005-1128 NOT-FOR-US: VHCS -CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...) +CVE-2005-1127 {DSA-1122 DSA-1121} - libnet-server-perl 0.89-1 (bug #378640) NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention @@ -8946,242 +8946,242 @@ CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0. NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make NOTE: scripts happy (at time of writing, 0.90-1 is in testing) - postgrey 1.22-1 -CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...) +CVE-2005-1126 NOT-FOR-US: Free BSD -CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...) +CVE-2005-1125 - libsafe <removed> -CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) +CVE-2005-1124 NOT-FOR-US: Solaris -CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) +CVE-2005-1123 NOT-FOR-US: monkeyd -CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...) +CVE-2005-1122 NOT-FOR-US: monkeyd -CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...) +CVE-2005-1121 {DSA-726-1} - oops 1.5.23.cvs-2.2 (bug #307360; high) -CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...) +CVE-2005-1120 {DSA-1010-1} - ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium) -CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) +CVE-2005-1119 - sudo <unfixed> (bug #283161; unimportant) NOTE: That's a policy violation, but not a security problem -CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) +CVE-2005-1118 NOT-FOR-US: RSA authentication agent -CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...) +CVE-2005-1117 NOT-FOR-US: All4WWW Homepage creator -CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) +CVE-2005-1116 NOT-FOR-US: phpbb2 calendar addon -CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) +CVE-2005-1115 NOT-FOR-US: Photo Album -CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...) +CVE-2005-1114 NOT-FOR-US: Photo Album -CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) +CVE-2005-1113 NOT-FOR-US: PhpBB Plus -CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) +CVE-2005-1112 NOT-FOR-US: IBM Websphere -CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) +CVE-2005-1111 {DSA-846-1} - cpio 2.6-6 (bug #305372; low) -CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) +CVE-2005-1110 NOT-FOR-US: Sumus web server -CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) +CVE-2005-1109 {DSA-713-1} - junkbuster <removed> (bug #304793) - privoxy <not-affected> -CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...) +CVE-2005-1108 {DSA-713-1} - junkbuster <removed> - privoxy <not-affected> -CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...) +CVE-2005-1107 NOT-FOR-US: McAfee CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey] - postgrey 1.21-1 -CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) +CVE-2005-1106 NOT-FOR-US: Windows -CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) +CVE-2005-1105 - libgnumail-java <unfixed> (bug #304712; unimportant) NOTE: This just provides an Java API function to receive a file name, sanitising NOTE: this file name for further use must be done inside the application calling NOTE: the function -CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) +CVE-2005-1104 NOT-FOR-US: Centra -CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) +CVE-2005-1103 NOT-FOR-US: Sygate Secure Enterprise -CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-1102 NOTE: Upstream developers don't consider this an issue, see bug #304468 -CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) +CVE-2005-1101 NOT-FOR-US: Lotus Domino Server -CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) +CVE-2005-1100 - postfix-gld 1.5-1 -CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) +CVE-2005-1099 - postfix-gld 1.5-1 -CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) +CVE-2005-1098 NOT-FOR-US: GetDataBack for NTFS (Windows) -CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) +CVE-2005-1097 NOT-FOR-US: Rebrand P2P Share Spy -CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...) +CVE-2005-1096 NOT-FOR-US: Ocean12 Membership Manager Pro -CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...) +CVE-2005-1095 NOT-FOR-US: Ocean12 Membership Manager Pro -CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...) +CVE-2005-1094 NOT-FOR-US: FTP Now -CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...) +CVE-2005-1093 NOT-FOR-US: Miranda IM -CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...) +CVE-2005-1092 NOT-FOR-US: DeluxeFTP -CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...) +CVE-2005-1091 NOT-FOR-US: Maxthon -CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...) +CVE-2005-1090 NOT-FOR-US: Maxthon -CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...) +CVE-2005-1089 NOT-FOR-US: DC++ -CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...) +CVE-2005-1088 NOT-FOR-US: DameWare NT Utilities and Mini Remote Control -CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...) +CVE-2005-1087 NOT-FOR-US: AN HTTPD -CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...) +CVE-2005-1086 NOT-FOR-US: AN HTTPD -CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...) +CVE-2005-1085 NOT-FOR-US: aeDating -CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...) +CVE-2005-1084 NOT-FOR-US: aeDating -CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...) +CVE-2005-1083 NOT-FOR-US: aeDating -CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...) +CVE-2005-1082 NOT-FOR-US: AtDGDatingPlatinum -CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...) +CVE-2005-1081 NOT-FOR-US: AtDGDatingPlatinum -CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...) +CVE-2005-1080 NOT-FOR-US: JAR in J2SE SDK -CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...) +CVE-2005-1079 NOT-FOR-US: zOOm Media Gallery -CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...) +CVE-2005-1078 NOT-FOR-US: XAMPP Apache distribution specific issue -CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...) +CVE-2005-1077 NOT-FOR-US: XAMPP Apache distribution specific issue -CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...) +CVE-2005-1076 NOT-FOR-US: WebCT -CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...) +CVE-2005-1075 NOT-FOR-US: RadScripts RadBids Gold -CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...) +CVE-2005-1074 NOT-FOR-US: RadScripts RadBids Gold -CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...) +CVE-2005-1073 NOT-FOR-US: RadScripts RadBids Gold -CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...) +CVE-2005-1072 NOT-FOR-US: PunBB -CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...) +CVE-2005-1071 NOT-FOR-US: JPortal -CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...) +CVE-2005-1070 NOT-FOR-US: Invision Power Board -CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...) +CVE-2005-1069 NOT-FOR-US: sCssBoard -CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...) +CVE-2005-1068 NOT-FOR-US: sCssBoard -CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...) +CVE-2005-1067 NOT-FOR-US: Access_user class -CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...) +CVE-2005-1066 - pine 4.63-1 (unimportant) - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) NOTE: Not shipped in the binary package -CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...) +CVE-2005-1065 - tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian) -CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...) +CVE-2005-1064 - rsnapshot 1.2.1-1 -CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) +CVE-2005-1063 NOT-FOR-US: Kerio -CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...) +CVE-2005-1062 NOT-FOR-US: Kerio -CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...) +CVE-2005-1061 - logwatch 5.0-1 -CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...) +CVE-2005-1060 NOT-FOR-US: Novell Netware -CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...) +CVE-2005-1059 NOT-FOR-US: Linksys WET11 -CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...) +CVE-2005-1058 NOT-FOR-US: Cisco -CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...) +CVE-2005-1057 NOT-FOR-US: Cisco -CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...) +CVE-2005-1056 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...) +CVE-2005-1055 NOT-FOR-US: TowerBlog -CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill ...) +CVE-2005-1054 NOT-FOR-US: ModernBill -CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) +CVE-2005-1053 NOT-FOR-US: ModernBill -CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...) +CVE-2005-1052 NOT-FOR-US: Microsoft -CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...) +CVE-2005-1051 NOT-FOR-US: PunBB -CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...) +CVE-2005-1050 NOT-FOR-US: PostNuke -CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...) +CVE-2005-1049 NOT-FOR-US: PostNuke -CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...) +CVE-2005-1048 NOT-FOR-US: PostNuke -CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...) +CVE-2005-1047 NOT-FOR-US: PunBB -CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...) +CVE-2005-1046 {DSA-714-1} - kdelibs 4:3.3.2-6 -CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...) +CVE-2005-1045 NOT-FOR-US: OpenText CVE-2005-1044 REJECTED -CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...) +CVE-2005-1043 - php4 4:4.3.10-10 (bug #306003) -CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...) +CVE-2005-1042 - php4 4:4.3.10-10 (bug #306003) -CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...) +CVE-2005-1041 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5) [sarge] - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 <not-affected> -CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) +CVE-2005-1040 - netapplet <not-affected> (Not vulnerable, see bug #310833) -CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) +CVE-2005-1039 - coreutils 6.10-1 (bug #304556; unimportant) NOTE: Minor issue, generic UNIX design issue, see discussion in #304556) -CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) +CVE-2005-1038 NOTE: long fixed in Debian's cron -CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) +CVE-2005-1037 NOT-FOR-US: AIX -CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...) +CVE-2005-1036 NOT-FOR-US: FreeBSD -CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...) +CVE-2005-1035 - pavuk 0.9.32-1 -CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...) +CVE-2005-1034 NOT-FOR-US: SurgeFTP -CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...) +CVE-2005-1033 NOT-FOR-US: CubeCart CVE-2005-1032 REJECTED -CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...) +CVE-2005-1031 NOT-FOR-US: exoops -CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...) +CVE-2005-1030 NOT-FOR-US: Active Auction House -CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...) +CVE-2005-1029 NOT-FOR-US: Active Auction House -CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...) +CVE-2005-1028 NOT-FOR-US: PHP-Nuke -CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...) +CVE-2005-1027 NOT-FOR-US: PHP-Nuke -CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...) +CVE-2005-1026 NOT-FOR-US: SnailSource phpBB mod -CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...) +CVE-2005-1025 NOT-FOR-US: IBM -CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...) +CVE-2005-1024 NOT-FOR-US: PHP-Nuke -CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...) +CVE-2005-1023 NOT-FOR-US: PHP-Nuke -CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...) +CVE-2005-1022 NOT-FOR-US: ColdFusion -CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...) +CVE-2005-1021 NOT-FOR-US: IOS -CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...) +CVE-2005-1020 NOT-FOR-US: IOS -CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...) +CVE-2005-1019 NOT-FOR-US: Aeon -CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...) +CVE-2005-1018 NOT-FOR-US: CA ArcServe Backup CVE-2005-XXXX [Some security issues in mod_security] NOTE: I don't understand mod_security fully, so I'm not entirely sure which of @@ -9195,143 +9195,143 @@ CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settin - smarty 2.6.9-1 CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] - obexftp 0.10.7-3 -CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...) +CVE-2005-1017 NOT-FOR-US: MaxWebPortal -CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...) +CVE-2005-1016 NOT-FOR-US: MaxWebPortal -CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...) +CVE-2005-1015 NOT-FOR-US: MailEnable -CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...) +CVE-2005-1014 NOT-FOR-US: MailEnable -CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...) +CVE-2005-1013 NOT-FOR-US: MailEnable -CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...) +CVE-2005-1012 NOT-FOR-US: SiteEnable -CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...) +CVE-2005-1011 NOT-FOR-US: SiteEnable -CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...) +CVE-2005-1010 NOT-FOR-US: ComersusCart -CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...) +CVE-2005-1009 NOT-FOR-US: NetVault -CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...) +CVE-2005-1008 NOT-FOR-US: XM Forum -CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...) +CVE-2005-1007 NOT-FOR-US: CommuniGate Pro -CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...) +CVE-2005-1006 NOT-FOR-US: SonicWALL -CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...) +CVE-2005-1005 NOT-FOR-US: PayProCart -CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...) +CVE-2005-1004 NOT-FOR-US: PayProCart -CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...) +CVE-2005-1003 NOT-FOR-US: PayProCart -CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...) +CVE-2005-1002 NOT-FOR-US: LOG-FT File Transfer -CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...) +CVE-2005-1001 NOT-FOR-US: PHP-Nuke -CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...) +CVE-2005-1000 NOT-FOR-US: PHP-Nuke -CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...) +CVE-2005-0999 NOT-FOR-US: PHP-Nuke -CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...) +CVE-2005-0998 NOT-FOR-US: PHP-Nuke -CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) +CVE-2005-0997 NOT-FOR-US: PHP-Nuke -CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...) +CVE-2005-0996 NOT-FOR-US: PHP-Nuke -CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...) +CVE-2005-0995 NOT-FOR-US: ProductCart -CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...) +CVE-2005-0994 NOT-FOR-US: ProductCart -CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...) +CVE-2005-0993 NOT-FOR-US: SCO -CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) +CVE-2005-0992 - phpmyadmin 3:2.6.2-rc1-1 -CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...) +CVE-2005-0991 NOT-FOR-US: AIX -CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...) +CVE-2005-0990 - sharutils 1:4.2.1-13 -CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for ...) +CVE-2005-0989 {DSA-781-1} - mozilla 2:1.7.7-1 (bug #306001) - mozilla-firefox 1.0.2-3 - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) -CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...) +CVE-2005-0988 {DSA-752-1} - gzip 1.3.5-10 -CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) +CVE-2005-0987 NOT-FOR-US: IRC Services NickServ -CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...) +CVE-2005-0986 NOT-FOR-US: Lotus Domino -CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows ...) +CVE-2005-0985 NOT-FOR-US: Apple -CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...) +CVE-2005-0984 NOT-FOR-US: Star Wars game -CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...) +CVE-2005-0983 NOT-FOR-US: Quake 3 based games -CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...) +CVE-2005-0982 NOT-FOR-US: Yet Another Forum.net -CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) +CVE-2005-0981 NOT-FOR-US: Alstrasoft EPay -CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) +CVE-2005-0980 NOT-FOR-US: Alstrasoft EPay -CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...) +CVE-2005-0979 NOT-FOR-US: Rumba -CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...) +CVE-2005-0978 NOT-FOR-US: IVT BlueSoleil -CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...) +CVE-2005-0977 [sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177) - linux-2.6 <not-affected> (Fixed before upload into archive) -CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) +CVE-2005-0976 NOT-FOR-US: Apple -CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) +CVE-2005-0975 NOT-FOR-US: Apple -CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...) +CVE-2005-0974 NOT-FOR-US: Apple -CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...) +CVE-2005-0973 NOT-FOR-US: Apple -CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...) +CVE-2005-0972 NOT-FOR-US: Apple -CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...) +CVE-2005-0971 NOT-FOR-US: Apple -CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) +CVE-2005-0970 NOT-FOR-US: Apple -CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...) +CVE-2005-0969 NOT-FOR-US: Apple -CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) +CVE-2005-0968 NOT-FOR-US: CA eTrust IDS -CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...) +CVE-2005-0967 - gaim 1:1.2.1-1 CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] - openwebmail <removed> -CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...) +CVE-2005-0966 - gaim 1:1.2.1-1 (bug #303581) -CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...) +CVE-2005-0965 - gaim 1:1.2.1-1 (bug #303581) -CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...) +CVE-2005-0964 NOT-FOR-US: Kerio firewall -CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...) +CVE-2005-0963 NOT-FOR-US: ACPI BIOS hardware issue -CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...) +CVE-2005-0962 NOT-FOR-US: SquirrelCart -CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...) +CVE-2005-0961 - horde3 3.0.4-1 - horde2 2.2.8-1 -CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...) +CVE-2005-0960 NOT-FOR-US: OpenBSD -CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...) +CVE-2005-0959 NOT-FOR-US: YepYep mtftpd -CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...) +CVE-2005-0958 NOT-FOR-US: YepYep mtftpd -CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...) +CVE-2005-0957 NOT-FOR-US: BayTech RPC -CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...) +CVE-2005-0956 NOT-FOR-US: InterAKT MX Kart -CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...) +CVE-2005-0955 NOT-FOR-US: InterAKT MX Shop -CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...) +CVE-2005-0954 NOT-FOR-US: Windows -CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) +CVE-2005-0953 {DSA-730-1} - bzip2 1.0.2-6 NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) @@ -9339,35 +9339,35 @@ CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to m NOTE: the file and chmodding it to delete the file and place a hardlink to another NOTE: file of the "attacked" user. Additionally the attacker needs write permissions NOTE: to the directory where the file is being uncompressed, ruling out /~ etc. -CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...) +CVE-2005-0952 NOT-FOR-US: PafileDB CVE-2005-0951 REJECTED -CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...) +CVE-2005-0950 NOT-FOR-US: FastStone 4in1 Browser -CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...) +CVE-2005-0949 NOT-FOR-US: PortalApp -CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...) +CVE-2005-0948 NOT-FOR-US: PortalApp -CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...) +CVE-2005-0947 NOT-FOR-US: phpCoin -CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...) +CVE-2005-0946 NOT-FOR-US: phpCoin -CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...) +CVE-2005-0945 NOT-FOR-US: ACS Blog -CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...) +CVE-2005-0944 NOT-FOR-US: Microsoft -CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...) +CVE-2005-0943 NOT-FOR-US: Cisco -CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) +CVE-2005-0942 NOT-FOR-US: Sybase ASE -CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) +CVE-2005-0941 - openoffice.org 1.1.3-9 CVE-2005-0939 RESERVED -CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...) +CVE-2005-0938 NOT-FOR-US: UBlog -CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...) +CVE-2005-0937 - kernel-source-2.6.8 2.6.8-16 CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] - freeciv 2.0.1-1 @@ -9375,742 +9375,742 @@ CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack] - mailscanner 4.40.11-1 CVE-2005-XXXX [KDE Kopete ICQ remote DoS] - kdenetwork 4:3.3.2-2 -CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...) +CVE-2005-0936 NOT-FOR-US: ESMI PayPal Storefront -CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...) +CVE-2005-0935 NOT-FOR-US: ESMI PayPal Storefront -CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...) +CVE-2005-0934 NOT-FOR-US: WackoWiki -CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...) +CVE-2005-0933 NOT-FOR-US: phpCOIN -CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...) +CVE-2005-0932 NOT-FOR-US: phpCOIN -CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 ...) +CVE-2005-0931 NOT-FOR-US: The Includer -CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...) +CVE-2005-0930 NOT-FOR-US: Chatness -CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...) +CVE-2005-0929 NOT-FOR-US: PhotoPost PHP Pro -CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) +CVE-2005-0928 NOT-FOR-US: PhotoPost PHP Pro -CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...) +CVE-2005-0927 NOT-FOR-US: WebAPP -CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...) +CVE-2005-0926 - sylpheed 1.0.4-1 - sylpheed-claws 1.0.4-1 -CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...) +CVE-2005-0925 NOT-FOR-US: Uapplication Ublog -CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...) +CVE-2005-0924 NOT-FOR-US: Adventia E-Data -CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...) +CVE-2005-0923 NOT-FOR-US: Norton AntiVirus -CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...) +CVE-2005-0922 NOT-FOR-US: Norton AntiVirus -CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...) +CVE-2005-0921 NOT-FOR-US: Lotus -CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...) +CVE-2005-0920 NOT-FOR-US: Bugtracker.NET -CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...) +CVE-2005-0919 NOT-FOR-US: Adventia E-Data -CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) +CVE-2005-0918 NOT-FOR-US: Adobe SVG Viewer -CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...) +CVE-2005-0917 NOT-FOR-US: EncapsBB -CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) +CVE-2005-0916 - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 <not-affected> - linux-2.6 <not-affected> (Fixed before upload into archive) -CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...) +CVE-2005-0915 NOT-FOR-US: Webmasters-Debutants WD Guestbook -CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...) +CVE-2005-0914 NOT-FOR-US: CPG Dragonfly -CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...) +CVE-2005-0913 - smarty 2.6.8-1 -CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...) +CVE-2005-0912 NOT-FOR-US: deplate -CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...) +CVE-2005-0911 NOT-FOR-US: exoops -CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) +CVE-2005-0910 NOT-FOR-US: exoops -CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's ...) +CVE-2005-0909 NOT-FOR-US: THai's Shoutbox -CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) +CVE-2005-0908 NOT-FOR-US: Valdersoft Shopping Cart -CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) +CVE-2005-0907 NOT-FOR-US: Valdersoft Shopping Cart -CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...) +CVE-2005-0906 NOT-FOR-US: Tincat network library -CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) +CVE-2005-0905 NOT-FOR-US: Maxthon -CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...) +CVE-2005-0904 NOT-FOR-US: Microsoft -CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...) +CVE-2005-0903 NOT-FOR-US: QuickTime PictureViewer -CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...) +CVE-2005-0902 NOT-FOR-US: NukeBookmarks for php-nuke -CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...) +CVE-2005-0901 NOT-FOR-US: NukeBookmarks for php-nuke -CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) +CVE-2005-0900 NOT-FOR-US: NukeBookmarks for php-nuke -CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...) +CVE-2005-0899 NOT-FOR-US: AS/400 running OS400 -CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) +CVE-2005-0898 NOT-FOR-US: E-Store Kit-2 PayPal Edition -CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store ...) +CVE-2005-0897 NOT-FOR-US: E-Store Kit-2 PayPal Edition -CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) +CVE-2005-0896 NOT-FOR-US: phpMyDirectory -CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) +CVE-2005-0895 NOT-FOR-US: Netcomm 1300NB DSL Modem -CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) +CVE-2005-0894 - openmosixview 1.5-7 -CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...) +CVE-2005-0893 - smail <removed> (bug #335042; unimportant) NOTE: cording to upstream impossible to exploit -CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) +CVE-2005-0892 {DSA-722-1} - smail 3.2.0.115-7 (bug #301428; high) -CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...) +CVE-2005-0891 NOTE: The description is wrong; 2.6 is affected as well - gtk+2.0 2.6.4-1 - gdk-pixbuf 0.22.0-7.1 -CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...) +CVE-2005-0890 NOT-FOR-US: Dream4 Koobi CMS -CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) +CVE-2005-0889 NOT-FOR-US: Dream4 Koobi CMS -CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2005-0888 - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.4.4-1 -CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...) +CVE-2005-0887 - dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.4.4-1 -CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) +CVE-2005-0886 NOT-FOR-US: Invision Power Board -CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) +CVE-2005-0885 NOT-FOR-US: XMB Forum -CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...) +CVE-2005-0884 NOT-FOR-US: DigitalHive -CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...) +CVE-2005-0883 NOT-FOR-US: DigitalHive -CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) +CVE-2005-0882 NOT-FOR-US: BirdBlog -CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...) +CVE-2005-0881 NOT-FOR-US: Interspire ArticleLive -CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...) +CVE-2005-0880 NOT-FOR-US: Vortex Portal -CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) ...) +CVE-2005-0879 NOT-FOR-US: Vortex Portal -CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) +CVE-2005-0878 NOT-FOR-US: MercuryBoard -CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...) +CVE-2005-0877 - dnsmasq 2.21 -CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) +CVE-2005-0876 - dnsmasq 2.21 -CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) +CVE-2005-0875 NOT-FOR-US: Cerulean Trillian -CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) +CVE-2005-0874 NOT-FOR-US: Cerulean Trillian -CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...) +CVE-2005-0873 NOT-FOR-US: Oracle -CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) +CVE-2005-0872 NOT-FOR-US: Topic Calendar phpbb2 plugin -CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) +CVE-2005-0871 NOT-FOR-US: Topic Calendar phpbb2 plugin -CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) +CVE-2005-0870 {DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1} NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete. - phpsysinfo 2.3-7 - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 -CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) +CVE-2005-0869 - phpsysinfo 2.3-3 (bug #301118; unimportant) -CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) +CVE-2005-0868 - tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250) -CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) +CVE-2005-0867 - kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs) - linux-2.6 <not-affected> (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137) -CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) +CVE-2005-0866 - cdrtools 4:2.01+01a01-4 (bug #291376; low) [sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode) [woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode) -CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) +CVE-2005-0865 NOT-FOR-US: Samsung ADSL modems -CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) +CVE-2005-0864 NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago -CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) +CVE-2005-0863 NOT-FOR-US: PHPOpenChat -CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...) +CVE-2005-0862 NOT-FOR-US: PHPOpenChat -CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) +CVE-2005-0861 NOT-FOR-US: Delegate -CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...) +CVE-2005-0860 NOT-FOR-US: TRG News Script -CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...) +CVE-2005-0859 