diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:12:25 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:12:25 +0000 |
| commit | abe9ee4b3eee00b6f6a7c9106dd20e41fbf86c95 (patch) | |
| tree | 4368abb74de2acf9e323f50472e5e83bc439ff5c /data/CVE/2007.list | |
| parent | b52483e988b611ffa7ff016030b0a61101f28219 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2007.list')
| -rw-r--r-- | data/CVE/2007.list | 12664 |
1 files changed, 6332 insertions, 6332 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index de8b9cd0ea..e5c77889cd 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,28 +1,28 @@ -CVE-2007-6761 +CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6. ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6) -CVE-2007-6760 +CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...) NOT-FOR-US: Dataprobe iBootBar -CVE-2007-6759 +CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...) NOT-FOR-US: Dataprobe iBootBar CVE-2007-6758 RESERVED -CVE-2007-6757 +CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...) NOT-FOR-US: GE Healthcare Centricity DMS -CVE-2007-6756 +CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...) NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series -CVE-2007-6755 +CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ...) - openssl <unfixed> (unimportant) NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2 -CVE-2007-6754 +CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for F ...) NOT-FOR-US: NetBSD/FreeBSD libc -CVE-2007-6753 +CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft Window ...) NOT-FOR-US: Microsoft Windows -CVE-2007-6752 +CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drup ...) - drupal7 <removed> (unimportant) -CVE-2007-6751 +CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...) NOT-FOR-US: MailForm plugin for Movable Type -CVE-2007-6750 +CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ...) - apache2 2.2.15-3 (medium; bug #533661) - apache <removed> (medium; bug #533662) [lenny] - apache2 <no-dsa> (Minor issue) @@ -32,7 +32,7 @@ CVE-2007-6748 RESERVED CVE-2007-6747 RESERVED -CVE-2007-6746 +CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...) - telepathy-idle 0.1.15-1 (low; bug #706094) [wheezy] - telepathy-idle <no-dsa> (Minor issue) [squeeze] - telepathy-idle <no-dsa> (Minor issue) @@ -41,61 +41,61 @@ CVE-2007-6745 [clamav floating point exception in OLE2 scanner DoS] - clamav 0.91.2-1~volatile1 [etch] - clamav <not-affected> (Vulnerable code not present) [sarge] - clamav <not-affected> (Vulnerable code not present) -CVE-2007-6744 +CVE-2007-6744 (Flexera Macrovision InstallShield before 2008 sends a digital-signatur ...) NOT-FOR-US: Flexera Macrovision InstallShield -CVE-2007-6743 +CVE-2007-6743 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 bef ...) NOT-FOR-US: Tivoli -CVE-2007-6742 +CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 ...) NOT-FOR-US: Tivoli -CVE-2007-6741 +CVE-2007-6741 (The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does n ...) - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2007-6740 +CVE-2007-6740 (The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does n ...) - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2007-6739 +CVE-2007-6739 (FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to caus ...) - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2007-6738 +CVE-2007-6738 (pyftpdlib before 0.1.1 does not choose a random value for the port ass ...) - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2007-6737 +CVE-2007-6737 (FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempte ...) - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2007-6736 +CVE-2007-6736 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...) - python-pyftpdlib <not-affected> (Fixed before initial upload to the archive) -CVE-2007-6735 +CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: Novell NetWare -CVE-2007-6734 +CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...) NOT-FOR-US: Novell NetWare -CVE-2007-6733 +CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...) - linux-2.6 2.6.10-1 -CVE-2007-6732 +CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in loaders/dtt_load ...) - xmp 2.6.1-1 (low; bug #546730) [etch] - xmp <no-dsa> (Minor issue, fringe app/formats) [lenny] - xmp <no-dsa> (Minor issue, fringe app/formats) -CVE-2007-6731 +CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers ...) - xmp 2.6.1-1 (low; bug #546730) [etch] - xmp <no-dsa> (Minor issue, fringe app/formats) [lenny] - xmp <no-dsa> (Minor issue, fringe app/formats) -CVE-2007-6730 +CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: ZyXEL P-330W -CVE-2007-6729 +CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: ZyXEL P-330W -CVE-2007-6728 +CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote atta ...) NOT-FOR-US: XMB -CVE-2007-6727 +CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...) NOT-FOR-US: KerviNet Forum -CVE-2007-6726 +CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...) NOT-FOR-US: Dojo -CVE-2007-6725 +CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly o ...) {DSA-2080-1} - ghostscript 8.63.dfsg.1-1 (medium; bug #524803) - gs-gpl <removed> (medium; bug #561717) -CVE-2007-6724 +CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs Priv ...) NOT-FOR-US: Vidalia -CVE-2007-6723 +CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs Privo ...) - tork <not-affected> (Affects only Windows and MacOS) -CVE-2007-6722 +CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...) NOT-FOR-US: Vidalia -CVE-2007-6721 +CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before release 1 ...) - bouncycastle 1.38-1 -CVE-2007-6720 +CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possi ...) - libmikmod 3.1.11-6.1 (low; bug #461519) [etch] - libmikmod <no-dsa> (Minor issue) [lenny] - libmikmod <no-dsa> (Minor issue) @@ -106,297 +106,297 @@ CVE-2007-XXXX [tdiary XSS] [etch] - tdiary 2.0.2+20060303-5 NOTE: fixed in r6 point update NOTE: http://www.tdiary.org/20071215.html -CVE-2007-6719 +CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to e ...) NOT-FOR-US: Wiz-Ad -CVE-2007-6718 +CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...) - mplayer 1.0~rc3+svn20100502-1 (low; bug #407010) [lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left) NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities -CVE-2007-6717 +CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3 ...) NOT-FOR-US: IBM AIX -CVE-2007-6716 +CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...) {DSA-1653-1} - linux-2.6 2.6.23-1 - linux-2.6.24 <not-affected> (Vulnerable code not present) NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f -CVE-2007-6715 +CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ( ...) - iceweasel <removed> (unimportant) NOTE: browser dos not treated as security issues NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed? -CVE-2007-6713 +CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...) NOT-FOR-US: Flip4Mac -CVE-2007-6714 +CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supp ...) - dbmail 2.2.9 -CVE-2007-6712 +CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...) {DSA-1588-1} - linux-2.6 2.6.26-1 - linux-2.6.24 <not-affected> NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x, NOTE: but fixed in git, so marking as fixed in 2.6.26-1 -CVE-2007-6711 +CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2. ...) NOT-FOR-US: FreeWebShop.org CVE-2007-6710 RESERVED -CVE-2007-6709 +CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ear ...) NOT-FOR-US: Cisco Linksys -CVE-2007-6708 +CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisc ...) NOT-FOR-US: Cisco Linksys -CVE-2007-6707 +CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Links ...) NOT-FOR-US: Cisco Linksys -CVE-2007-6706 +CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...) NOT-FOR-US: IBM Lotus Notes -CVE-2007-6705 +CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client fo ...) NOT-FOR-US: WebSphere -CVE-2007-6704 +CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 410 ...) NOT-FOR-US: F5 FirePass -CVE-2007-6703 +CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...) - vdccm <removed> -CVE-2007-6702 +CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka r ...) NOT-FOR-US: FS4104-AW firmware -CVE-2007-6701 +CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...) NOT-FOR-US: Novell Client -CVE-2007-6700 +CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web i ...) NOT-FOR-US: openbsd -CVE-2007-6699 +CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...) NOT-FOR-US: AIM PicEditor -CVE-2007-6698 +CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote auth ...) {DSA-1541-1} - openldap2.3 2.3.38-1 - openldap2.2 <removed> - openldap2 <not-affected> (slapd not built) -CVE-2007-6696 +CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1 ...) - webcalendar 1.1.6-7 (bug #466935) [lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37) -CVE-2007-6695 +CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4 ...) NOT-FOR-US: Drake CMS -CVE-2007-6694 +CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 t ...) {DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.24-1 - linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24) NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24 -CVE-2007-6697 +CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image ...) {DSA-1493-2 DSA-1493-1} - sdl-image1.2 1.2.6-2 (medium) -CVE-2007-6693 +CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery befo ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6692 +CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows rem ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6691 +CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 h ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6690 +CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not che ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6689 +CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious fil ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6688 +CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto G ...) - gallery <not-affected> (Vulnerable code not present) - gallery2 2.2.4-1 (bug #457644) -CVE-2007-6687 +CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6686 +CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows attacker ...) - gallery2 2.2.4-1 (bug #457644) - gallery <not-affected> (Vulnerable code not present) -CVE-2007-6685 +CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery bef ...) - gallery <not-affected> (Vulnerable code not present) - gallery2 2.2.4-1 (bug #457644) -CVE-2007-6680 +CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...) NOT-FOR-US: IBM AIX -CVE-2007-6679 +CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM WebSphe ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-6678 REJECTED -CVE-2007-6677 +CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam I ...) NOT-FOR-US: Peter's Random Anti-Spam Image -CVE-2007-6676 +CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...) NOT-FOR-US: Uber Uploader -CVE-2007-6675 +CVE-2007-6675 (The b_system_comments_show function in htdocs/modules/system/blocks/sy ...) NOT-FOR-US: XOOPS -CVE-2007-6674 +CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...) NOT-FOR-US: RapidShare Database -CVE-2007-6673 +CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows remo ...) NOT-FOR-US: Makale Scripti -CVE-2007-6672 +CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protec ...) - jetty 6.1.18-1 (medium; bug #462793; bug #559765) -CVE-2007-6671 +CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...) NOT-FOR-US: Instant Softwares Dating Site -CVE-2007-6670 +CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...) NOT-FOR-US: PHCDownload -CVE-2007-6669 +CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...) NOT-FOR-US: PHCDownload -CVE-2007-6668 +CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not requi ...) NOT-FOR-US: MySpace Content Zone -CVE-2007-6667 +CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum -CVE-2007-6666 +CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 a ...) NOT-FOR-US: Zenphoto -CVE-2007-6665 +CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL ...) NOT-FOR-US: Netchemia -CVE-2007-6664 +CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ea ...) NOT-FOR-US: WebPortal -CVE-2007-6663 +CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html. ...) NOT-FOR-US: Pragmatic Utopia PU Arcade -CVE-2007-6662 +CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows r ...) NOT-FOR-US: CuteNews -CVE-2007-6661 +CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without sup ...) NOT-FOR-US: 2z project -CVE-2007-6660 +CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: 2z project -CVE-2007-6659 +CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9. ...) NOT-FOR-US: 2z project -CVE-2007-6658 +CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) ...) NOT-FOR-US: CCMS -CVE-2007-6657 +CVE-2007-6657 (PHP remote file inclusion vulnerability in source/includes/load_forum. ...) NOT-FOR-US: Mihalism -CVE-2007-6656 +CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module f ...) NOT-FOR-US: CMS Made Simple -CVE-2007-6655 +CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in Ko ...) NOT-FOR-US: Kontakt Formular -CVE-2007-6654 +CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision InstallShi ...) NOT-FOR-US: Macrovision InstallShield Update Service Web Agent -CVE-2007-6653 +CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi Ho ...) NOT-FOR-US: Mihalism -CVE-2007-6652 +CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser ...) NOT-FOR-US: XCMS -CVE-2007-6651 +CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...) NOT-FOR-US: Bitweaver -CVE-2007-6650 +CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in Bitwea ...) NOT-FOR-US: Bitweaver -CVE-2007-6649 +CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in Ma ...) NOT-FOR-US: MatPo Bilder Gallery -CVE-2007-6648 +CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery 0.1. ...) NOT-FOR-US: SanyBee Gallery -CVE-2007-6647 +CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier ...) NOT-FOR-US: w-Agora -CVE-2007-6646 +CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...) NOT-FOR-US: LiveCart -CVE-2007-6645 +CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote auth ...) NOT-FOR-US: Joomla! -CVE-2007-6644 +CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to p ...) NOT-FOR-US: Joomla! -CVE-2007-6643 +CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...) NOT-FOR-US: Joomla! -CVE-2007-6642 +CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...) NOT-FOR-US: Joomla! -CVE-2007-6641 +CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Re ...) NOT-FOR-US: milliscripts -CVE-2007-6640 +CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not pro ...) NOT-FOR-US: Creammonkey and GreaseKit -CVE-2007-6639 +CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier al ...) NOT-FOR-US: IPTBB -CVE-2007-6638 +CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web roo ...) NOT-FOR-US: March Networks -CVE-2007-6637 +CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...) - flashplugin-nonfree 1:1.4 (bug #459071) [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html -CVE-2007-6636 +CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu befor ...) NOT-FOR-US: Bitflu -CVE-2007-6635 +CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in ...) NOT-FOR-US: FAQMasterFlexPlus -CVE-2007-6634 +CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly ...) NOT-FOR-US: FAQMasterFlexPlus -CVE-2007-6633 +CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPl ...) NOT-FOR-US: FAQMasterFlexPlus -CVE-2007-6632 +CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbit ...) NOT-FOR-US: xml2owl -CVE-2007-6631 +CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier al ...) NOT-FOR-US: LScube libnemesi -CVE-2007-6630 +CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by ...) NOT-FOR-US: Netembryo -CVE-2007-6629 +CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows remot ...) NOT-FOR-US: LScube Feng -CVE-2007-6628 +CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a deni ...) NOT-FOR-US: LScube Feng -CVE-2007-6627 +CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...) NOT-FOR-US: LScube Feng -CVE-2007-6626 +CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in R ...) NOT-FOR-US: LScube Feng -CVE-2007-6625 +CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform Serv ...) NOT-FOR-US: Platform Service Process (asampsp) -CVE-2007-6624 +CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i an ...) NOT-FOR-US: PNphpBB2 -CVE-2007-6623 +CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...) NOT-FOR-US: ZeusCMS -CVE-2007-6622 +CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...) NOT-FOR-US: ZeusCMS -CVE-2007-6621 +CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili 3.0 ...) NOT-FOR-US: Joovili -CVE-2007-6620 +CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...) NOT-FOR-US: Joovili -CVE-2007-6619 +CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 do ...) NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition -CVE-2007-6618 +CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to delet ...) NOT-FOR-US: JIRA Enterprise Edition -CVE-2007-6617 +CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterp ...) NOT-FOR-US: JIRA Enterprise Edition -CVE-2007-6616 +CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleF ...) NOT-FOR-US: SimpleForum -CVE-2007-6615 +CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares Medi ...) NOT-FOR-US: Agares Media phpAutoVideo -CVE-2007-6614 +CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...) NOT-FOR-US: Agares Media phpAutoVideo -CVE-2007-6613 +CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in i ...) - libcdio 0.78.2+dfsg1-2 (low; bug #459129) [sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package) [etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package) NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool -CVE-2007-6610 +CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...) - unp 1.0.13 (bug #448437; low) [etch] - unp <no-dsa> (Only used as archiver in third-party software) -CVE-2007-6609 +CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...) NOT-FOR-US: CoolPlayer -CVE-2007-6608 +CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5. ...) NOT-FOR-US: OpenBiblio -CVE-2007-6607 +CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain se ...) NOT-FOR-US: OpenBiblio -CVE-2007-6606 +CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain co ...) NOT-FOR-US: OpenBiblio -CVE-2007-6605 +CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2 ...) NOT-FOR-US: SkyFex Client -CVE-2007-6604 +CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...) NOT-FOR-US: XCMS -CVE-2007-6603 +CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and rea ...) NOT-FOR-US: Hot or Not Clone -CVE-2007-6602 +CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub 0.5. ...) NOT-FOR-US: NoseRub -CVE-2007-6601 +CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8 ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 -CVE-2007-6600 +CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 [sarge] - postgresql <unfixed> -CVE-2007-6597 +CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...) NOT-FOR-US: IPortalX -CVE-2007-6599 +CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...) {DSA-1458-1} - openafs 1.4.6.dfsg1-1 (medium) NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt -CVE-2007-6595 +CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a syml ...) {DSA-1497-1} - clamav 0.92.1~dfsg-1 (low; bug #458532) [etch] - clamav <not-affected> (Minor issue, first issue doesn't apply) [sarge] - clamav <no-dsa> (Security Support has stopped) -CVE-2007-6596 +CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...) - clamav 0.92.1~dfsg-1 (unimportant; bug #458532) [etch] - clamav <no-dsa> (Minor issue) [sarge] - clamav <no-dsa> (Security Support has stopped) NOTE: this is more a feature request than a bug -CVE-2007-6594 +CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak per ...) NOT-FOR-US: Lotus Notes -CVE-2007-6593 +CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy (forme ...) NOT-FOR-US: IBM Lotus Notes -CVE-2007-6592 +CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the b ...) NOT-FOR-US: Safari -CVE-2007-6591 +CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server cer ...) - kdebase 4:4.0.3-1 (low; bug #458968) [etch] - kdebase <no-dsa> (Minor issue) [lenny] - kdebase <no-dsa> (Minor issue) @@ -404,209 +404,209 @@ CVE-2007-6591 NOTE: No longer occurs in KDE 4.0.3 according to upstream bug CVE-2007-6590 REJECTED -CVE-2007-6589 +CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...) {DSA-1534-1} - iceape 1.1.7-1 (medium) - iceweasel 2.0.0.10-1 (medium) -CVE-2007-6588 +CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows re ...) NOT-FOR-US: PHCDownload -CVE-2007-6587 +CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 al ...) NOT-FOR-US: Plogger -CVE-2007-6586 +CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows r ...) NOT-FOR-US: nicLOR-CMS -CVE-2007-6585 +CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php i ...) NOT-FOR-US: NmnNewsletter -CVE-2007-6584 +CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow r ...) NOT-FOR-US: 1024 CMS -CVE-2007-6583 +CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in 102 ...) NOT-FOR-US: 1024 CMS -CVE-2007-6582 +CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows rem ...) NOT-FOR-US: mBlog -CVE-2007-6581 +CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 allo ...) NOT-FOR-US: Social Engine -CVE-2007-6580 +CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow ...) NOT-FOR-US: Wallpaper Site -CVE-2007-6579 +CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote atta ...) NOT-FOR-US: Ip Reg -CVE-2007-6578 +CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote a ...) NOT-FOR-US: PHP ZLink -CVE-2007-6577 +CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...) NOT-FOR-US: zBlog -CVE-2007-6576 +CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earli ...) NOT-FOR-US: Adult Script -CVE-2007-6575 +CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote at ...) NOT-FOR-US: MMSLamp -CVE-2007-6574 +CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 an ...) NOT-FOR-US: Dokeos -CVE-2007-6573 +CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: QK SMTP -CVE-2007-6572 +CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...) NOT-FOR-US: Sun Java System Web Server -CVE-2007-6571 +CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy ...) NOT-FOR-US: Sun Java System Web Proxy -CVE-2007-6570 +CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database func ...) NOT-FOR-US: Sun Java System Web Proxy Server -CVE-2007-6569 +CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log functio ...) NOT-FOR-US: Sun Java System Web Proxy Server -CVE-2007-6568 +CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero Com ...) NOT-FOR-US: XZero Community Classifieds -CVE-2007-6567 +CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community Clas ...) NOT-FOR-US: XZero Community Classifieds -CVE-2007-6566 +CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...) NOT-FOR-US: XZero Community Classifieds -CVE-2007-6565 +CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta an ...) NOT-FOR-US: Blakord Portal -CVE-2007-6611 +CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...) {DSA-1467-1} - mantis 1.0.8-4 (low; bug #458377) -CVE-2007-6683 +CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to o ...) {DSA-1543-1 DTSA-132-1} - vlc 0.8.6.c-4.1 (medium; bug #458318) - mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370) NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: see https://trac.videolan.org/vlc/ticket/1371 -CVE-2007-6682 +CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function (networ ...) {DSA-1543-1} - vlc 0.8.6.c-4.1 (medium; bug #458318) [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded -CVE-2007-6681 +CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VL ...) {DSA-1543-1} - vlc 0.8.6.c-4.1 (low; bug #458318) [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded -CVE-2007-6684 +CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to