NOT-FOR-US: CzarNews -CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) +CVE-2005-0858 NOT-FOR-US: CoolForum -CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...) +CVE-2005-0857 NOT-FOR-US: CoolForum -CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) +CVE-2005-0856 NOT-FOR-US: CoolForum -CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...) +CVE-2005-0855 NOT-FOR-US: CoolForum -CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...) +CVE-2005-0854 NOT-FOR-US: betaparticle blog -CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...) +CVE-2005-0853 NOT-FOR-US: betaparticle blog -CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...) +CVE-2005-0852 NOT-FOR-US: Microsoft Windows -CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...) +CVE-2005-0851 NOT-FOR-US: FileZilla FTP server -CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...) +CVE-2005-0850 NOT-FOR-US: FileZilla FTP server -CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) +CVE-2005-0849 NOT-FOR-US: Multiple commercial games by FUN Labs -CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) +CVE-2005-0848 NOT-FOR-US: Multiple commercial games by FUN Labs -CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) +CVE-2005-0847 NOT-FOR-US: Code Ocean FTP Server -CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) +CVE-2005-0846 NOT-FOR-US: SurgeMail -CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) +CVE-2005-0845 NOT-FOR-US: SurgeMail -CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of ...) +CVE-2005-0844 NOT-FOR-US: Nortel Contivity -CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) +CVE-2005-0843 NOT-FOR-US: Phorum -CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) +CVE-2005-0842 NOT-FOR-US: Kayako eSupport -CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) +CVE-2005-0841 NOT-FOR-US: phpmyfamily CVE-2005-0840 REJECTED -CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) +CVE-2005-0839 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) [sarge] - kernel-source-2.6.8 2.6.8-16 -CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) +CVE-2005-0838 - icecast2 <unfixed> (bug #301368; unimportant) NOTE: According to upstream a non-issue -CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) +CVE-2005-0837 - icecast2 <unfixed> (bug #301368; unimportant) NOTE: According to upstream a non-issue -CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) +CVE-2005-0836 NOT-FOR-US: Java Web Start for proprietary Sun Java -CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) +CVE-2005-0835 NOT-FOR-US: Belkin 54G router -CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) +CVE-2005-0834 NOT-FOR-US: Belkin 54G router -CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) +CVE-2005-0833 NOT-FOR-US: Belkin 54G router -CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) +CVE-2005-0832 NOT-FOR-US: PHP-Post -CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) +CVE-2005-0831 NOT-FOR-US: PHP-Post -CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) +CVE-2005-0830 NOT-FOR-US: Xzabite DynDNS Updater -CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) +CVE-2005-0829 NOT-FOR-US: PHP-Fusion Addon -CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) +CVE-2005-0828 NOT-FOR-US: e-Xoops based products -CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) +CVE-2005-0827 NOT-FOR-US: e-Xoops based products -CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-0826 NOT-FOR-US: OllyDbg MS Windows debugger -CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) +CVE-2005-0825 - ltris 1.0.6-1.1 (bug #291620) -CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) +CVE-2005-0824 - mathopd 1.5p5-1 CVE-2005-XXXX [Various /tmp related security issues in cernlib] - cernlib 2004.11.04-3 -CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...) +CVE-2005-0823 NOT-FOR-US: iSnooker -CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...) +CVE-2005-0822 NOT-FOR-US: Citrix -CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...) +CVE-2005-0821 NOT-FOR-US: Citrix -CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...) +CVE-2005-0820 NOT-FOR-US: MS Office -CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...) +CVE-2005-0819 NOT-FOR-US: Novell Netware -CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) +CVE-2005-0818 NOT-FOR-US: Pun BB -CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...) +CVE-2005-0817 NOT-FOR-US: Symantec Gateway -CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) +CVE-2005-0816 NOT-FOR-US: Solaris -CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...) +CVE-2005-0815 - kernel-source-2.4.27 2.4.27-10 (bug #300783; medium) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1) [sarge] - kernel-source-2.6.8 2.6.8-16 -CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) +CVE-2005-0814 {DSA-717-1} - lsh-utils 2.0.1-1 -CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...) +CVE-2005-0813 NOT-FOR-US: ir -CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) +CVE-2005-0812 NOT-FOR-US: NotifyLink -CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) +CVE-2005-0811 NOT-FOR-US: NotifyLink -CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...) +CVE-2005-0810 NOT-FOR-US: NotifyLink -CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...) +CVE-2005-0809 NOT-FOR-US: NotifyLink -CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) +CVE-2005-0808 NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/ -CVE-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) +CVE-2005-0807 NOT-FOR-US: Cain & Abel -CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) +CVE-2005-0806 - evolution 2.0.4-2 -CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...) +CVE-2005-0805 NOT-FOR-US: Subdreamer -CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) +CVE-2005-0804 NOT-FOR-US: MailEnable -CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...) +CVE-2005-0803 NOT-FOR-US: Windows -CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) +CVE-2005-0802 NOT-FOR-US: ACS Blog -CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) +CVE-2005-0801 NOT-FOR-US: The Includer -CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 ...) +CVE-2005-0800 NOT-FOR-US: mcNews -CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) +CVE-2005-0799 NOT-FOR-US: MySQL on Windows -CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) +CVE-2005-0798 NOT-FOR-US: Novell iChain -CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...) +CVE-2005-0797 NOT-FOR-US: Novell iChain -CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...) +CVE-2005-0796 NOT-FOR-US: Hola CMS -CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) +CVE-2005-0795 NOT-FOR-US: Hola CMS -CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) +CVE-2005-0794 NOT-FOR-US: ZPanel -CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...) +CVE-2005-0793 NOT-FOR-US: ZPanel -CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) +CVE-2005-0792 NOT-FOR-US: ZPanel -CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...) +CVE-2005-0791 NOT-FOR-US: phpAdsNew -CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...) +CVE-2005-0790 NOT-FOR-US: phpAdsNew -CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...) +CVE-2005-0786 NOT-FOR-US: SimpGB -CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...) +CVE-2005-0785 NOT-FOR-US: YaBB -CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...) +CVE-2005-0784 NOT-FOR-US: Phorum -CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...) +CVE-2005-0783 NOT-FOR-US: Phorum -CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...) +CVE-2005-0782 NOT-FOR-US: paFileDB -CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) +CVE-2005-0781 NOT-FOR-US: paFileDB -CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) +CVE-2005-0780 NOT-FOR-US: paFileDB -CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...) +CVE-2005-0779 NOT-FOR-US: PlatinumFTP -CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...) +CVE-2005-0778 NOT-FOR-US: PhotoPost -CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) +CVE-2005-0777 NOT-FOR-US: PhotoPost -CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...) +CVE-2005-0776 NOT-FOR-US: PhotoPost -CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...) +CVE-2005-0775 NOT-FOR-US: PhotoPost -CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) +CVE-2005-0774 NOT-FOR-US: PhotoPost -CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...) +CVE-2005-0773 NOT-FOR-US: VERITAS Backup Exec -CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...) +CVE-2005-0772 NOT-FOR-US: VERITAS Backup Exec -CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...) +CVE-2005-0771 NOT-FOR-US: VERITAS Backup Exec -CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) +CVE-2005-0770 NOT-FOR-US: IDA Pro -CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) +CVE-2005-0768 NOT-FOR-US: GoodTech Telnet Server -CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...) +CVE-2005-0767 - kernel-source-2.6.8 2.6.8-15 -CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...) +CVE-2005-0766 - ethereal 0.10.10-1 -CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) +CVE-2005-0765 - ethereal 0.10.10-1 -CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...) +CVE-2005-0764 - rxvt-unicode 5.3-1 -CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...) +CVE-2005-0763 {DSA-698-1} - mc 1:4.6.0-4.6.1-pre3-1 NOTE: Sarge-specific regression correcting a previous DSA. -CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...) +CVE-2005-0762 {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 -CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...) +CVE-2005-0761 - imagemagick 5:6.0.2.5 (bug #301110) -CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...) +CVE-2005-0760 {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 -CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...) +CVE-2005-0759 {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 -CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) +CVE-2005-0758 NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 - gzip 1.3.5-10 (low) - bzip2 1.0.2-8.1 (bug #321286; low) [sarge] - bzip2 <no-dsa> (Minor issue) -CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) +CVE-2005-0757 {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (bug #311164) - linux-2.6 <not-affected> (Fixed before upload in archive) -CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...) +CVE-2005-0756 {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (medium) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5) -CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) +CVE-2005-0755 - helix-player 1.0.4-1 -CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...) +CVE-2005-0754 - kdewebdev 1:3.3.2-6 -CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...) +CVE-2005-0753 {DSA-742-1} - cvs 1:1.12.9-13 -CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...) +CVE-2005-0752 - mozilla-firefox 1.0.3-1 CVE-2005-0751 REJECTED -CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...) +CVE-2005-0750 - kernel-source-2.4.27 2.4.27-10 [sarge] - kernel-source-2.6.8 2.6.8-16 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5) -CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...) +CVE-2005-0749 [sarge] - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-10 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6) CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4] - omniorb4 4.0.5-2 -CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...) +CVE-2005-0789 NOT-FOR-US: not part of Woody, has been removed from sarge/sid -CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...) +CVE-2005-0788 NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable -CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...) +CVE-2005-0787 - wine 0.0.20050310-1.1 -CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...) +CVE-2005-0769 - openslp 1.0.11a-2 -CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta ...) +CVE-2005-0748 NOT-FOR-US: WEBInsta -CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...) +CVE-2005-0747 NOT-FOR-US: ApplyYourself -CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...) +CVE-2005-0746 NOT-FOR-US: Novell iChain -CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...) +CVE-2005-0745 NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor -CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...) +CVE-2005-0744 NOT-FOR-US: Novell iChain -CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...) +CVE-2005-0743 NOT-FOR-US: Xoops -CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) +CVE-2005-0742 NOT-FOR-US: Sun Java System Application Server -CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...) +CVE-2005-0741 NOT-FOR-US: YaBB -CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...) +CVE-2005-0740 NOT-FOR-US: OpenBSD -CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...) +CVE-2005-0739 {DSA-718-1} - ethereal 0.10.10-1 -CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 ...) +CVE-2005-0738 NOT-FOR-US: Microsoft -CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...) +CVE-2005-0737 NOT-FOR-US: Yahoo Messenger -CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...) +CVE-2005-0736 - kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain ...) +CVE-2005-0735 NOT-FOR-US: newsscript -CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) +CVE-2005-0734 NOT-FOR-US: PY Software Active Webcam WebServer -CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) +CVE-2005-0733 NOT-FOR-US: PY Software Active Webcam WebServer -CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) +CVE-2005-0732 NOT-FOR-US: PY Software Active Webcam WebServer -CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) +CVE-2005-0731 NOT-FOR-US: PY Software Active Webcam WebServer -CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) +CVE-2005-0730 NOT-FOR-US: PY Software Active Webcam WebServer -CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...) +CVE-2005-0729 NOT-FOR-US: Xpand Rally CVE-2005-0728 REJECTED CVE-2005-0727 REJECTED -CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...) +CVE-2005-0726 NOT-FOR-US: UBB.threads -CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...) +CVE-2005-0725 NOT-FOR-US: wfsections -CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...) +CVE-2005-0724 NOT-FOR-US: paFileDB -CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...) +CVE-2005-0723 NOT-FOR-US: paFileDB -CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...) +CVE-2005-0722 NOT-FOR-US: eXPerience2 -CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...) +CVE-2005-0721 NOT-FOR-US: eXPerience2 -CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...) +CVE-2005-0720 NOT-FOR-US: mcNews -CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...) +CVE-2005-0719 NOT-FOR-US: Tru64 -CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...) +CVE-2005-0718 - squid 2.5.8 (bug #305605) CVE-2005-0717 RESERVED -CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) +CVE-2005-0716 NOT-FOR-US: Mac OS -CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...) +CVE-2005-0715 NOT-FOR-US: Mac OS CVE-2005-0714 REJECTED -CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...) +CVE-2005-0713 NOT-FOR-US: Mac OS -CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...) +CVE-2005-0712 NOT-FOR-US: Mac OS -CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...) +CVE-2005-0711 {DSA-707-1} - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a -CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) +CVE-2005-0710 {DSA-707-1} - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a -CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...) +CVE-2005-0709 {DSA-707-1} - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a -CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...) +CVE-2005-0708 - kfreebsd-8 <not-affected> (Fixed before initial release; bug #613311) - kfreebsd-7 <not-affected> (Fixed before initial release; bug #613311) -CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...) +CVE-2005-0707 NOT-FOR-US: Ipswitch Collaboration Suite -CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) +CVE-2005-0706 [sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code) - grip 3.2.0-4 (low) - libcdaudio 0.99.9-2.1 (bug #304799; low) - gnome-vfs 1.0.5-5.1 (bug #305163; low) - gnome-vfs2 2.10.1-3 -CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...) +CVE-2005-0705 - ethereal 0.10.10-1 -CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...) +CVE-2005-0704 - ethereal 0.10.10-1 -CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...) +CVE-2005-0703 NOT-FOR-US: Xerox MicroServer Web Server -CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...) +CVE-2005-0702 NOT-FOR-US: phpMyFAQ -CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...) +CVE-2005-0701 NOT-FOR-US: Oracle -CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...) +CVE-2005-0700 NOT-FOR-US: Aztek -CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...) +CVE-2005-0699 - ethereal 0.10.9-2 -CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...) +CVE-2005-0698 NOT-FOR-US: PHPWebLog -CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...) +CVE-2005-0697 NOT-FOR-US: CopperExport -CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...) +CVE-2005-0696 NOT-FOR-US: ArGoSoft -CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...) +CVE-2005-0695 NOT-FOR-US: Hosting Controller -CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...) +CVE-2005-0694 NOT-FOR-US: Hosting Controller -CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...) +CVE-2005-0693 NOT-FOR-US: JoWood Chaser (for Windows) -CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...) +CVE-2005-0692 NOT-FOR-US: PHP-Fusion -CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...) +CVE-2005-0691 NOT-FOR-US: SocialMPN -CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) +CVE-2005-0690 NOT-FOR-US: Gene6 FTP Server for Win -CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...) +CVE-2005-0689 NOT-FOR-US: The Includer -CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...) +CVE-2005-0688 NOT-FOR-US: Windows -CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...) +CVE-2005-0687 - hashcash 1.17-1 -CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...) +CVE-2005-0686 - mlterm 2.9.2 (bug #298621) -CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...) +CVE-2005-0685 NOT-FOR-US: OutStart Participate Enterprise -CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...) +CVE-2005-0684 - maxdb-7.5.00 7.5.00.24-3 CVE-2005-0683 REJECTED -CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...) +CVE-2005-0682 - drupal 4.5.2 -CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) +CVE-2005-0681 NOT-FOR-US: Nokia -CVE-2005-0680 (PHP remote file inclusion vulnerability in ...) +CVE-2005-0680 NOT-FOR-US: Download Center Lite -CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...) +CVE-2005-0679 NOT-FOR-US: Tell A Friend Script -CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...) +CVE-2005-0678 NOT-FOR-US: Form Mail Script -CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) +CVE-2005-0677 NOT-FOR-US: Zorum -CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...) +CVE-2005-0676 NOT-FOR-US: Zorum -CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...) +CVE-2005-0675 NOT-FOR-US: Zorum -CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) +CVE-2005-0674 NOT-FOR-US: Pabox for PHPNuke -CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...) +CVE-2005-0673 - phpbb2 2.0.13-2 -CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...) +CVE-2005-0672 NOT-FOR-US: Ca3DE -CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...) +CVE-2005-0671 NOT-FOR-US: Ca3DE -CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...) +CVE-2005-0670 NOT-FOR-US: phpCOIN -CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...) +CVE-2005-0669 NOT-FOR-US: phpCOIN -CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...) +CVE-2005-0668 NOT-FOR-US: HAVP -CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...) +CVE-2005-0667 - sylpheed 1.0.3-1 - sylpheed-claws 1.0.3-1 -CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...) +CVE-2005-0666 - kernel-patch-adamantix 1.7 -CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...) +CVE-2005-0665 NOT-FOR-US: XV -CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...) +CVE-2005-0664 {DSA-709-1} - libexif 0.6.9-5 -CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...) +CVE-2005-0663 NOT-FOR-US: Mercury Board -CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...) +CVE-2005-0662 NOT-FOR-US: Mercury Board -CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...) +CVE-2005-0661 NOT-FOR-US: Woltlab Burning Board -CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...) +CVE-2005-0660 NOT-FOR-US: D-Forum -CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...) +CVE-2005-0659 - phpbb2 <unfixed> (unimportant) -CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) +CVE-2005-0658 NOT-FOR-US: Typo3 extension -CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...) +CVE-2005-0657 NOT-FOR-US: Computalynx CProxy -CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...) +CVE-2005-0656 NOT-FOR-US: auraCMS -CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...) +CVE-2005-0655 NOT-FOR-US: auraCMS -CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...) +CVE-2005-0654 NOTE: this is not a security issue according to maintainer -CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...) +CVE-2005-0653 - phpmyadmin 3:2.6.1-pl3-1 -CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...) +CVE-2005-0652 NOT-FOR-US: OpenVMS -CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...) +CVE-2005-0651 NOT-FOR-US: ProjectBB -CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...) +CVE-2005-0650 NOT-FOR-US: ProjectBB -CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...) +CVE-2005-0649 NOT-FOR-US: Pixel-Apes SafeHTML -CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...) +CVE-2005-0648 NOT-FOR-US: Pixel-Apes SafeHTML -CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...) +CVE-2005-0647 NOT-FOR-US: paNews -CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...) +CVE-2005-0646 NOT-FOR-US: paNews -CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...) +CVE-2005-0645 NOT-FOR-US: CuteNews -CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) +CVE-2005-0644 NOT-FOR-US: McAfee Virus Scanners -CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...) +CVE-2005-0643 NOT-FOR-US: McAfee Virus Scanners -CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...) +CVE-2005-0642 NOT-FOR-US: Computer Associates UAM -CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) +CVE-2005-0641 NOT-FOR-US: Computer Associates UAM -CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) +CVE-2005-0640 NOT-FOR-US: Computer Associates UAM -CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) +CVE-2005-0639 {DSA-695-1 DSA-694-1} - xloadimage 4.1-14.2 - xli 1.17.0-17 -CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...) +CVE-2005-0638 {DSA-695-1 DSA-694-1} - xli 1.17.0-18 - xloadimage 4.1-14.1 (bug #298926) -CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...) +CVE-2005-0637 NOT-FOR-US: OpenBSD -CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...) +CVE-2005-0636 NOT-FOR-US: Foxmail -CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...) +CVE-2005-0635 NOT-FOR-US: Foxmail -CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows ...) +CVE-2005-0634 NOT-FOR-US: Golden FTP Server -CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) +CVE-2005-0633 NOT-FOR-US: Cerulean Trillian -CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...) +CVE-2005-0632 NOT-FOR-US: PHPNews -CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...) +CVE-2005-0631 NOT-FOR-US: PBLang -CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...) +CVE-2005-0630 NOT-FOR-US: PBLang -CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) +CVE-2005-0629 NOT-FOR-US: 427BB -CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...) +CVE-2005-0628 NOT-FOR-US: Forumwa -CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...) +CVE-2005-0627 - qt-x11-free <not-affected> (RPATH disabled in Debian's build) -CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...) +CVE-2005-0626 - squid 2.5.9-2 CVE-2005-0940 REJECTED -CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) +CVE-2005-0625 - reportbug 3.8 (bug #295407) -CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) +CVE-2005-0624 - reportbug 3.8 (bug #295407) -CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) +CVE-2005-0623 NOT-FOR-US: RaidenHTTPD -CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) +CVE-2005-0622 NOT-FOR-US: RaidenHTTPD -CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-0621 NOT-FOR-US: Scrapland -CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) +CVE-2005-0620 NOT-FOR-US: Einstein -CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) +CVE-2005-0619 NOT-FOR-US: Einstein -CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) +CVE-2005-0618 NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware -CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) +CVE-2005-0617 NOT-FOR-US: PostNuke -CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...) +CVE-2005-0616 NOT-FOR-US: PostNuke -CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...) +CVE-2005-0615 NOT-FOR-US: PostNuke -CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) +CVE-2005-0614 - phpbb2 2.0.13-1 -CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) +CVE-2005-0613 - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) -CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) +CVE-2005-0612 NOT-FOR-US: Cisco -CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) +CVE-2005-0611 NOT-FOR-US: Real -CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) +CVE-2005-0610 NOT-FOR-US: FreeBSD portupgrade CVE-2005-0609 REJECTED -CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) +CVE-2005-0608 NOT-FOR-US: Half Life WebMod -CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) +CVE-2005-0607 NOT-FOR-US: CubeCert -CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...) +CVE-2005-0606 NOT-FOR-US: CubeCert -CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...) +CVE-2005-0605 {DSA-723-1} - lesstif2 1:0.93.94-11.1 (bug #298183; bug #299236) NOTE: libxmp4 is the real culprit @@ -10118,266 +10118,266 @@ CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code v - xorg-x11 <not-affected> (Fixed before upload into archive) - openmotif 2.2.3-1.1 (bug #308819; medium) [sarge] - openmotif <no-dsa> (Non-free) -CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) +CVE-2005-0604 NOT-FOR-US: GFI Languard Network Security Scanner -CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) +CVE-2005-0603 - phpbb2 2.0.13-1 -CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) +CVE-2005-0602 - unzip 5.52-1 NOTE: um, tar does this too, not really considered a security hole -CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) +CVE-2005-0601 NOT-FOR-US: Cisco -CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) +CVE-2005-0600 NOT-FOR-US: Cisco -CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) +CVE-2005-0599 NOT-FOR-US: Cisco -CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) +CVE-2005-0598 NOT-FOR-US: Real -CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) +CVE-2005-0597 NOT-FOR-US: Cisco -CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...) +CVE-2005-0596 NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037 - php4 4:4.3.8-1 -CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...) +CVE-2005-0595 NOT-FOR-US: BadBlue -CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...) +CVE-2005-0594 NOT-FOR-US: Apple -CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) +CVE-2005-0593 - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 -CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...) +CVE-2005-0592 - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 - mozilla-thunderbird 1.0.2-1 -CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) +CVE-2005-0591 - mozilla-firefox 1.0.1 -CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...) +CVE-2005-0590 - mozilla-firefox 1.0.1 - mozilla-thunderbird 1.0.2-1 -CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...) +CVE-2005-0589 - mozilla-firefox 1.0.1 -CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...) +CVE-2005-0588 - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 -CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) +CVE-2005-0587 NOTE: windows only -CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) +CVE-2005-0586 - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 -CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...) +CVE-2005-0585 - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 -CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...) +CVE-2005-0584 - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 -CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) +CVE-2005-0583 NOT-FOR-US: Computer Associates (CA) License Client -CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...) +CVE-2005-0582 NOT-FOR-US: Computer Associates (CA) License Client -CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...) +CVE-2005-0581 NOT-FOR-US: Computer Associates (CA) License Client -CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) +CVE-2005-0580 NOT-FOR-US: cmd5checkpw -CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) +CVE-2005-0579 NOT-FOR-US: FreeNX -CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) +CVE-2005-0578 - mozilla-firefox 1.0.1-1 -CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) +CVE-2005-0577 NOT-FOR-US: MKBold-MKItalic -CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) +CVE-2005-0576 NOT-FOR-US: STSF in Solaris -CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) +CVE-2005-0575 NOT-FOR-US: Stormy Studios Knet -CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...) +CVE-2005-0574 NOT-FOR-US: CIS Webserver -CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...) +CVE-2005-0573 NOTE: Historic Gaim on Windows -CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) +CVE-2005-0572 NOT-FOR-US: phpWebSite -CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...) +CVE-2005-0571 NOT-FOR-US: PunBB -CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...) +CVE-2005-0570 NOT-FOR-US: PunBB -CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...) +CVE-2005-0569 NOT-FOR-US: PunBB -CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) +CVE-2005-0568 NOT-FOR-US: Soldier of Fortune II -CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...) +CVE-2005-0567 - phpmyadmin 3:2.6.1-pl2-1 -CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows ...) +CVE-2005-0566 NOT-FOR-US: Golden FTP Server -CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...) +CVE-2005-0565 NOT-FOR-US: phpWebSite -CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...) +CVE-2005-0564 NOT-FOR-US: Microsoft Word -CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...) +CVE-2005-0563 NOT-FOR-US: Microsoft -CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) +CVE-2005-0562 NOT-FOR-US: MSN Messenger CVE-2005-0561 RESERVED -CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...) +CVE-2005-0560 NOT-FOR-US: Exchange server CVE-2005-0559 RESERVED -CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...) +CVE-2005-0558 NOT-FOR-US: Microsoft Word CVE-2005-0557 RESERVED CVE-2005-0556 RESERVED -CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) +CVE-2005-0555 NOT-FOR-US: MSIE -CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...) +CVE-2005-0554 NOT-FOR-US: MSIE -CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...) +CVE-2005-0553 NOT-FOR-US: MSIE CVE-2005-0552 RESERVED -CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...) +CVE-2005-0551 NOT-FOR-US: Microsoft -CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) +CVE-2005-0550 NOT-FOR-US: Microsoft -CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) +CVE-2005-0549 NOT-FOR-US: Solaris -CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...) +CVE-2005-0548 NOT-FOR-US: Solaris -CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...) +CVE-2005-0547 NOT-FOR-US: ftpd on HP-UX -CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...) +CVE-2005-0546 - cyrus21-imapd 2.1.18-1 -CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...) +CVE-2005-0545 NOT-FOR-US: MS Office -CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...) +CVE-2005-0544 - phpmyadmin 3:2.6.1-pl2-1 -CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...) +CVE-2005-0543 - phpmyadmin 3:2.6.1-pl2-1 -CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...) +CVE-2005-0542 NOT-FOR-US: Cyclades AlterPath Manager -CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...) +CVE-2005-0541 NOT-FOR-US: Cyclades AlterPath Manager -CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...) +CVE-2005-0540 NOT-FOR-US: Cyclades AlterPath Manager -CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) +CVE-2005-0539 NOT-FOR-US: IBM -CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...) +CVE-2005-0538 NOT-FOR-US: ginp -CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...) +CVE-2005-0537 NOT-FOR-US: iGeneric (iG) Shop -CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) +CVE-2005-0536 - mediawiki 1.4.9 (bug #276057) -CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...) +CVE-2005-0535 - mediawiki 1.4.9 (bug #276057) -CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) +CVE-2005-0534 - mediawiki 1.4.9 (bug #276057) -CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...) +CVE-2005-0533 NOT-FOR-US: Trend Micro AntiVirus -CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) +CVE-2005-0532 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...) +CVE-2005-0531 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4) [sarge] - kernel-source-2.6.8 2.6.8-14 - kernel-source-2.4.27 2.4.27-9 -CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...) +CVE-2005-0530 - kernel-source-2.6.8 2.6.8-14 NOTE: affects only 2.6 (see #296906) -CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...) +CVE-2005-0529 - linux-2.6 <not-affected> (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0528 REJECTED -CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...) +CVE-2005-0527 - mozilla-firefox 1.0.1 NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - mozilla 2:1.7.6 -CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...) +CVE-2005-0526 NOT-FOR-US: PBLang -CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) +CVE-2005-0525 {DSA-729-1 DSA-708-1} - php4 4:4.3.10-10 - php3 3:3.0.18-31 -CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...) +CVE-2005-0524 - php3 <not-affected> - php4 4:4.3.10-10 -CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...) +CVE-2005-0523 {DSA-719-1} - prozilla 1:1.3.7.4-1 -CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...) +CVE-2005-0522 NOT-FOR-US: Chat Anywhere -CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...) +CVE-2005-0521 NOT-FOR-US: SendLink -CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...) +CVE-2005-0520 NOT-FOR-US: ArGoSoft -CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...) +CVE-2005-0519 NOT-FOR-US: ArGoSoft -CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) +CVE-2005-0518 NOT-FOR-US: eXeem -CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...) +CVE-2005-0517 NOT-FOR-US: PeerFTP -CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...) +CVE-2005-0516 NOT-FOR-US: ImageGalleryPlugin for Twiki -CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...) +CVE-2005-0515 NOT-FOR-US: My Firewall Plus -CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...) +CVE-2005-0514 NOT-FOR-US: Verity Ultraseek -CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the ...) +CVE-2005-0513 NOT-FOR-US: pMachine -CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...) +CVE-2005-0512 NOT-FOR-US: Mambo -CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in ...) +CVE-2005-0511 NOT-FOR-US: vBulletin -CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) +CVE-2005-0510 NOT-FOR-US: fallback-reboot -CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) +CVE-2005-0509 NOTE: default config of Mono not vulnerable - mono 1.1.6-4 (medium) -CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...) +CVE-2005-0508 - batik 1.5.1-1 -CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...) +CVE-2005-0507 NOT-FOR-US: SD Server -CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...) +CVE-2005-0506 NOT-FOR-US: Avaya IP Office Phone Manager -CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...) +CVE-2005-0505 - irm 1.5.3.1-1 -CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...) +CVE-2005-0504 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.6.8 2.6.8-12 - kernel-source-2.6.9 2.6.9-5 - kernel-source-2.6.10 2.6.10-2 - kernel-source-2.4.27 2.4.27-8 -CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...) +CVE-2005-0503 - uim 1:0.4.6beta2-1 -CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) +CVE-2005-0502 NOT-FOR-US: Xinkaa -CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...) +CVE-2005-0501 NOT-FOR-US: Bontago -CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) +CVE-2005-0500 NOT-FOR-US: MSIE6 -CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...) +CVE-2005-0499 NOT-FOR-US: Gigafast router -CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...) +CVE-2005-0498 NOT-FOR-US: Gigafast router -CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...) +CVE-2005-0497 NOT-FOR-US: ADP Elite System -CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...) +CVE-2005-0496 NOT-FOR-US: Arkeia Network Backup -CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...) +CVE-2005-0495 NOT-FOR-US: ZeroBoard -CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...) +CVE-2005-0494 NOT-FOR-US: Thomson TCW690 cable modem -CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...) +CVE-2005-0493 NOT-FOR-US: Biz Mail From -CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...) +CVE-2005-0492 NOT-FOR-US: Acrobat Reader -CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...) +CVE-2005-0491 NOT-FOR-US: Arkeia Server Backup -CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...) +CVE-2005-0490 - curl 7.13.0-2 -CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...) +CVE-2005-0489 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before initial release) -CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) +CVE-2005-0488 - krb4 <unfixed> (unimportant) [woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos) [sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos) @@ -10386,312 +10386,312 @@ CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris [sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos) - netkit-telnet <not-affected> (netkit-telnet is not affected) NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check -CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...) +CVE-2005-0487 NOT-FOR-US: Kyako ESupport -CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...) +CVE-2005-0486 NOT-FOR-US: Tarantella Secure Global Desktop -CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...) +CVE-2005-0485 NOT-FOR-US: paNews -CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) +CVE-2005-0484 NOT-FOR-US: GProFTPD -CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...) +CVE-2005-0483 NOT-FOR-US: Glftpd -CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) +CVE-2005-0482 NOT-FOR-US: TrackerCam -CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) +CVE-2005-0481 NOT-FOR-US: TrackerCam -CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...) +CVE-2005-0480 NOT-FOR-US: TrackerCam -CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...) +CVE-2005-0479 NOT-FOR-US: TrackerCam -CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...) +CVE-2005-0478 NOT-FOR-US: TrackerCam -CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...) +CVE-2005-0477 NOT-FOR-US: Invision Power Board -CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...) +CVE-2005-0476 NOT-FOR-US: hpm_guestbook.cgi -CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...) +CVE-2005-0475 NOT-FOR-US: paFAQ -CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...) +CVE-2005-0474 - webcalendar 0.9.45-3 -CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...) +CVE-2005-0473 - gaim 1:1.1.3-1 -CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...) +CVE-2005-0472 {DSA-716-1} - gaim 1:1.1.3-1 -CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...) +CVE-2005-0471 NOT-FOR-US: SUN JRE -CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...) +CVE-2005-0470 - wpasupplicant 0.3.8-1 -CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...) +CVE-2005-0469 {DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1} - krb4 1.2.2-11.2 (bug #306141) - krb5 1.3.6-2 - netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036) - netkit-telnet 0.17-28 - heimdal 0.6.3-10 -CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) +CVE-2005-0468 {DSA-731-1 DSA-703-1} - krb5 1.3.6-2 - krb4 1.2.2-11.2 (bug #306141) -CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...) +CVE-2005-0467 - putty 0.57-1 CVE-2005-0466 RESERVED -CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...) +CVE-2005-0465 NOT-FOR-US: SGI IRIX -CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...) +CVE-2005-0464 NOT-FOR-US: SGI IRIX -CVE-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) +CVE-2005-0463 NOT-FOR-US: ulog-php -CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) +CVE-2005-0462 NOT-FOR-US: MercuryBoard -CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...) +CVE-2005-0461 NOT-FOR-US: NewsBruiser -CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...) +CVE-2005-0460 NOT-FOR-US: MercuryBoard -CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...) +CVE-2005-0459 - phpmyadmin 4:2.6.2 (unimportant) NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> : NOTE: I think it is not a problem on Debian as far as everybody knows the full NOTE: path of phpMyAdmin is /usr/share/phpmyadmin. -CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...) +CVE-2005-0458 - oscommerce <itp> (bug #532489) -CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...) +CVE-2005-0457 NOT-FOR-US: Opera -CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...) +CVE-2005-0456 NOT-FOR-US: Opera -CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) +CVE-2005-0455 NOT-FOR-US: Real -CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) +CVE-2005-0454 NOT-FOR-US: DCP-Portal -CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) +CVE-2005-0453 NOT-FOR-US: Lighttpd -CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) +CVE-2005-0452 NOT-FOR-US: Microsoft -CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...) +CVE-2005-0451 NOT-FOR-US: Sami HTTP Server -CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...) +CVE-2005-0450 NOT-FOR-US: Sami HTTP Server -CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) +CVE-2005-0449 {DSA-1018-1 DSA-1017-1} - linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12) -CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) +CVE-2005-0448 {DSA-1678-1 DSA-696-1} - perl 5.8.4-7 -CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...) +CVE-2005-0430 NOT-FOR-US: Quake 3 -CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...) +CVE-2005-0447 NOT-FOR-US: Solaris -CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...) +CVE-2005-0446 {DSA-688-1} - squid 2.5.8-3 -CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...) +CVE-2005-0445 - openwebmail <removed> -CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...) +CVE-2005-0444 NOT-FOR-US: VMware -CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...) +CVE-2005-0443 NOT-FOR-US: CubeCart -CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...) +CVE-2005-0442 NOT-FOR-US: CubeCart -CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...) +CVE-2005-0441 NOT-FOR-US: Sybase -CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...) +CVE-2005-0440 - elog 2.5.7+r1558-1 -CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...) +CVE-2005-0439 - elog 2.5.7+r1558-1 -CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...) +CVE-2005-0438 - awstats 6.3-1 -CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...) +CVE-2005-0437 - awstats 6.3-1 -CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...) +CVE-2005-0436 - awstats 6.3-1 -CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...) +CVE-2005-0435 - awstats 6.3-1 -CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...) +CVE-2005-0434 NOT-FOR-US: PHP-Nuke -CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...) +CVE-2005-0433 NOT-FOR-US: PHP-Nuke -CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...) +CVE-2005-0432 NOT-FOR-US: BEA WebLogic Server -CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...) +CVE-2005-0431 NOT-FOR-US: Barracuda Spam Firewall -CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...) +CVE-2005-0429 NOT-FOR-US: vBulletin -CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) +CVE-2005-0428 - pdns 2.9.16-6 -CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the ...) +CVE-2005-0427 - webmin <not-affected> (Gentoo specific) -CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...) +CVE-2005-0426 NOT-FOR-US: Solaris -CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...) +CVE-2005-0425 NOT-FOR-US: Websphere -CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...) +CVE-2005-0424 NOT-FOR-US: ASPjar Guestbook -CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...) +CVE-2005-0423 NOT-FOR-US: ASPjar Guestbook -CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...) +CVE-2005-0422 NOT-FOR-US: DelphiTurk -CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...) +CVE-2005-0421 NOT-FOR-US: DelphiTurk -CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...) +CVE-2005-0420 NOT-FOR-US: Microsoft -CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...) +CVE-2005-0419 NOT-FOR-US: 3com -CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) +CVE-2005-0418 NOT-FOR-US: Sun Java -CVE-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...) +CVE-2005-0417 NOT-FOR-US: IBM DB2 -CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) +CVE-2005-0416 NOT-FOR-US: Windows -CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...) +CVE-2005-0415 NOT-FOR-US: Emdros -CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...) +CVE-2005-0414 NOT-FOR-US: MercuryBoard -CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...) +CVE-2005-0413 NOT-FOR-US: MyPHP Forum -CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...) +CVE-2005-0412 NOT-FOR-US: Spidean PostWrap -CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) +CVE-2005-0411 NOT-FOR-US: CitrusDB -CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...) +CVE-2005-0410 NOT-FOR-US: CitrusDB -CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...) +CVE-2005-0409 NOT-FOR-US: CitrusDB -CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) +CVE-2005-0408 NOT-FOR-US: CitrusDB -CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) +CVE-2005-0407 NOT-FOR-US: Openconf -CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) +CVE-2005-0406 - imagemagick <unfixed> (bug #298051; unimportant) NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo" NOTE: <Piet> 'convert -strip' will remove exif data according to http://web.archive.org/web/20130922031724/http://www.imagemagick.org:80/pipermail/magick-users/2006-May/017538.html CVE-2005-0405 RESERVED -CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) +CVE-2005-0404 NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 - kdepim 3.4-1 (bug #305601; low) [sarge] - kdepim <no-dsa> (Hardly exploitable) NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also NOTE: warns that HTML mails introduce the risk of phishing. This could as well NOTE: be unimportant -CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...) +CVE-2005-0403 - glibc <not-affected> (Specific to the NPTL backport for RHEL 3) -CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) +CVE-2005-0402 - mozilla-firefox 1.0.2-1 -CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...) +CVE-2005-0401 - mozilla-firefox 1.0.2-1 - mozilla-thunderbird 1.0.2-1 -CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...) +CVE-2005-0400 - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6) - kernel-source-2.4.27 2.4.27-10 (bug #303294) -CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...) +CVE-2005-0399 - mozilla-firefox 1.0.2-1 - mozilla-thunderbird 1.0.2-1 -CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...) +CVE-2005-0398 - ipsec-tools 1:0.5-5 -CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...) +CVE-2005-0397 {DSA-702-1} - imagemagick 6:6.0.6.2-2.2 (bug #297990) - graphicsmagick 1.1.7-1 -CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...) +CVE-2005-0396 NOTE: fix in -4 was broken - kdelibs 4:3.3.2-6 CVE-2005-0395 REJECTED CVE-2005-0394 RESERVED -CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...) +CVE-2005-0393 {DSA-733-1} - crip 3.5-1sarge2 (low) -CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...) +CVE-2005-0392 {DSA-725-2 DSA-725-1} - ppxp 0.2001080415-11 -CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) +CVE-2005-0391 {DSA-712-1} - geneweb 4.10-7 (bug #304405) -CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...) +CVE-2005-0390 {DSA-706-1} - axel 1.0b-1 CVE-2005-0389 REJECTED -CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...) +CVE-2005-0388 {DSA-704-1} - remstats 1.0.13a-5 -CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...) +CVE-2005-0387 {DSA-704-1} - remstats 1.0.13a-5 -CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) +CVE-2005-0386 {DSA-700-1} - mailreader 2.3.29-11 -CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...) +CVE-2005-0385 {DSA-693-1} - luxman 0.41-20 (bug #299857) -CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...) +CVE-2005-0384 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-9 -CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...) +CVE-2005-0383 NOT-FOR-US: Trend Micro Control Manager -CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-0382 NOT-FOR-US: Breed game -CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...) +CVE-2005-0381 NOT-FOR-US: forumKIT -CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) +CVE-2005-0380 NOT-FOR-US: ZeroBoard -CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...) +CVE-2005-0379 NOT-FOR-US: ZeroBoard -CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...) +CVE-2005-0378 - horde2 <not-affected> - horde3 3.0.1-1 -CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) +CVE-2005-0377 NOT-FOR-US: sgallery -CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...) +CVE-2005-0376 NOT-FOR-US: sgallery -CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...) +CVE-2005-0375 NOT-FOR-US: sgallery -CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...) +CVE-2005-0374 NOT-FOR-US: bitboard -CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...) +CVE-2005-0373 NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there NOTE: cyrus-sasl2 already has patch applied NOTE: oldstable version not affected, thus marking it as done with the oldstable version - cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply) - cyrus-sasl2 2.1.19.dfsg1-0sarge2 -CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...) +CVE-2005-0372 {DSA-686-1} - gftp 2.0.18-1 NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong. -CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) +CVE-2005-0371 - armagetron 0.2.8.2.1-1 (bug #296840; low) [sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor) [etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor) -CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) +CVE-2005-0370 - armagetron 0.2.7.0-1 NOTE: Sarge has this version number, but oldstable is affected -CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) +CVE-2005-0369 - armagetron 0.2.7.0-1 NOTE: Sarge has this version number, but olstable is affected -CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...) +CVE-2005-0368 NOT-FOR-US: CMScore -CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...) +CVE-2005-0367 NOT-FOR-US: ArGoSoft Mail Server -CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...) +CVE-2005-0366 - gnupg 1.4.1-1 -CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...) +CVE-2005-0364 - bind9 <not-affected> (Bind on hp-ux) CVE-2005-0361 RESERVED -CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...) +CVE-2005-0360 NOT-FOR-US: Microsoft -CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...) +CVE-2005-0359 NOT-FOR-US: EMC Legato -CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...) +CVE-2005-0358 NOT-FOR-US: EMC Legato -CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...) +CVE-2005-0357 NOT-FOR-US: EMC Legato -CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) +CVE-2005-0356 - linux-2.6 <not-affected> (Linux is not vulnerable, see #310804) - kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804) - kfreebsd5-source 5.3-15 (medium) @@ -10699,328 +10699,328 @@ CVE-2005-0355 RESERVED CVE-2005-0354 RESERVED -CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...) +CVE-2005-0353 NOT-FOR-US: Sentinel License Manager -CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...) +CVE-2005-0352 NOT-FOR-US: Servers Alive -CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...) +CVE-2005-0351 NOT-FOR-US: SCO OpenServer -CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...) +CVE-2005-0350 NOT-FOR-US: F-Secure Anti-Virus -CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...) +CVE-2005-0349 NOT-FOR-US: BrightStor ARCserve Backup -CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...) +CVE-2005-0365 - kdelibs 4:3.3.2-2 -CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...) +CVE-2005-0363 {DSA-682-1} - awstats 6.2-1.2 -CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...) +CVE-2005-0362 - awstats 6.2-1.2 NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf -CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...) +CVE-2005-0284 NOT-FOR-US: Woltlab Burning Book -CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...) +CVE-2005-0348 NOT-FOR-US: RealArcade -CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...) +CVE-2005-0347 NOT-FOR-US: RealArcade -CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) +CVE-2005-0346 NOT-FOR-US: SafeNet -CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...) +CVE-2005-0345 NOT-FOR-US: php-fusion -CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...) +CVE-2005-0344 NOT-FOR-US: 602LAN SUITE -CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) +CVE-2005-0343 NOT-FOR-US: PerlDesk -CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...) +CVE-2005-0342 NOT-FOR-US: Apple -CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...) +CVE-2005-0341 NOT-FOR-US: Apple -CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...) +CVE-2005-0340 NOT-FOR-US: Apple -CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...) +CVE-2005-0339 NOT-FOR-US: Foxmail -CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...) +CVE-2005-0338 NOT-FOR-US: Savant Web Server -CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...) +CVE-2005-0337 - postfix 2.1.4-5 -CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...) +CVE-2005-0336 NOT-FOR-US: eMotion MediaPartner -CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...) +CVE-2005-0335 NOT-FOR-US: eMotion MediaPartner -CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) +CVE-2005-0334 NOT-FOR-US: Linksys -CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...) +CVE-2005-0333 NOT-FOR-US: LanChat -CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...) +CVE-2005-0332 NOT-FOR-US: DeskNow Mail server -CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) +CVE-2005-0331 NOT-FOR-US: Winrar -CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...) +CVE-2005-0330 NOT-FOR-US: Painkiller -CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) +CVE-2005-0329 NOT-FOR-US: ZipGenius -CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...) +CVE-2005-0328 NOT-FOR-US: Netgear -CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...) +CVE-2005-0327 NOT-FOR-US: PafileDB -CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) +CVE-2005-0326 NOT-FOR-US: PafileDB -CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...) +CVE-2005-0325 NOT-FOR-US: Xpand Rally -CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...) +CVE-2005-0324 NOT-FOR-US: Infinite Mobile Delivery Webmail -CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...) +CVE-2005-0323 NOT-FOR-US: Infinite Mobile Delivery Webmail -CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...) +CVE-2005-0322 NOT-FOR-US: Merak Mail server -CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...) +CVE-2005-0321 NOT-FOR-US: Merak Mail server -CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...) +CVE-2005-0320 NOT-FOR-US: Merak Mail server -CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...) +CVE-2005-0319 NOT-FOR-US: Webadmin -CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...) +CVE-2005-0318 NOT-FOR-US: Webadmin -CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...) +CVE-2005-0317 NOT-FOR-US: Webadmin -CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) +CVE-2005-0316 NOT-FOR-US: WebWasher -CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) +CVE-2005-0315 NOT-FOR-US: Magic Winmail -CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) +CVE-2005-0314 NOT-FOR-US: Magic Winmail -CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...) +CVE-2005-0313 NOT-FOR-US: Magic Winmail -CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...) +CVE-2005-0312 NOT-FOR-US: WarFTPD under NT -CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) +CVE-2005-0311 NOT-FOR-US: Ingate -CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) +CVE-2005-0310 NOT-FOR-US: Exponent -CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) +CVE-2005-0309 NOT-FOR-US: Exponent -CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...) +CVE-2005-0308 NOT-FOR-US: W32Dasm -CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2005-0307 NOT-FOR-US: MercuryBoard -CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...) +CVE-2005-0306 NOT-FOR-US: MercuryBoard -CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...) +CVE-2005-0305 NOT-FOR-US: Siteman -CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...) +CVE-2005-0304 NOT-FOR-US: DivX Player -CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2005-0303 NOT-FOR-US: BackOffice Lite -CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) +CVE-2005-0302 NOT-FOR-US: BackOffice Lite -CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...) +CVE-2005-0301 NOT-FOR-US: BackOffice Lite -CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) +CVE-2005-0300 - jsboard 2.0.10-1 -CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...) +CVE-2005-0299 - gforge 3.1-26 -CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...) +CVE-2005-0298 NOT-FOR-US: Oracle -CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...) +CVE-2005-0297 NOT-FOR-US: Oracle -CVE-2005-0296 (** DISPUTED ** ...) +CVE-2005-0296 NOT-FOR-US: Novell -CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...) +CVE-2005-0295 NOT-FOR-US: nProtect -CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) +CVE-2005-0294 NOT-FOR-US: Minis -CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...) +CVE-2005-0293 NOT-FOR-US: Minis -CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...) +CVE-2005-0292 NOT-FOR-US: phpGiftReg -CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) +CVE-2005-0291 NOT-FOR-US: NetGear -CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...) +CVE-2005-0290 NOT-FOR-US: NetGear -CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...) +CVE-2005-0289 NOT-FOR-US: Apple -CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...) +CVE-2005-0288 NOT-FOR-US: BottomLine WebSeries -CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...) +CVE-2005-0287 NOT-FOR-US: BottomLine WebSeries -CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) +CVE-2005-0286 NOT-FOR-US: eMotion MediaPartner -CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...) +CVE-2005-0285 NOT-FOR-US: BottomLine WebSeries -CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) +CVE-2005-0283 NOT-FOR-US: QwikiWiki -CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) +CVE-2005-0282 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) +CVE-2005-0281 NOT-FOR-US: Soldner Secret -CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...) +CVE-2005-0280 NOT-FOR-US: Soldner Secret -CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...) +CVE-2005-0279 NOT-FOR-US: Soldner Secret -CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) +CVE-2005-0278 NOT-FOR-US: 3COM 3CDaemon -CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...) +CVE-2005-0277 NOT-FOR-US: 3COM 3CDaemon -CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...) +CVE-2005-0276 NOT-FOR-US: 3COM 3CDaemon -CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) +CVE-2005-0275 NOT-FOR-US: 3COM 3CDaemon -CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) +CVE-2005-0274 NOT-FOR-US: PhotoPost -CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) +CVE-2005-0273 NOT-FOR-US: PhotoPost -CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...) +CVE-2005-0272 NOT-FOR-US: ReviewPost -CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...) +CVE-2005-0271 NOT-FOR-US: ReviewPost -CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) +CVE-2005-0270 NOT-FOR-US: ReviewPost -CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ...) +CVE-2005-0269 NOT-FOR-US: GNUBoard -CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...) +CVE-2005-0268 NOT-FOR-US: FlatNuke -CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...) +CVE-2005-0267 NOT-FOR-US: FlatNuke -CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) +CVE-2005-0266 - sugarcrm-ce-5.0 <itp> (bug #457876) -CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...) +CVE-2005-0265 NOT-FOR-US: OWL intranet -CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...) +CVE-2005-0264 NOT-FOR-US: OWL intranet -CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...) +CVE-2005-0263 NOT-FOR-US: AIX -CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...) +CVE-2005-0262 NOT-FOR-US: AIX -CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...) +CVE-2005-0261 NOT-FOR-US: AIX -CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...) +CVE-2005-0260 NOT-FOR-US: ARCserve Backup -CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...) +CVE-2005-0259 - phpbb2 2.0.12-1 -CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...) +CVE-2005-0258 - phpbb2 2.0.12-1 CVE-2005-0257 RESERVED -CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 ...) +CVE-2005-0256 {DSA-705-1} - wu-ftpd 2.6.2-19 -CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...) +CVE-2005-0255 - mozilla-firefox 1.0.1 NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - mozilla 2:1.7.6 -CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) +CVE-2005-0254 NOT-FOR-US: BibORB -CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) +CVE-2005-0253 NOT-FOR-US: BibORB -CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...) +CVE-2005-0252 NOT-FOR-US: BibORB -CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...) +CVE-2005-0251 NOT-FOR-US: BibORB -CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...) +CVE-2005-0250 NOT-FOR-US: AIX -CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...) +CVE-2005-0249 NOT-FOR-US: Symantec AntiVirus Library -CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...) +CVE-2005-0248 NOT-FOR-US: Solaris -CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...) +CVE-2005-0247 {DSA-683-1} - postgresql 7.4.7-2 -CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...) +CVE-2005-0246 - postgresql 7.4.7-1 -CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...) +CVE-2005-0245 {DSA-683-1} - postgresql 7.4.7-1 -CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) +CVE-2005-0244 - postgresql 7.4.7-1 -CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) +CVE-2005-0243 NOT-FOR-US: Yahoo! Messenger -CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) +CVE-2005-0242 NOT-FOR-US: Yahoo! Messenger -CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) +CVE-2005-0241 - squid 2.5.7-7 -CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) +CVE-2005-0240 NOT-FOR-US: AIX -CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) +CVE-2005-0239 NOT-FOR-US: S/MIME plugin -CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) +CVE-2005-0238 NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381 - epiphany-browser 1.4.8-2 -CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...) +CVE-2005-0237 - kdelibs 4:3.3.2-3 -CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...) +CVE-2005-0236 NOT-FOR-US: Omniweb -CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...) +CVE-2005-0235 NOT-FOR-US: Opera -CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...) +CVE-2005-0234 NOT-FOR-US: Safari -CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...) +CVE-2005-0233 NOTE: IDN is now disabled by default in firefox, but there may be a more elegant NOTE: solution in the future - mozilla-firefox 1.0.1-1 - mozilla 2:1.7.6-1 -CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...) +CVE-2005-0232 - mozilla-firefox 1.0+dfsg.1-6 -CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) +CVE-2005-0231 - mozilla-firefox 1.0+dfsg.1-6 -CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) +CVE-2005-0230 NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet. - mozilla-firefox <not-affected> (Affects only Firefox on Windows) -CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) +CVE-2005-0229 NOT-FOR-US: CitrusDB CVE-2005-0228 REJECTED -CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...) +CVE-2005-0227 {DSA-668-1} - postgresql 7.4.7-1 -CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...) +CVE-2005-0226 NOT-FOR-US: ngIRCd -CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...) +CVE-2005-0225 - firehol 1.214-4 -CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...) +CVE-2005-0224 NOT-FOR-US: HP-UX -CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...) +CVE-2005-0223 NOT-FOR-US: Java SDK and RTE for Tru64 UNIX -CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...) +CVE-2005-0222 - gallery 1.4.4-pl5-1 -CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...) +CVE-2005-0221 - gallery 1.4.4-pl5-1 -CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...) +CVE-2005-0220 - gallery 1.4.4-pl5-1 -CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...) +CVE-2005-0219 - gallery 1.4.4-pl5-1 -CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...) +CVE-2005-0217 NOT-FOR-US: Invision Community Blog -CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...) +CVE-2005-0216 NOT-FOR-US: Woltlab Burning Board Lite -CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...) +CVE-2005-0215 - mozilla <not-affected> (Mozilla 1.6 for Windows) -CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...) +CVE-2005-0214 NOT-FOR-US: SPHPBlog -CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...) +CVE-2005-0213 NOT-FOR-US: WinHKI -CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...) +CVE-2005-0212 NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier -CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...) +CVE-2005-0211 {DSA-667-1} - squid 2.5.7-6 -CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...) +CVE-2005-0210 - linux-2.6 <not-affected> (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 2.6.8-15 - kernel-source-2.4.27 2.4.27-9 (bug #300838) -CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...) +CVE-2005-0209 - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-9 -CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) +CVE-2005-0208 - gaim 1:1.1.4 -CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...) +CVE-2005-0207 - linux-2.6 <not-affected> (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) +CVE-2005-0206 - xpdf <not-affected> (Initial Debian fix was already correct) - gpdf <not-affected> (Initial Debian fix was already correct) - kdegraphics <not-affected> (Initial Debian fix was already correct) @@ -11030,85 +11030,85 @@ CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3. - cupsys 1.1.22-7 NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 NOTE: cupsys uses an external xpdf now. -CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) +CVE-2005-0205 {DSA-692-1} - kdenetwork 4:3.1.6 -CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...) +CVE-2005-0204 - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-9 (bug #296700; high) CVE-2005-0203 REJECTED -CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...) +CVE-2005-0202 {DSA-674-1} - mailman 2.1.5-6 -CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...) +CVE-2005-0201 - dbus 0.22 -CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) +CVE-2005-0200 NOT-FOR-US: TikiWiki -CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...) +CVE-2005-0199 NOT-FOR-US: ngIRCd -CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...) +CVE-2005-0197 NOT-FOR-US: Cisco -CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...) +CVE-2005-0196 NOT-FOR-US: Cisco -CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...) +CVE-2005-0195 NOT-FOR-US: Cisco -CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...) +CVE-2005-0194 {DSA-667-1} - squid 2.5.7-7 -CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...) +CVE-2005-0193 NOT-FOR-US: mRouter in iSync in OS X -CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...) +CVE-2005-0192 NOT-FOR-US: RealPlayer -CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...) +CVE-2005-0191 NOT-FOR-US: RealPlayer -CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...) +CVE-2005-0190 NOT-FOR-US: RealPlayer -CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...) +CVE-2005-0189 NOT-FOR-US: RealPlayer -CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...) +CVE-2005-0188 NOT-FOR-US: AtHoc toolbar -CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...) +CVE-2005-0187 NOT-FOR-US: AtHoc toolbar -CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...) +CVE-2005-0186 NOT-FOR-US: Cisco -CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...) +CVE-2005-0185 NOT-FOR-US: NodeManager Professional -CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...) +CVE-2005-0184 NOT-FOR-US: vacation plugin -CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...) +CVE-2005-0183 NOT-FOR-US: vacation plugin -CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...) +CVE-2005-0182 NOT-FOR-US: mod_dosevasive module for apache CVE-2005-0181 RESERVED -CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...) +CVE-2005-0180 [sarge] - kernel-source-2.6.8 2.6.8-12 - linux-2.6 <not-affected> (Fixed before upload into archive) - kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4) -CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...) +CVE-2005-0179 [sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9) - linux-2.6 <not-affected> (Fixed before initial release) -CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...) +CVE-2005-0178 - kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...) +CVE-2005-0177 - kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...) +CVE-2005-0176 - linux-2.6 <not-affected> (Fixed before upload into archive) -CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...) +CVE-2005-0218 - clamav 0.81 -CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...) +CVE-2005-0198 - uw-imap 7:2002edebian1-6 -CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) +CVE-2005-0175 {DSA-667-1} - squid 2.5.7-6 -CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...) +CVE-2005-0174 - squid 2.5.7-6 -CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...) +CVE-2005-0173 {DSA-667-1} - squid 2.5.7-4 CVE-2005-0172 @@ -11131,255 +11131,255 @@ CVE-2005-0164 RESERVED CVE-2005-0163 RESERVED -CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...) +CVE-2005-0162 - openswan 2.3.0-2 - freeswan <not-affected> -CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...) +CVE-2005-0161 - unace 1.2b-3 -CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...) +CVE-2005-0160 - unace 1.2b-3 -CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...) +CVE-2005-0159 {DSA-679-1} - toolchain-source 3.4-5 -CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) +CVE-2005-0158 {DSA-687-1} - bidwatcher 1.3.17-1 -CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...) +CVE-2005-0157 {DSA-720-1} - smartlist 3.15-18 -CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...) +CVE-2005-0156 - perl 5.8.4-6 -CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...) +CVE-2005-0155 - perl 5.8.4-6 - mooix 1.0rc5.pre4 CVE-2005-0154 RESERVED CVE-2005-0153 RESERVED -CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...) +CVE-2005-0152 {DSA-662-1} - squirrelmail 1:1.2.7-1 NOTE: This bug exists only in version 1.2.6. -CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) +CVE-2005-0151 NOT-FOR-US: Adobe License Management Software -CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...) +CVE-2005-0150 - mozilla-firefox 1.0 -CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...) +CVE-2005-0149 - mozilla-thunderbird 0.7 - mozilla 2:1.7.4 -CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...) +CVE-2005-0148 - mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows) -CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...) +CVE-2005-0147 