caus ...) - vlc 0.8.6.c-4.1 (bug #458318) [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: That's hardly a security problem, just a bug -CVE-2007-6598 +CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including us ...) {DSA-1457-1} - dovecot 1:1.0.10-1 (low; bug #458315) [sarge] - dovecot <not-affected> (Vulnerable code not present) [etch] - dovecot <no-dsa> (very minor issue) NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html NOTE: low, because issue is only with quite rare configurations -CVE-2007-6612 +CVE-2007-6612 (Directory traversal vulnerability in DirHandler (lib/mongrel/handlers. ...) - mongrel 1.1.3-1 (medium) -CVE-2007-6564 +CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0 ...) NOT-FOR-US: Limbo CMS -CVE-2007-6563 +CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ot ...) NOT-FOR-US: WinAce -CVE-2007-6562 +CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...) {DSA-1443-1} - tcpreen 1.4.3-0.3 (medium; bug #457781) -CVE-2007-6561 +CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted re ...) NOT-FOR-US: PDFLib -CVE-2007-6560 +CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic befor ...) NOT-FOR-US: Logaholic -CVE-2007-6559 +CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 all ...) NOT-FOR-US: Logaholic -CVE-2007-6558 +CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a denia ...) NOT-FOR-US: TotalPlayer -CVE-2007-6557 +CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...) NOT-FOR-US: MeGaCheatZ -CVE-2007-6556 +CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow rem ...) NOT-FOR-US: websihirbazi -CVE-2007-6555 +CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...) NOT-FOR-US: Joomla! extension -CVE-2007-6554 +CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 an ...) NOT-FOR-US: TeamCal -CVE-2007-6553 +CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1. ...) NOT-FOR-US: TeamCal -CVE-2007-6552 +CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows r ...) NOT-FOR-US: AuraCMS -CVE-2007-6551 +CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, a ...) NOT-FOR-US: MailMachine -CVE-2007-6550 +CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...) NOT-FOR-US: PMOS Help Desk -CVE-2007-6549 +CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact an ...) NOT-FOR-US: RunCMS -CVE-2007-6548 +CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...) NOT-FOR-US: RunCMS -CVE-2007-6547 +CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...) NOT-FOR-US: RunCMS -CVE-2007-6546 +CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it easi ...) NOT-FOR-US: RunCMS -CVE-2007-6545 +CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1 ...) NOT-FOR-US: RunCMS -CVE-2007-6544 +CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow re ...) NOT-FOR-US: RunCMS -CVE-2007-6543 +CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exch ...) NOT-FOR-US: eSyndiCat Link Exchange Script -CVE-2007-6542 +CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...) NOT-FOR-US: Arcadem LEArcadem LE -CVE-2007-6541 +CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...) NOT-FOR-US: neuron news -CVE-2007-6540 +CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...) NOT-FOR-US: neuron news -CVE-2007-6539 +CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot iSuppo ...) NOT-FOR-US: IDevspot iSupport -CVE-2007-6538 +CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...) - moodle <not-affected> (Vulnerable code not present, third party module) -CVE-2007-6537 +CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...) NOT-FOR-US: WinUAE -CVE-2007-6536 +CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta pres ...) NOT-FOR-US: Google Toolbar -CVE-2007-6535 +CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006 ...) NOT-FOR-US: YShortcut ActiveX control -CVE-2007-6534 +CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher all ...) NOT-FOR-US: Microsoft Office Publisher -CVE-2007-6533 +CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-ass ...) NOT-FOR-US: Zoom Player -CVE-2007-6532 +CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce ...) - libxfcegui4 4.4.2 (low) [sarge] - libxfcegui4 <no-dsa> (Minor issue) [etch] - libxfcegui4 <no-dsa> (Minor issue) -CVE-2007-6531 +CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in Xf ...) - xfce4-panel 4.4.2 (low) [sarge] - xfce4-panel <no-dsa> (Minor issue) [etch] - xfce4-panel <no-dsa> (Minor issue) -CVE-2007-6530 +CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...) NOT-FOR-US: XUpload -CVE-2007-6529 +CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unk ...) - tikiwiki <removed> -CVE-2007-6528 +CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki b ...) - tikiwiki <removed> -CVE-2007-6527 +CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload ...) NOT-FOR-US: PunBB -CVE-2007-6526 +CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...) - tikiwiki <removed> -CVE-2007-6525 +CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) T ...) NOT-FOR-US: IBM DB2 Content Manager -CVE-2007-6524 +CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially sensit ...) NOT-FOR-US: Opera -CVE-2007-6523 +CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...) NOT-FOR-US: Opera -CVE-2007-6522 +CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...) NOT-FOR-US: Opera -CVE-2007-6521 +CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...) NOT-FOR-US: Opera -CVE-2007-6520 +CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain scri ...) NOT-FOR-US: Opera -CVE-2007-6519 +CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System (FF ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2007-6518 +CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab Burnin ...) NOT-FOR-US: WoltLab Burning Board -CVE-2007-6517 +CVE-2007-6517 (SQL injection vulnerability in the forget password section (LostPwd.as ...) NOT-FOR-US: Eagle Software Aeries Browser Interface -CVE-2007-6516 +CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.o ...) NOT-FOR-US: RavWare Software MAS Flic ActiveX Control -CVE-2007-6515 +CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to exe ...) NOT-FOR-US: SiteScape -CVE-2007-6513 +CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports ...) NOT-FOR-US: HP eSupportDiagnostics ActiveX control -CVE-2007-6512 +CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...) NOT-FOR-US: PHP MySQL Banner Exchange -CVE-2007-6511 +CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content fi ...) NOT-FOR-US: Websense Enterprise -CVE-2007-6510 +CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 ...) NOT-FOR-US: ProWizard -CVE-2007-6509 +CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process Manage ...) NOT-FOR-US: Appian Enterprise Business Process Management Suite -CVE-2007-6508 +CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows remo ...) NOT-FOR-US: xeCMS -CVE-2007-6514 +CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a Wi ...) - linux-2.6 2.6.17-1 (low; bug #529318) - linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.17) NOTE: While labeled as an Apache flaw, fix required in smbfs @@ -618,127 +618,127 @@ CVE-2007-XXXX [venkman preinst symlink dos] CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable] - unace-nonfree 2.5-3 [etch] - unace-nonfree 2.5-1etch1 -CVE-2007-6507 +CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, befo ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-6506 +CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.d ...) NOT-FOR-US: HP Software Update -CVE-2007-6505 +CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd ...) NOT-FOR-US: Solaris -CVE-2007-6504 +CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 ...) NOT-FOR-US: Hosting Controller -CVE-2007-6503 +CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...) NOT-FOR-US: Hosting Controller -CVE-2007-6502 +CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authentic ...) NOT-FOR-US: Hosting Controller -CVE-2007-6501 +CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...) NOT-FOR-US: Hosting Controller -CVE-2007-6500 +CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...) NOT-FOR-US: Hosting Controller -CVE-2007-6499 +CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...) NOT-FOR-US: Hosting Controller -CVE-2007-6498 +CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot f ...) NOT-FOR-US: Hosting Controller -CVE-2007-6497 +CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attac ...) NOT-FOR-US: Hosting Controller -CVE-2007-6496 +CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller -CVE-2007-6495 +CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allo ...) NOT-FOR-US: Hosting Controller -CVE-2007-6494 +CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller -CVE-2007-6493 +CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...) NOT-FOR-US: iMesh -CVE-2007-6492 +CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...) NOT-FOR-US: iMesh -CVE-2007-6491 +CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS all ...) NOT-FOR-US: Kvaliitti WebDoc CMS -CVE-2007-6490 +CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One C ...) NOT-FOR-US: Falcon Series One CMS -CVE-2007-6489 +CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series O ...) NOT-FOR-US: Falcon Series One CMS -CVE-2007-6488 +CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series On ...) NOT-FOR-US: Falcon Series One CMS -CVE-2007-6487 +CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 a ...) NOT-FOR-US: Plain Black WebGUI -CVE-2007-6486 +CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...) NOT-FOR-US: LineShout -CVE-2007-6485 +CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ( ...) NOT-FOR-US: Centreon -CVE-2007-6484 +CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote a ...) NOT-FOR-US: phpRPG -CVE-2007-6483 +CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...) NOT-FOR-US: SafeNet Sentinel Protection and Keys Server -CVE-2007-6482 +CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...) NOT-FOR-US: utdevmgrd in Sun Ray Server Software -CVE-2007-6481 +CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...) NOT-FOR-US: utdevmgrd in Sun Ray Server Software -CVE-2007-6480 +CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...) NOT-FOR-US: Oracle database component in Sun Management Center -CVE-2007-6479 +CVE-2007-6479 (Unrestricted file upload vulnerability in the "My productions" compone ...) NOT-FOR-US: Dokeos -CVE-2007-6478 +CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and p ...) NOT-FOR-US: Rosoft Media Player -CVE-2007-6477 +CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature i ...) NOT-FOR-US: Citrix Web Interface and NFuse -CVE-2007-6476 +CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration inform ...) NOT-FOR-US: GF-3XPLORER -CVE-2007-6475 +CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow ...) NOT-FOR-US: GF-3XPLORER -CVE-2007-6474 +CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...) NOT-FOR-US: GF-3XPLORER -CVE-2007-6473 +CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explor ...) NOT-FOR-US: WFTPD Explorer Pro -CVE-2007-6472 +CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allo ...) NOT-FOR-US: phpMyRealty -CVE-2007-6471 +CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Win ...) NOT-FOR-US: phPay -CVE-2007-6470 +CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with insuff ...) NOT-FOR-US: phpRPG -CVE-2007-6469 +CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qut ...) NOT-FOR-US: phpRPG -CVE-2007-6468 +CVE-2007-6468 (Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman. ...) NOT-FOR-US: Hammer of Thyrion -CVE-2007-6467 +CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows re ...) NOT-FOR-US: MKPortal -CVE-2007-6466 +CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...) NOT-FOR-US: FreeWebshop -CVE-2007-6465 +CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in ...) - ganglia-monitor-core <not-affected> (ganglia web-frontend not included) -CVE-2007-6464 +CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0 ...) NOT-FOR-US: Form tools -CVE-2007-6463 +CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...) NOT-FOR-US: PHP Real Estate Classifieds -CVE-2007-6462 +CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate Classif ...) NOT-FOR-US: PHP Real Estate Classifieds -CVE-2007-6461 +CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fl ...) - flyspray <removed> -CVE-2007-6460 +CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Serv ...) NOT-FOR-US: Anon Proxy Server -CVE-2007-6459 +CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers t ...) NOT-FOR-US: Anon Proxy Server -CVE-2007-6458 +CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 al ...) NOT-FOR-US: 123tkShop -CVE-2007-6457 +CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 a ...) NOT-FOR-US: NetWin SurgeMail 38k4 -CVE-2007-6456 +CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffic ...) NOT-FOR-US: Planamesa NeoOffice NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO -CVE-2007-6455 +CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ma ...) NOT-FOR-US: Mambo NOTE: Mambo is in experimental -CVE-2007-6454 +CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...) {DSA-1583-1 DSA-1441-1} - peercast 0.1218+svn20071220+2 (medium; bug #457300) - gnome-peercast 0.5.4-1.2 (medium; bug #466539) -CVE-2007-6453 +CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php i ...) NOT-FOR-US: RaidenHTTPD -CVE-2007-6452 +CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google ...) - gwt 1.6.4-1 (low; bug #563542) -CVE-2007-6451 +CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly ...) {DSA-1446-1 DTSA-104-1} - wireshark 0.99.7-1 - ethereal <removed> -CVE-2007-6450 +CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 all ...) {DSA-1446-1 DTSA-104-1} - wireshark 0.99.7-1 - ethereal <removed> @@ -758,146 +758,146 @@ CVE-2007-6443 REJECTED CVE-2007-6442 REJECTED -CVE-2007-6441 +CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows rem ...) {DTSA-104-1} - wireshark 0.99.7-1 [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6) [etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6) CVE-2007-6440 REJECTED -CVE-2007-6439 +CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause ...) {DTSA-104-1} - wireshark 0.99.7-1 [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6) [etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6) -CVE-2007-6438 +CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly ...) {DTSA-104-1} - wireshark 0.99.7-1 [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6) [etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6) -CVE-2007-6437 +CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows rem ...) {DSA-1464-1 DTSA-105-1} - syslog-ng 2.0.6-1 (low; bug #457334) [sarge] - syslog-ng <not-affected> (Vulnerable code not present) -CVE-2007-6436 +CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...) NOT-FOR-US: JustSystems -CVE-2007-6435 +CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTM ...) NOT-FOR-US: Novell GroupWise -CVE-2007-6434 +CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...) - linux-2.6 2.6.23-2 [etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected) -CVE-2007-6433 +CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query clas ...) - jbosseam <itp> (bug #451956) -CVE-2007-6432 +CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...) NOT-FOR-US: Adobe PageMaker -CVE-2007-6431 +CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...) NOT-FOR-US: Adobe Flash Media Server -CVE-2007-6430 +CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...) {DSA-1525-1} - asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063) [etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA) [sarge] - asterisk <not-affected> (Vulnerable code not present) -CVE-2007-6429 +CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow context ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 -CVE-2007-6428 +CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension i ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 -CVE-2007-6427 +CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows context-depe ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 -CVE-2007-6426 +CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and pos ...) NOT-FOR-US: EMC RepliStor -CVE-2007-6425 +CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transpor ...) NOT-FOR-US: HP-UX -CVE-2007-6424 +CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in cert ...) NOT-FOR-US: Fonality Trixbox CVE-2007-6423 - apache2 <not-affected> (disputed / only for Windows) -CVE-2007-6422 +CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...) - apache2 2.2.8-1 (low) [sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2) [etch] - apache2 2.2.3-4+etch4 (low) -CVE-2007-6421 +CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in mod_pr ...) - apache2 2.2.8-1 (low) [sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2) [etch] - apache2 2.2.3-4+etch4 (low) -CVE-2007-6420 +CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the balancer-manage ...) - apache2 2.2.9-1 (low) [etch] - apache2 <no-dsa> (minor issue) [sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2) NOTE: Won't be fixed in etch. -CVE-2007-6419 +CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.2 ...) NOT-FOR-US: HP-UX -CVE-2007-6417 +CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...) {DSA-1436-1} - linux-2.6 2.6.23-2 -CVE-2007-6416 +CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen 3 ...) - xen-unstable <not-affected> (We only have xen for i386 and amd64) - xen-3 <not-affected> (We only have xen for i386 and amd64) - xen-3.0 <not-affected> (We only have xen for i386 and amd64) -CVE-2007-6415 +CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...) {DSA-1473-1} - scponly 4.6-1.2 (high) -CVE-2007-6414 +CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a redire ...) NOT-FOR-US: Adult ScriptAdult Script -CVE-2007-6413 +CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120 ...) NOT-FOR-US: Sun Solaris -CVE-2007-6412 +CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in Bitwea ...) NOT-FOR-US: Bitweaver -CVE-2007-6411 +CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...) NOT-FOR-US: Gadu-Gadu client -CVE-2007-6410 +CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows re ...) NOT-FOR-US: Gadu-Gadu client -CVE-2007-6409 +CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed b ...) NOT-FOR-US: Gadu-Gadu client -CVE-2007-6408 +CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified informati ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express -CVE-2007-6407 +CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Prov ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express -CVE-2007-6406 +CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Co ...) NOT-FOR-US: CA eTrust Threat Management Console -CVE-2007-6405 +CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...) NOT-FOR-US: Simple HTTPD -CVE-2007-6404 +CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttp ...) NOT-FOR-US: Simple HTTPD -CVE-2007-6403 +CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assist ...) NOT-FOR-US: Winamp -CVE-2007-6402 +CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic (M ...) NOT-FOR-US: Media Player Classic -CVE-2007-6401 +CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...) NOT-FOR-US: Microsoft Windows Media Player -CVE-2007-6400 +CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ( ...) NOT-FOR-US: PolDoc CMS -CVE-2007-6399 +CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote authenticate ...) NOT-FOR-US: Flat PHP Board -CVE-2007-6398 +CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass authe ...) NOT-FOR-US: Flat PHP Board -CVE-2007-6397 +CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...) NOT-FOR-US: Flat PHP Board -CVE-2007-6396 +CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP Bo ...) NOT-FOR-US: Flat PHP Board -CVE-2007-6395 +CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...) NOT-FOR-US: Flat PHP Board -CVE-2007-6394 +CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 allo ...) NOT-FOR-US: Content Injector -CVE-2007-6393 +CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...) NOT-FOR-US: Ace Image Hosting Script -CVE-2007-6392 +CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows remo ...) NOT-FOR-US: DWdirectory -CVE-2007-6391 +CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 allow ...) NOT-FOR-US: SH-News -CVE-2007-6390 +CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar plug ...) - serendipity <not-affected> (This is an external plugin not included in our packages) -CVE-2007-6389 +CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 mig ...) - gnome-screensaver 2.22.0-1 (low; bug #455484) [etch] - gnome-screensaver <no-dsa> (Minor issue) -CVE-2007-6388 +CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache H ...) - apache <removed> (low) - apache2 2.2.8-1 (low) [etch] - apache2 2.2.3-4+etch6 [etch] - apache 1.3.34-4.1+etch1 -CVE-2007-6358 +CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...) {DSA-1437-1} - cups 1.3.5-1 (low; bug #456960) - cupsys 1.3.5-1 (low; bug #456960) @@ -905,535 +905,535 @@ CVE-2007-6358 NOTE: the debian package is a bit confusing here as it also ships a pdftops NOTE: wrapper script as an example but the original script is installed NOTE: under /usr/lib/cups/filters -CVE-2007-6356 +CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (in ...) {DSA-1533-2 DSA-1533-1} - exiftags 1.01-0.1 (low; bug #457062) -CVE-2007-6355 +CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...) {DSA-1533-2 DSA-1533-1} - exiftags 1.01-0.1 (bug #457062) -CVE-2007-6354 +CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact a ...) {DSA-1533-2 DSA-1533-1} - exiftags 1.01-0.1 (bug #457062) -CVE-2007-6352 +CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependen ...) {DSA-1487-1} - libexif 0.6.16-2.1 (medium; bug #457330) -CVE-2007-6351 +CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...) {DSA-1487-1} - libexif 0.6.16-2.1 (low; bug #457330) -CVE-2007-6349 +CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windo ...) NOT-FOR-US: P4Web -CVE-2007-6418 +CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQ ...) {DSA-1501-1} - dspam 3.6.8-5.1 (low; bug #448519) -CVE-2007-6387 +CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 Acti ...) NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX -CVE-2007-6386 +CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...) NOT-FOR-US: Trend Micro AntiVirus -CVE-2007-6385 +CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not prop ...) NOT-FOR-US: Kerio WinRoute Firewall -CVE-2007-6384 +CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...) NOT-FOR-US: BEA WebLogic Mobility Server -CVE-2007-6383 +CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ch ...) NOT-FOR-US: Chandler -CVE-2007-6382 +CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote attac ...) NOT-FOR-US: Robocode -CVE-2007-6381 +CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...) {DSA-1439-1} - typo3-src 4.1.5-1 (low; bug #457446) NOTE: you need to be a logged in backend user to exploit this -CVE-2007-6380 +CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1 ...) NOT-FOR-US: e-Xoops -CVE-2007-6379 +CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: BadBlue -CVE-2007-6378 +CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and e ...) NOT-FOR-US: BadBlue -CVE-2007-6377 +CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll i ...) NOT-FOR-US: BadBlue -CVE-2007-6376 +CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi P ...) NOT-FOR-US: PHP-Nuke -CVE-2007-6375 +CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...) NOT-FOR-US: Bitweaver -CVE-2007-6374 +CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...) NOT-FOR-US: Bitweaver -CVE-2007-6373 +CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow rem ...) NOT-FOR-US: GestDown -CVE-2007-6372 +CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remo ...) NOT-FOR-US: JUNOS -CVE-2007-6371 +CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attac ...) NOT-FOR-US: Nokia N95 CVE-2007-6370 REJECTED -CVE-2007-6369 +CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the Pict ...) NOT-FOR-US: PictPress -CVE-2007-6368 +CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 