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) +CVE-2005-0146 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...) +CVE-2005-0145 - mozilla-firefox 1.0 -CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...) +CVE-2005-0144 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...) +CVE-2005-0143 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...) +CVE-2005-0142 - mozilla-firefox 1.0 - mozilla-thunderbird 0.7 - mozilla 2:1.7.5 -CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) +CVE-2005-0141 - mozilla-firefox 1.0 - mozilla 2:1.7.5 -CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) +CVE-2005-0140 NOT-FOR-US: PeID -CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...) +CVE-2005-0139 NOT-FOR-US: Irix -CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...) +CVE-2005-0138 NOT-FOR-US: Irix -CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) +CVE-2005-0137 - linux-2.6 <not-affected> - kernel-source-2.4.27 2.4.27-10 (bug #308584) -CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...) +CVE-2005-0136 [sarge] - kernel-source-2.6.8 2.6.8-14 - linux-2.6 2.6.11 -CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) +CVE-2005-0135 {DSA-1082-1 DSA-1070-1 DSA-1067-1} - linux-2.6 <not-affected> [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...) +CVE-2005-0134 NOT-FOR-US: SCO UnixWare -CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...) +CVE-2005-0133 - clamav 0.80-0.81rc1-1 CVE-2005-0132 RESERVED -CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...) +CVE-2005-0131 - konversation 0.15-3 -CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...) +CVE-2005-0130 - konversation 0.15-3 -CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) +CVE-2005-0129 - konversation 0.15-3 CVE-2005-0128 REJECTED -CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) +CVE-2005-0127 NOT-FOR-US: MacOS -CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) +CVE-2005-0126 NOT-FOR-US: MacOS -CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) +CVE-2005-0125 NOT-FOR-US: MacOS -CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...) +CVE-2005-0124 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} - linux-2.6 2.6.12-1 CVE-2005-0123 REJECTED CVE-2005-0122 REJECTED -CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) +CVE-2005-0121 NOT-FOR-US: golddig -CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...) +CVE-2005-0120 NOT-FOR-US: helvis -CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...) +CVE-2005-0119 NOT-FOR-US: helvis -CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...) +CVE-2005-0118 NOT-FOR-US: helvis -CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...) +CVE-2005-0117 - xshisen 1.51-1-1.1 (bug #289784) -CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) +CVE-2005-0116 - awstats 6.2-1.1 -CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...) +CVE-2005-0115 NOT-FOR-US: DataRescue Interactive Disassembler -CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...) +CVE-2005-0114 NOT-FOR-US: ZoneAlarm -CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...) +CVE-2005-0113 NOT-FOR-US: IRIX -CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...) +CVE-2005-0112 NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point -CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...) +CVE-2005-0111 - maxdb-7.5.00 7.5.00.18 -CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) +CVE-2005-0110 NOT-FOR-US: MSIE -CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...) +CVE-2005-0109 NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical NOTE: attack, paranoid people should disable hyper threading - kfreebsd5-source 5.3-11 -CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...) +CVE-2005-0108 {DSA-659-1} - libapache-mod-auth-radius 1.5.7-6 - libpam-radius-auth 1.3.16-3 -CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...) +CVE-2005-0107 {DSA-690-1} - bsmtpd 2.3pl8b-16 -CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...) +CVE-2005-0106 - libnet-ssleay-perl 1.25-1.1 -CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...) +CVE-2005-0105 {DSA-684-1} - typespeed 0.4.4-8 -CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...) +CVE-2005-0104 {DSA-662-1} - squirrelmail 2:1.4.4 -CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...) +CVE-2005-0103 - squirrelmail 2:1.4.4-1 -CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...) +CVE-2005-0102 {DSA-673-1} - evolution 2.0.3-1.2 (bug #295548) -CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...) +CVE-2005-0101 - newspost 2.1.1-2 -CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...) +CVE-2005-0100 {DSA-685-1 DSA-671-1 DSA-670-1} - emacs21 21.3+1-9 - xemacs21 21.4.16-2 -CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...) +CVE-2005-0099 {DSA-691-1} - abuse <removed> -CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...) +CVE-2005-0098 {DSA-691-1} - abuse <removed> -CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...) +CVE-2005-0097 - squid 2.5.7-4 -CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...) +CVE-2005-0096 - squid 2.5.7-4 -CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...) +CVE-2005-0095 {DSA-651-1} - squid 2.5.7-4 -CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...) +CVE-2005-0094 {DSA-651-1} - squid 2.5.7-4 CVE-2005-0093 REJECTED -CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) +CVE-2005-0092 - linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel) -CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) +CVE-2005-0091 - linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel) -CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) +CVE-2005-0090 - linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel) -CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...) +CVE-2005-0089 {DSA-666-1} - python2.2 2.2.3-14 - python2.3 2.3.4+2.3.5c1-2 - python2.4 2.4-5 -CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...) +CVE-2005-0088 {DSA-689-1} - libapache2-mod-python 3.1.3-3 - libapache-mod-python 2:2.7.10-4 -CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) +CVE-2005-0087 NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9 - alsa-lib 1.0.9-1 (unimportant) -CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) +CVE-2005-0086 - less <not-affected> (Red Hat specific less bug) -CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) +CVE-2005-0085 {DSA-680-1} - htdig 1:3.1.6-11 (bug #305996) -CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) +CVE-2005-0084 {DSA-653-1} - ethereal 0.10.9-1 -CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...) +CVE-2005-0083 - maxdb-7.5.00 7.5.00.24-1 -CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...) +CVE-2005-0082 - maxdb-7.5.00 7.5.00.21-1 -CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...) +CVE-2005-0081 - maxdb-7.5.00 7.5.00.21-1 -CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) +CVE-2005-0080 - mailman 2.1.5-5 -CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...) +CVE-2005-0079 {DSA-649-1} - xtrlock 2.0-9 -CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...) +CVE-2005-0078 {DSA-660-1} - kdebase 4:3.0.5 -CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...) +CVE-2005-0077 {DSA-658-1} - libdbi-perl 1.46-6 -CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...) +CVE-2005-0076 {DSA-672-1} - xview 3.2p1.4-19 -CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...) +CVE-2005-0075 - squirrelmail 2:1.4.4-1 -CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...) +CVE-2005-0074 {DSA-676-1} - xpcd 2.08-11.1 (bug #294793) -CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...) +CVE-2005-0073 {DSA-677-1} - sympa 4.1.2-2.1 -CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...) +CVE-2005-0072 {DSA-655-1} - zhcon 1:0.2.3-8.1 (bug #292210) -CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...) +CVE-2005-0071 {DSA-656-1} - vdr 1.2.6-6 -CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...) +CVE-2005-0070 {DSA-681-1} - synaesthesia 2.1-3 NOTE: does not apply for sarge, program is not setuid anymore -CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...) +CVE-2005-0069 - vim 1:6.3-058+1 -CVE-2005-0068 (The original design of ICMP does not require authentication for ...) +CVE-2005-0068 NOTE: general icmp design error -CVE-2005-0067 (The original design of TCP does not require that port numbers be ...) +CVE-2005-0067 NOTE: general tcp design error, no indication it affects linux -CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...) +CVE-2005-0066 NOTE: general tcp design error -CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) +CVE-2005-0065 NOTE: general tcp design error -CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...) +CVE-2005-0064 {DSA-648-1 DSA-645-1} - xpdf 3.00-13 - gpdf 2.8.2-1.2 @@ -11391,72 +11391,72 @@ CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt. NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6. NOTE: In version 1.1.23-13, the dormant code in the source NOTE: package was fixed. -CVE-2005-0063 (The document processing application used by the Windows Shell in ...) +CVE-2005-0063 NOT-FOR-US: Microsoft CVE-2005-0062 RESERVED -CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) +CVE-2005-0061 NOT-FOR-US: Microsoft -CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...) +CVE-2005-0060 NOT-FOR-US: Microsoft -CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...) +CVE-2005-0059 NOT-FOR-US: Microsoft -CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...) +CVE-2005-0058 NOT-FOR-US: TAPI for Windows -CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...) +CVE-2005-0057 NOT-FOR-US: Microsoft -CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...) +CVE-2005-0056 NOT-FOR-US: Microsoft -CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...) +CVE-2005-0055 NOT-FOR-US: Microsoft -CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...) +CVE-2005-0054 NOT-FOR-US: Microsoft -CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...) +CVE-2005-0053 NOT-FOR-US: Microsoft CVE-2005-0052 RESERVED -CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...) +CVE-2005-0051 NOT-FOR-US: Microsoft -CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...) +CVE-2005-0050 NOT-FOR-US: Microsoft -CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...) +CVE-2005-0049 NOT-FOR-US: Microsoft -CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...) +CVE-2005-0048 NOT-FOR-US: Microsoft -CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) +CVE-2005-0047 NOT-FOR-US: Microsoft CVE-2005-0046 RESERVED -CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...) +CVE-2005-0045 NOT-FOR-US: Microsoft -CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...) +CVE-2005-0044 NOT-FOR-US: Microsoft -CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...) +CVE-2005-0043 NOT-FOR-US: iTunes CVE-2005-0042 RESERVED CVE-2005-0041 RESERVED -CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) +CVE-2005-0040 NOT-FOR-US: DotNetNuke -CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) +CVE-2005-0039 NOTE: These are known issues of IPSEC and basically every VPN system using NOTE: encryption without authentication. NOTE: openswan even prevents such configurations -CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote ...) +CVE-2005-0038 - pdns 2.9.17-1 -CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...) +CVE-2005-0037 NOT-FOR-US: dnrd -CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote ...) +CVE-2005-0036 NOT-FOR-US: DeleGate -CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...) +CVE-2005-0035 NOT-FOR-US: Adobe -CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) +CVE-2005-0034 - bind9 1:9.3.1 [woody] - bind9 <not-affected> [sarge] - bind9 <not-affected> NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions -CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) +CVE-2005-0033 - bind 1:8.4.6-1 CVE-2005-0032 RESERVED @@ -11476,69 +11476,69 @@ CVE-2005-0025 RESERVED CVE-2005-0024 RESERVED -CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...) +CVE-2005-0023 - gnome-libs <unfixed> (bug #329156; unimportant) - vte <unfixed> (bug #330907; unimportant) NOTE: Not considered a security problem, see #329156 -CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...) +CVE-2005-0022 - exim4 4.34-10 -CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...) +CVE-2005-0021 {DSA-637-1 DSA-635-1} - exim4 4.34-10 - exim 3.36-13 (bug #290036) - exim-tls <removed> -CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...) +CVE-2005-0020 {DSA-641-1} - playmidi 2.4debian-3 -CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...) +CVE-2005-0019 {DSA-675-1} - hztty 2.0-6.1 -CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...) +CVE-2005-0018 {DSA-661-2} - f2c 20020621-3.4 (bug #292792) -CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...) +CVE-2005-0017 {DSA-661-2} - f2c 20020621-3.4 (bug #292792) -CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...) +CVE-2005-0016 {DSA-640-1} - gatos 0.0.5-15 -CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...) +CVE-2005-0015 {DSA-650-1} - sword 1.5.7-7 (bug #291433) -CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...) +CVE-2005-0014 - ncpfs 2.2.6-1 -CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...) +CVE-2005-0013 {DSA-665-1} - ncpfs 2.2.6-1 -CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...) +CVE-2005-0012 - dillo 0.8.3-1 -CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...) +CVE-2005-0011 - kdeedu 4:3.3.2-2 -CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...) +CVE-2005-0010 - ethereal 0.10.9-1 -CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...) +CVE-2005-0009 - ethereal 0.10.9-1 -CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...) +CVE-2005-0008 - ethereal 0.10.9-1 -CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...) +CVE-2005-0007 - ethereal 0.10.9-1 -CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...) +CVE-2005-0006 - ethereal 0.10.9-1 -CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) +CVE-2005-0005 {DSA-646-1} - imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033) -CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...) +CVE-2005-0004 {DSA-647-1} - mysql-dfsg-4.1 4.1.8a-6 - mysql-dfsg 4.0.23-3 -CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...) +CVE-2005-0003 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) - kernel-source-2.4.27 2.4.27-9 [sarge] - kernel-source-2.6.8 2.6.8-9 -CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) +CVE-2005-0002 NOT-FOR-US: poppassd_pam -CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...) +CVE-2005-0001 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} NOTE: i386 and smp specific - linux-2.6 <not-affected> (Fixed before upload into archive) |