all ...) NOT-FOR-US: ezContents -CVE-2007-6367 +CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook i ...) NOT-FOR-US: SineCMS -CVE-2007-6366 +CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier al ...) NOT-FOR-US: SineCMS -CVE-2007-6365 +CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php i ...) NOT-FOR-US: bcoos -CVE-2007-6364 +CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLM ...) NOT-FOR-US: JLMForo System -CVE-2007-6363 +CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when u ...) NOT-FOR-US: IBM Tivoli Netcool Security Manager -CVE-2007-6362 +CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery (com_rsgalle ...) NOT-FOR-US: RSGallery -CVE-2007-6361 +CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web roo ...) NOT-FOR-US: Gekko -CVE-2007-6360 +CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...) NOT-FOR-US: Sun eXtended System Control Facility -CVE-2007-6359 +CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-6357 +CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...) NOT-FOR-US: Microsoft Office Access -CVE-2007-6353 +CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...) {DSA-1474-1} - exiv2 0.15-2 (medium; bug #456760) -CVE-2007-6350 +CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...) {DSA-1473-1} - scponly 4.6-1.1 (high; bug #437148) -CVE-2007-6348 +CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net befo ...) - squirrelmail <not-affected> (Compromised packages were never in Debian) -CVE-2007-6347 +CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php i ...) NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free -CVE-2007-6346 +CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allo ...) NOT-FOR-US: Rainboard -CVE-2007-6345 +CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...) NOT-FOR-US: aurora -CVE-2007-6344 +CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms Eas ...) NOT-FOR-US: Mcms Easy Web Make -CVE-2007-6343 +CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node M ...) NOT-FOR-US: HP OpenView Network Node Manager -CVE-2007-6342 +CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module (AuthCA ...) NOT-FOR-US: Apache AuthCAS module -CVE-2007-6341 +CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such a ...) {DSA-1515-1} - libnet-dns-perl 0.63-1 (low; bug #457445) NOTE: maybe this should be unimportant as applications using net-dns should handle this croak -CVE-2007-6340 +CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ciph ...) NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt -CVE-2007-6339 +CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (Do ...) NOT-FOR-US: Akamai Download Manager -CVE-2007-6338 +CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill E ...) NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System -CVE-2007-6337 +CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in nsis ...) {DTSA-101-1} - clamav 0.92~dfsg-1~volatile2 [sarge] - clamav <not-affected> (Vulnerable code not present) [etch] - clamav <not-affected> (Vulnerable code not present) -CVE-2007-6336 +CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to exec ...) {DSA-1435-1 DTSA-101-1} - clamav 0.92~dfsg-1~volatile2 [sarge] - clamav <not-affected> (Vulnerable code not present) -CVE-2007-6335 +CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote atta ...) {DSA-1435-1 DTSA-101-1} - clamav 0.92~dfsg-1~volatile2 [sarge] - clamav <not-affected> (Vulnerable code not present) -CVE-2007-6334 +CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and pos ...) NOT-FOR-US: Ingres on Windows -CVE-2007-6333 +CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...) NOT-FOR-US: HP Info Center / HP Quick Launch Buttons -CVE-2007-6332 +CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...) NOT-FOR-US: HP Info Center HP Quick Launch Buttons -CVE-2007-6331 +CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 Active ...) NOT-FOR-US: HP Info Center / HP Quick Launch Buttons -CVE-2007-6330 +CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...) NOT-FOR-US: Meridian Prolog Manager -CVE-2007-6329 +CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sig ...) NOT-FOR-US: Microsoft Office CVE-2007-6328 - dosbox 0.72-1 (unimportant; bug #458950) NOTE: this is not a security issue, its a feature of dosbox and the first NOTE: thing documented in the manpage -CVE-2007-6327 +CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media Technolog ...) NOT-FOR-US: Online Media Technologies -CVE-2007-6326 +CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attac ...) NOT-FOR-US: Simple HTTPD -CVE-2007-6325 +CVE-2007-6325 (PHP remote file inclusion vulnerability in adminbereich/designconfig.p ...) NOT-FOR-US: Fastpublish -CVE-2007-6324 +CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter 0.9. ...) NOT-FOR-US: CityWriter -CVE-2007-6323 +CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 al ...) NOT-FOR-US: MMS Gallery PHP -CVE-2007-6322 +CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...) NOT-FOR-US: xml2owl -CVE-2007-6320 +CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does n ...) NOT-FOR-US: Feature (third party drupal module) -CVE-2007-6319 +CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8 ...) NOT-FOR-US: Lyris ListManager -CVE-2007-6318 +CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress 2.3. ...) - wordpress 2.3.2-1 (low; bug #459305) [etch] - wordpress <not-affected> (Vulnerable code not present) NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416 -CVE-2007-6317 +CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web Ser ...) NOT-FOR-US: BarracudaDrive -CVE-2007-6316 +CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server ...) NOT-FOR-US: BarracudaDrive -CVE-2007-6315 +CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote authe ...) NOT-FOR-US: BarracudaDrive -CVE-2007-6314 +CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read t ...) NOT-FOR-US: BarracudaDrive -CVE-2007-6313 +CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...) - mysql-dfsg-5.0 <not-affected> (this only affects >= 5.1.x, update for experimental is on its way) - mysql-dfsg-4.1 <removed> -CVE-2007-6312 +CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web Repo ...) NOT-FOR-US: Web Security Suite -CVE-2007-6311 +CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) admin/i ...) NOT-FOR-US: Falt4Extreme -CVE-2007-6310 +CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC ...) NOT-FOR-US: Falt4Extreme -CVE-2007-6309 +CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in we ...) NOT-FOR-US: webSPELL -CVE-2007-6308 +CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows re ...) NOT-FOR-US: HttpLogger -CVE-2007-6307 +CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php ...) NOT-FOR-US: wwwstats -CVE-2007-6306 +CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map f ...) - libjfreechart-java 1.0.9-1 (low; bug #456148) [sarge] - libjfreechart-java <no-dsa> (Contrib not supported) -CVE-2007-6305 +CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...) NOT-FOR-US: IBM Hardware Management Console -CVE-2007-6302 +CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3 ...) NOT-FOR-US: Novell NetMail -CVE-2007-6301 +CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in OpenNewslet ...) NOT-FOR-US: OpenNewsletter -CVE-2007-6300 +CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 a ...) NOT-FOR-US: Fusion News -CVE-2007-6298 +CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for Dr ...) NOT-FOR-US: shoutbox (third party module for Drupal) -CVE-2007-6297 +CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14. ...) NOT-FOR-US: PHPMyChat -CVE-2007-6296 +CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyC ...) NOT-FOR-US: PHPMyChat -CVE-2007-6295 +CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page i ...) NOT-FOR-US: IBM Lotus Sametime -CVE-2007-6294 +CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...) NOT-FOR-US: IBM Hardware Management Console -CVE-2007-6293 +CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...) NOT-FOR-US: IBM Hardware Management Console -CVE-2007-6292 +CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ea ...) NOT-FOR-US: MWOpen -CVE-2007-6291 +CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manag ...) NOT-FOR-US: Xigla Absolute Banner Manager .NET -CVE-2007-6290 +CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in SERWe ...) NOT-FOR-US: SERWeb -CVE-2007-6289 +CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev ...) NOT-FOR-US: SERWeb -CVE-2007-6288 +CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow ...) NOT-FOR-US: TCExam -CVE-2007-6287 +CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs H ...) NOT-FOR-US: HyperVM -CVE-2007-6286 +CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...) - tomcat5.5 <not-affected> (Does not use apr connector) - tomcat5 <removed> -CVE-2007-6285 +CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux distrib ...) - autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev) - autofs5 5.0.3-1 NOTE: for autofs5 see 12disable_default_auto_master.dpatch -CVE-2007-6284 +CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows context-de ...) {DSA-1461-1} - libxml2 2.6.30.dfsg-3.1 (medium; bug #460292) - libxml 1.8.17-14.1 (medium) -CVE-2007-6283 +CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ...) - bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind) -CVE-2007-6282 +CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote r ...) {DSA-1630-1} - linux-2.6 2.6.25-1 - linux-2.6.24 2.6.24-6~etchnhalf.4 NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69 -CVE-2007-6281 +CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...) NOT-FOR-US: St. Bernard Open File Manager -CVE-2007-6304 +CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.2 ...) {DSA-1451-1} - mysql-dfsg-5.0 5.0.45-5 (low; bug #455737) - mysql-dfsg-4.1 <removed> -CVE-2007-6303 +CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0. ...) - mysql-dfsg-5.0 5.0.45-5 (low; bug #455737) - mysql-dfsg-4.1 <removed> [etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32) -CVE-2007-6299 +CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x be ...) - drupal5 5.5-1 - drupal 4.7.10-1 -CVE-2007-6321 +CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...) - roundcube 0.1~rc2-6 (low; bug #455840) NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html CVE-2007-6280 RESERVED -CVE-2007-6279 +CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec (FLA ...) - flac 1.2.1-1 (unimportant) NOTE: According to upstream this issue is not exploitable for code injection NOTE: due to the layout of the seektable memory -CVE-2007-6278 +CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assi ...) - flac 1.2.1-1 (unimportant) NOTE: Such validations are within the responsibility of the respective applications -CVE-2007-6277 +CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) {DSA-1469-1} - flac 1.2.1-1 -CVE-2007-6276 +CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-6275 +CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos ...) NOT-FOR-US: bcoos -CVE-2007-6274 +CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/di ...) NOT-FOR-US: bcoos -CVE-2007-6273 +CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in So ...) NOT-FOR-US: SonicWALL GLobal VPN Client -CVE-2007-6272 +CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...) NOT-FOR-US: Joomla! -CVE-2007-6271 +CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain sensit ...) NOT-FOR-US: Absolute News Manager.NET -CVE-2007-6270 +CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News M ...) NOT-FOR-US: Absolute News Manager.NET -CVE-2007-6269 +CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolu ...) NOT-FOR-US: Absolute News Manager.NET -CVE-2007-6268 +CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute Ne ...) NOT-FOR-US: Absolute News Manager.NET -CVE-2007-6267 +CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 an ...) NOT-FOR-US: Citrix EdgeSight -CVE-2007-6266 +CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier all ...) NOT-FOR-US: bcoos -CVE-2007-6265 +CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions b ...) NOT-FOR-US: avast! CVE-2007-6264 RESERVED -CVE-2007-6263 +CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, whe ...) - linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733) [sarge] - linux-ftpd-ssl <no-dsa> (Minor issue) [etch] - linux-ftpd-ssl <no-dsa> (Minor issue) -CVE-2007-6262 +CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...) - vlc <not-affected> (Windows only issue) -CVE-2007-6261 +CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-6260 +CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with def ...) NOT-FOR-US: Oracle CVE-2007-6259 RESERVED -CVE-2007-6258 +CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV ...) - libapache2-mod-jk2 2.0.4-1 CVE-2007-6257 RESERVED CVE-2007-6256 REJECTED -CVE-2007-6255 +CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBE ...) NOT-FOR-US: Microsoft HRTBEAT.OCX -CVE-2007-6254 +CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects BusinessObject ...) NOT-FOR-US: SAP -CVE-2007-6253 +CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5 ...) NOT-FOR-US: Adobe Form Designer -CVE-2007-6252 +CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation STRunn ...) NOT-FOR-US: Street Technologies CVE-2007-6251 RESERVED -CVE-2007-6250 +CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPl ...) NOT-FOR-US: AmpX ActiveX control -CVE-2007-6249 +CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the um ...) NOT-FOR-US: Gentoo portage CVE-2007-6248 RESERVED CVE-2007-6247 REJECTED -CVE-2007-6246 +CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) -CVE-2007-6245 +CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) -CVE-2007-6244 +CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) -CVE-2007-6243 +CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) -CVE-2007-6242 +CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier m ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) -CVE-2007-6241 +CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unkno ...) NOT-FOR-US: Beehive Forum -CVE-2007-6240 +CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...) NOT-FOR-US: Snitz Forums -CVE-2007-6239 +CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before ...) {DSA-1646-2 DSA-1482-1} - squid 2.6.17-1 (medium; bug #455910) -CVE-2007-6238 +CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows ...) NOT-FOR-US: Apple QuickTime -CVE-2007-6237 +CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie paramete ...) NOT-FOR-US: DeluxeBB -CVE-2007-6236 +CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause ...) NOT-FOR-US: Microsoft Windows Media Player -CVE-2007-6235 +CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote ...) NOT-FOR-US: RealNetworks RealPlayer 11 -CVE-2007-6234 +CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass authent ...) NOT-FOR-US: FTP Admin 0.1.0 -CVE-2007-6233 +CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allo ...) NOT-FOR-US: FTP Admin 0.1.0 -CVE-2007-6232 +CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1 ...) NOT-FOR-US: FTP Admin 0.1.0 -CVE-2007-6231 +CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 ...) NOT-FOR-US: tellmatic -CVE-2007-6230 +CVE-2007-6230 (Directory traversal vulnerability in common/classes/class_HeaderHandle ...) NOT-FOR-US: Rayzz -CVE-2007-6229 +CVE-2007-6229 (PHP remote file inclusion vulnerability in common/classes/class_Header ...) NOT-FOR-US: Rayzz -CVE-2007-6228 +CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 A ...) NOT-FOR-US: Yahoo! Toolbar -CVE-2007-6227 +CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating syst ...) - qemu <not-affected> (Windows issue) -CVE-2007-6226 +CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Powe ...) NOT-FOR-US: American Power Conversion (APC) -CVE-2007-6225 +CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used o ...) NOT-FOR-US: Sun Solaris 10 -CVE-2007-6224 +CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc326 ...) NOT-FOR-US: RealAudioObjects.RealAudio ActiveX -CVE-2007-6223 +CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 ...) NOT-FOR-US: phpBB Garage -CVE-2007-6222 +CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT Interleav ...) NOT-FOR-US: Interleave -CVE-2007-6221 +CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain configurati ...) NOT-FOR-US: TuMusika -CVE-2007-6220 +CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of se ...) - typespeed 0.6.4-1 (unimportant; bug #454527) -CVE-2007-6219 +CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Securit ...) NOT-FOR-US: IBM Tivoli Netcool Security Manager -CVE-2007-6218 +CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...) NOT-FOR-US: Ossigeno CMS -CVE-2007-6217 +CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ( ...) NOT-FOR-US: Irola My-Time -CVE-2007-6216 +CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices ...) NOT-FOR-US: Sun Solaris -CVE-2007-6215 +CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...) NOT-FOR-US: Web-MeetMe -CVE-2007-6214 +CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in Lear ...) NOT-FOR-US: LearnLoop -CVE-2007-6213 +CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in ...) NOT-FOR-US: WebED -CVE-2007-6212 +CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 allow ...) NOT-FOR-US: KML share -CVE-2007-6207 +CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...) - xen-3 3.1.2-1 -CVE-2007-6206 +CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1} - linux-2.6 2.6.24-1 - linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24) -CVE-2007-6205 +CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plu ...) {DSA-1528-1} - serendipity 1.2.1-1 (low) -CVE-2007-6204 +CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...) NOT-FOR-US: HP OpenView -CVE-2007-6203 +CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ...) - apache2 2.2.6-3 (low) [sarge] - apache2 <no-dsa> (minor issue) - apache <not-affected> (vulnerable code not present) NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting [etch] - apache2 2.2.3-4+etch4 -CVE-2007-6208 +CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...) - claws-mail 3.1.0-2 (low; bug #454089) -CVE-2007-6210 +CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" script ...) {DSA-1420-1 DTSA-93-1} - zabbix 1:1.4.2-4 (bug #452682) -CVE-2007-6202 +CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome S ...) NOT-FOR-US: Neocrome Seditio CMS -CVE-2007-6211 +CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...) - sing 1.1-16 (low; bug #454167) [etch] - sing 1.1-13etch1 [sarge] - sing 1.1-9sarge1 -CVE-2007-6209 +CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...) - zsh 4.3.4-dev-3-2 (low; bug #454073) [etch] - zsh <no-dsa> (Minor issue) [sarge] - zsh <no-dsa> (Minor issue) -CVE-2007-6201 +CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x bef ...) - wesnoth 1:1.2.8-1 (low) [etch] - wesnoth 1.2-4 [sarge] - wesnoth 0.9.0-8 -CVE-2007-6200 +CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a wr ...) - rsync 2.6.9-6 (low; bug #453652) [etch] - rsync <no-dsa> (Minor issue) -CVE-2007-6199 +CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is n ...) - rsync 2.6.9-6 (unimportant; bug #453652) NOTE: Security feature enhancement, not really a security problem -CVE-2007-6198 +CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5 ...) NOT-FOR-US: Plumtree -CVE-2007-6197 +CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 a ...) NOT-FOR-US: Plumtree -CVE-2007-6196 +CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...) NOT-FOR-US: Calacode -CVE-2007-6195 +CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in Softw ...) NOT-FOR-US: HP-UX -CVE-2007-6194 +CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 a ...) NOT-FOR-US: HP Select Identity -CVE-2007-6193 +CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...) NOT-FOR-US: Citrix -CVE-2007-6192 +CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses w ...) NOT-FOR-US: Citrix -CVE-2007-6191 +CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.m ...) NOT-FOR-US: Armin Burger p.mapper -CVE-2007-6190 +CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobi ...) NOT-FOR-US: Cisco Unified IP Phone -CVE-2007-6189 +CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in Bit ...) NOT-FOR-US: BitDefender Online Anti-Virus Scanner -CVE-2007-6188 +CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7 ...) NOT-FOR-US: TuMusika Evolution -CVE-2007-6187 +CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...) NOT-FOR-US: PHP Content Architect -CVE-2007-6186 +CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impa ...) NOT-FOR-US: PHPDevShell -CVE-2007-6185 +CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...) NOT-FOR-US: Eurologon CMS -CVE-2007-6184 +CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...) NOT-FOR-US: Project Alumni -CVE-2007-6182 +CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 al ...) NOT-FOR-US: ISPmanager -CVE-2007-6181 +CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...) NOT-FOR-US: Cygwin -CVE-2007-6180 +CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...) NOT-FOR-US: Solaris -CVE-2007-6179 +CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0. ...) NOT-FOR-US: Charray's CMS -CVE-2007-6178 +CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Con ...) NOT-FOR-US: Easy Hosting Control Panel for Ubuntu -CVE-2007-6177 +CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in PHP ...) NOT-FOR-US: PHP-CON -CVE-2007-6176 +CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...) NOT-FOR-US: KB-Bestellsystem -CVE-2007-6175 +CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...) NOT-FOR-US: Lhaplus -CVE-2007-6174 +CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain pri ...) NOT-FOR-US: PHPDevShell -CVE-2007-6173 +CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) - liferay-portal <itp> (bug #569819) -CVE-2007-6172 +CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...) NOT-FOR-US: wpQuiz -CVE-2007-6169 +CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...) NOT-FOR-US: GOUAE DWD Realty -CVE-2007-6168 +CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows r ...) NOT-FOR-US: VU Case Manager -CVE-2007-6167 +CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...) NOT-FOR-US: Yast2 -CVE-2007-6166 +CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used i ...) NOT-FOR-US: Apple QuickTime -CVE-2007-6165 +CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote at ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-6164 +CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote a ...) NOT-FOR-US: Eurologon CMS -CVE-2007-6163 +CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...) NOT-FOR-US: GOUAE DWD Realty -CVE-2007-6162 +CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1. ...) NOT-FOR-US: FMDeluxe -CVE-2007-6161 +CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to obta ...) NOT-FOR-US: Tilde CMS -CVE-2007-6160 +CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...) NOT-FOR-US: Tilde CMS -CVE-2007-6159 +CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...) NOT-FOR-US: Tilde CMS -CVE-2007-6158 +CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...) NOT-FOR-US: Proverbs Web Calendar -CVE-2007-6157 +CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...) NOT-FOR-US: SimpleGallery -CVE-2007-6156 +CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.p ...) - acidbase 1.3.9-1 (low; bug #453838) [etch] - acidbase <not-affected> (vulnerable code not present, in etch acidbase exits in this case) CVE-2007-6155 @@ -1444,89 +1444,89 @@ CVE-2007-6153 RESERVED CVE-2007-6152 RESERVED -CVE-2007-6151 +CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1} - linux-2.6 2.6.23-2 -CVE-2007-6149 +CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media Ser ...) NOT-FOR-US: Adobe Flash Media Server -CVE-2007-6148 +CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media S ...) NOT-FOR-US: Adobe Flash Media Server -CVE-2007-6147 +CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1. ...) NOT-FOR-US: IAPR COMMENCE -CVE-2007-6146 +CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Win ...) NOT-FOR-US: JP1/File Transmission Server/FTP on windows -CVE-2007-6145 +CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...) NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP -CVE-2007-6144 +CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control i ...) NOT-FOR-US: Xunlei Thunder -CVE-2007-6143 +CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...) NOT-FOR-US: VU Case Manager -CVE-2007-6142 +CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...) NOT-FOR-US: JAF CMS -CVE-2007-6141 +CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 B ...) NOT-FOR-US: vBTube -CVE-2007-6140 +CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...) NOT-FOR-US: Dora Emlak -CVE-2007-6139 +CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1. ...) NOT-FOR-US: Mp3 ToolBox -CVE-2007-6138 +CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows remo ...) NOT-FOR-US: VU Mass Mailer -CVE-2007-6137 +CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 allow ...) NOT-FOR-US: Content Injector -CVE-2007-6136 +CVE-2007-6136 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2 ...) NOT-FOR-US: M2Scripts MySpace Scripts -CVE-2007-6135 +CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSli ...) NOT-FOR-US: PHPSlideShow -CVE-2007-6134 +CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6. ...) NOT-FOR-US: PHPKIT -CVE-2007-6133 +CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...) NOT-FOR-US: DevMass Shopping Cart -CVE-2007-6183 +CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in gtk/sr ...) {DSA-1431-1 DTSA-102-1} - ruby-gnome2 0.16.0-10 (medium; bug #453689) -CVE-2007-6171 +CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine (res_confi ...) - asterisk 1:1.4.15~dfsg-1 (medium) [sarge] - asterisk <not-affected> (Vulnerable code not present) [etch] - asterisk <not-affected> (Vulnerable code not present) -CVE-2007-6170 +CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...) {DSA-1417-1} - asterisk 1:1.4.15~dfsg-1 (medium) -CVE-2007-6150 +CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices ...) - kfreebsd-7 7.0~cvs20080107-1 - kfreebsd-6 6.3~cvs20080107-1 - kfreebsd-5 <removed> (medium; bug #453944) [etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported) CVE-2007-6132 REJECTED -CVE-2007-6131 +CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...) - scanbuttond 0.2.3-6 (unimportant; bug #453239) NOTE: this is just an example script, maintainer adds a note about it NOTE: 0.2.3-6 adds a security note about this script -CVE-2007-6130 +CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, wh ...) - gnump3d 3.0-1 (medium) [sarge] - gnump3d <not-affected> (Vulnerable code not present) [etch] - gnump3d <not-affected> (Vulnerable code not present) -CVE-2007-6129 +CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...) NOT-FOR-US: Amber script -CVE-2007-6128 +CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 all ...) NOT-FOR-US: WorkingOnWeb -CVE-2007-6127 +CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ear ...) NOT-FOR-US: Alumni -CVE-2007-6126 +CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni ...) NOT-FOR-US: Alumni -CVE-2007-6125 +CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers ...) NOT-FOR-US: Softbiz Freelancers Script -CVE-2007-6124 +CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Free ...) NOT-FOR-US: Softbiz Freelancers Script -CVE-2007-6123 +CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...) NOT-FOR-US: IRC Services -CVE-2007-6122 +CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before 5.0.6 ...) NOT-FOR-US: IRC Services -CVE-2007-6110 +CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 ...) {DSA-1429-1} - htdig 1:3.2.0b6-4 (low; bug #453278) [sarge] - htdig <not-affected> (Vulnerable code not present) -CVE-2007-6109 +CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...) {DTSA-98-1 DTSA-99-1} - emacs22 22.1+1-2.2 (bug #455432) - emacs21 21.4a+1-5.2 (bug #455433) @@ -1537,66 +1537,66 @@ CVE-2007-6108 RESERVED CVE-2007-6107 RESERVED -CVE-2007-6106 +CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 ...) NOT-FOR-US: AlstraSoft E-Friends -CVE-2007-6105 +CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 a ...) NOT-FOR-US: TalkBack -CVE-2007-6104 +CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...) NOT-FOR-US: FileMaker Pro -CVE-2007-6103 +CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) ...) - ihu 0.5.6-3.1 (unimportant; bug #453280) NOTE: Would only terminate normal phone call by hanging up, not a real security bug -CVE-2007-6102 +CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2J ...) NOT-FOR-US: feed2js -CVE-2007-6101 +CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to c ...) NOT-FOR-US: Ability Mail Server -CVE-2007-6100 +CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth ...) - phpmyadmin 4:2.11.2.2-1 [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2007-6099 +CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParato ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6098 +CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log tru ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6097 +CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate Firewal ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6096 +CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6095 +CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6094 +CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0 ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6093 +CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6092 +CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParat ...) NOT-FOR-US: Ingate Firewall Siparator -CVE-2007-6091 +CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Ba ...) NOT-FOR-US: JiRo's Banner System (JBS) -CVE-2007-6090 +CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...) NOT-FOR-US: Nuked-Klan -CVE-2007-6089 +CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...) NOT-FOR-US: meBiblio -CVE-2007-6088 +CVE-2007-6088 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...) NOT-FOR-US: phpBBViet -CVE-2007-6087 +CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in Vigile ...) NOT-FOR-US: VigileCMS -CVE-2007-6086 +CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...) NOT-FOR-US: VigileCMS -CVE-2007-6085 +CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...) NOT-FOR-US: VigileCMS -CVE-2007-6084 +CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts ...) NOT-FOR-US: HotScripts Clone script -CVE-2007-6083 +CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...) NOT-FOR-US: IceBB -CVE-2007-6082 +CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in Sciu ...) NOT-FOR-US: Sciurus Hosting Panel -CVE-2007-6081 +CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...) NOT-FOR-US: Windows -CVE-2007-6080 +CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the banner ...) NOT-FOR-US: bcoos -CVE-2007-6079 +CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos 1.0.1 ...) NOT-FOR-US: bcoos -CVE-2007-6078 +CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote a ...) NOT-FOR-US: SkyPortal CVE-2007-6076 RESERVED @@ -1616,7 +1616,7 @@ CVE-2007-6069 RESERVED CVE-2007-6068 RESERVED -CVE-2007-6067 +CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 @@ -1631,138 +1631,138 @@ CVE-2007-6065 RESERVED CVE-2007-6064 RESERVED -CVE-2007-6063 +CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1} - linux-2.6 2.6.23-2 -CVE-2007-6062 +CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...) - ngircd 0.10.3-1 (bug #451875) [etch] - ngircd 0.10.0-2etch1 -CVE-2007-6061 +CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name w ...) - audacity 1.3.4-1.1 (bug #453283; low) [etch] - audacity <no-dsa> (Minor issue) -CVE-2007-6060 +CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a f ...) NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum CVE-2007-6059 NOT-FOR-US: Javamail -CVE-2007-6058 +CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 ...) NOT-FOR-US: ProfileCMS -CVE-2007-6057 +CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm Socia ...) NOT-FOR-US: datecomm Social Networking Script -CVE-2007-6056 +CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a ...) NOT-FOR-US: Aida-Web -CVE-2007-6055 +CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) - liferay-portal <itp> (bug #569819) -CVE-2007-6054 +CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the mana ...) NOT-FOR-US: Aruba 800 Mobility Controller -CVE-2007-6053 +CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large ...) NOT-FOR-US: IBM DB2 -CVE-2007-6052 +CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggre ...) NOT-FOR-US: IBM DB2 -CVE-2007-6051 +CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1 ...) NOT-FOR-US: IBM DB2 -CVE-2007-6050 +CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak ...) NOT-FOR-US: IBM DB2 -CVE-2007-6049 +CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB ...) NOT-FOR-US: IBM DB2 -CVE-2007-6048 +CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...) NOT-FOR-US: IBM DB2 -CVE-2007-6047 +CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 befor ...) NOT-FOR-US: IBM DB2 -CVE-2007-6046 +CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 UD ...) NOT-FOR-US: IBM DB2 -CVE-2007-6045 +CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...) NOT-FOR-US: IBM DB2 -CVE-2007-6044 +CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unkn ...) NOT-FOR-US: IBM WebSphere -CVE-2007-6043 +CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates predic ...) NOT-FOR-US: Windows -CVE-2007-6042 +CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Co ...) NOT-FOR-US: SWSoft Confixx Professional -CVE-2007-6041 +CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in sequencer.c ...) NOT-FOR-US: Rigs of Rods (RoR) -CVE-2007-6040 +CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to caus ...) NOT-FOR-US: Belkin F5D7230-4 Wireless G Router -CVE-2007-6039 +CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ...) - php5 5.2.5-1 (unimportant; bug #453295) NOTE: Not a vulnerability per Debian PHP security policy, requires malicious NOTE: script to trigger this issue -CVE-2007-6077 +CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails 1 ...) - rails 1.2.6-1 (low; bug #452748) -CVE-2007-6111 +CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [etch] - wireshark <not-affected> (Vulnerable code not present) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6112 +CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.9 ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (medium; bug #452381) [etch] - wireshark <not-affected> (Vulnerable code not present) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6113 +CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly ...) {DTSA-92-1} - wireshark 0.99.6pre1-1 (low) [etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very intrusive backport) -CVE-2007-6114 +CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 thro ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (medium; bug #452381) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6115 +CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethe ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (medium; bug #452381) [etch] - wireshark <not-affected> (Vulnerable code not present) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6116 +CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99 ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [etch] - wireshark <not-affected> (Vulnerable code not present) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6117 +CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark (formerl ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (bug #452381) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6118 +CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) -CVE-2007-6119 +CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [etch] - wireshark <not-affected> (Vulnerable code not present) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6120 +CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0. ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-6121 +CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) -CVE-2007-6038 +CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the ...) NOT-FOR-US: Joomla! extension -CVE-2007-6037 +CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in ...) NOT-FOR-US: Citrix NetScaler -CVE-2007-6036 +CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...) NOT-FOR-US: LIVE555 Media Server CVE-2007-6034 REJECTED -CVE-2007-6033 +CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure p ...) NOT-FOR-US: Invensys Wonderware InTouch -CVE-2007-6032 +CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web Publish ...) NOT-FOR-US: Aleris Web Publishing Server -CVE-2007-6031 +CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attack ...) NOT-FOR-US: VanDyke VShell -CVE-2007-6030 +CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknow ...) NOT-FOR-US: Weird Solutions BOOTPTurbo -CVE-2007-6029 +CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote at ...) NOTE: this information is based upon a vague advisory by a vulnerability NOTE: information sales organization that does not coordinate with vendors or NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is NOTE: not disclosed it would be hard to fix and track it. -CVE-2007-6028 +CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL Ac ...) NOT-FOR-US: ComponentOne FlexGrid -CVE-2007-6027 +CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the ...) NOT-FOR-US: Joomla! extension -CVE-2007-6026 +CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka M ...) NOT-FOR-US: Microsoft Jet Engine -CVE-2007-6025 +CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 a ...) - wpasupplicant 0.6.0-4 [etch] - wpasupplicant <not-affected> (Vulnerable code not present) [sarge] - wpasupplicant <not-affected> (Vulnerable code not present) @@ -1772,137 +1772,137 @@ CVE-2007-6023 RESERVED CVE-2007-6022 RESERVED -CVE-2007-6021 +CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows u ...) NOT-FOR-US: Adobe PageMaker -CVE-2007-6020 +CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...) NOT-FOR-US: KeyView -CVE-2007-6019 +CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, al ...) - flashplugin-nonfree 1:1.4 -CVE-2007-6018 +CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...) {DSA-1470-1} - horde3 3.1.6-1 (bug #461131; low) - imp4 <not-affected> (xss.php is only present in horde3 package) -CVE-2007-6017 +CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in th ...) NOT-FOR-US: Symantec Backup Exec -CVE-2007-6016 +CVE-2007-6016 (Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar. ...) NOT-FOR-US: Symantec Backup Exec -CVE-2007-6015 +CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in S ...) {DSA-1427-1 DTSA-100-1} - samba 3.0.28-1 (high) -CVE-2007-6014 +CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ear ...) NOT-FOR-US: Beehive Forum -CVE-2007-6013 +CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash o ...) - wordpress 2.5.0-1 (low; bug #452251) [etch] - wordpress <no-dsa> (Minor issue) NOTE: if untrusted people are allowed to read the database they could still NOTE: crack the hash with more work, so maybe this is unimportant? -CVE-2007-6012 +CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 ...) NOT-FOR-US: DocuSafe -CVE-2007-6035 +CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...) {DSA-1418-1} - cacti 0.8.7a-1 (medium; bug #452085) -CVE-2007-6011 +CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System b ...) NOT-FOR-US: BugHotel -CVE-2007-6010 +CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allow ...) {DTSA-89-1} - pioneers 0.11.3-2 (low; bug #449541) [etch] - pioneers <no-dsa> (Minor issue) -CVE-2007-6009 +CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote a ...) NOT-FOR-US: ACD products -CVE-2007-6008 +CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (fo ...) NOT-FOR-US: Autonomy -CVE-2007-6007 +CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manage ...) NOT-FOR-US: Pro Photo Manager -CVE-2007-6006 +CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization me ...) NOT-FOR-US: TestLink -CVE-2007-6005 +CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX c ...) NOT-FOR-US: WebEx -CVE-2007-6004 +CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...) NOT-FOR-US: Toko Instan -CVE-2007-6003 +CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Th ...) NOT-FOR-US: SpeedTouch -CVE-2007-6002 +CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.1 ...) NOT-FOR-US: Fenriru -CVE-2007-6001 +CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ba ...) - bandersnatch <removed> (low; bug #435709) -CVE-2007-6000 +CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a den ...) - kdebase <unfixed> (unimportant; bug #451794) NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer NOTE: it seems konqueror only treats the cookie value until some special length NOTE: as cookie, after this length it will open the rest as site content. This eats alot NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after NOTE: no memory is left, not treated as security problem. -CVE-2007-5999 +CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions Sc ...) NOT-FOR-US: Softbiz -CVE-2007-5998 +CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus S ...) NOT-FOR-US: Softbiz -CVE-2007-5997 +CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner Ex ...) NOT-FOR-US: Softbiz Banner Exchange Network Script -CVE-2007-5996 +CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link Direct ...) NOT-FOR-US: Softbiz Link Directory Script -CVE-2007-5995 +CVE-2007-5995 (PHP remote file inclusion vulnerability in examples/patExampleGen/bbco ...) NOT-FOR-US: patBBcode -CVE-2007-5994 +CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz ...) NOT-FOR-US: php photo album -CVE-2007-5993 +CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in Li ...) NOT-FOR-US: vtls -CVE-2007-5992 +CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...) NOT-FOR-US: Social Networking Script -CVE-2007-5991 +CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote a ...) NOT-FOR-US: ExoPHPdesk -CVE-2007-5990 +CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote a ...) NOT-FOR-US: ExoPHPdesk -CVE-2007-5989 +CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...) NOT-FOR-US: Skype -CVE-2007-5988 +CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user acc ...) NOT-FOR-US: BtiTracker -CVE-2007-5987 +CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is disabl ...) NOT-FOR-US: BtiTracker -CVE-2007-5986 +CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker bef ...) NOT-FOR-US: BtiTracker -CVE-2007-5985 +CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker befo ...) NOT-FOR-US: BtiTracker -CVE-2007-5984 +CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 a ...) NOT-FOR-US: AutoIndex -CVE-2007-5983 +CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstr ...) NOT-FOR-US: AutoIndex -CVE-2007-5982 +CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, ...) NOT-FOR-US: X7 Chat -CVE-2007-5981 +CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which ...) NOT-FOR-US: Lantronix -CVE-2007-5980 +CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog be ...) NOT-FOR-US: eggblog -CVE-2007-5979 +CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...) NOT-FOR-US: F5 Firepass -CVE-2007-5978 +CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module fo ...) NOT-FOR-US: XOOPS -CVE-2007-5977 +CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmi ...) - phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2007-5976 +CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11 ...) - phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465) -CVE-2007-5975 +CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) T ...) NOT-FOR-US: TBSource -CVE-2007-5974 +CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote a ...) NOT-FOR-US: JPortal -CVE-2007-5973 +CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and earli ...) NOT-FOR-US: JPortal -CVE-2007-5972 +CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in lib/k ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: potential attackers must have privileges to store the krb5kdc master key NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html -CVE-2007-5971 +CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 functi ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html -CVE-2007-5970 +CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authent ...) - mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer) - mysql-dfsg-4.1 <removed> - mysql-dfsg <removed> NOTE: version in experimental is affected by this NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377 -CVE-2007-5969 +CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x be ...) {DSA-1451-1} - mysql-dfsg-5.0 5.0.45-4 (low; bug #455010) - mysql-dfsg-4.1 <removed> @@ -1910,196 +1910,196 @@ CVE-2007-5968 REJECTED CVE-2007-5967 RESERVED -CVE-2007-5966 +CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...) {DSA-1436-1} - linux-2.6 2.6.23-2 -CVE-2007-5965 +CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verif ...) - qt4-x11 4.3.3-1 [etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3) - qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3) -CVE-2007-5964 +CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, suc ...) - autofs 3.1.4-8 (medium) - autofs5 5.0.3-1 -CVE-2007-5963 +CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a den ...) - kdebase <unfixed> (unimportant) NOTE: This has only theoretical security impact -CVE-2007-5962 +CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...) - vsftpd <not-affected> (Vulnerability in Red Hat-specific patch) -CVE-2007-5961 +CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network channe ...) NOT-FOR-US: Red Hat Network channel search feature -CVE-2007-5960 +CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ...) {DSA-1506-1 DSA-1425-1 DSA-1424-1} - iceweasel 2.0.0.10-1 - iceape 1.1.7-1 - xulrunner 1.8.1.11-1 NOTE: MFSA2007-39 -CVE-2007-5959 +CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1506-1 DSA-1425-1 DSA-1424-1} - iceweasel 2.0.0.10-1 - iceape 1.1.7-1 - xulrunner 1.8.1.11-1 NOTE: MFSA2007-38 -CVE-2007-5958 +CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the existen ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 -CVE-2007-5957 +CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.T ...) NOT-FOR-US: IBM Informix Dynamic Server -CVE-2007-5956 +CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: IBM Informix Dynamic Server -CVE-2007-5955 +CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET bef ...) NOT-FOR-US: UPDIR.NET -CVE-2007-5954 +CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo Sy ...) NOT-FOR-US: JLMForo System -CVE-2007-5953 +CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...) NOT-FOR-US: Really Simple CalDAV Store -CVE-2007-5952 +CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...) NOT-FOR-US: Helios Calendar -CVE-2007-5951 +CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows re ...) NOT-FOR-US: E-Vendejo -CVE-2007-5950 +CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...) NOT-FOR-US: NetCommons -CVE-2007-5949 +CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6. ...) NOT-FOR-US: IBM Tivoli Service Desk -CVE-2007-5948 +CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF- ...) NOT-FOR-US: SF-Shoutbox -CVE-2007-5947 +CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...) {DSA-1506-1 DSA-1425-1 DSA-1424-1} - iceweasel 2.0.0.10-1 (low; bug #451624) - iceape 1.1.7-1 - xulrunner 1.8.1.11-1 NOTE: MFSA2007-37 -CVE-2007-5946 +CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11. ...) NOT-FOR-US: HP-UX -CVE-2007-5945 +CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of reposito ...) NOT-FOR-US: usvn -CVE-2007-5944 +CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Conta ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-5943 +CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a me ...) NOT-FOR-US: Simple Machines Forum -CVE-2007-5942 +CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive informati ...) - bandersnatch <removed> (unimportant; bug #451365) NOTE: Installation path disclosure not treated as a security issue -CVE-2007-5941 +CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adob ...) NOT-FOR-US: Adobe Shockwave -CVE-2007-5940 +CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...) - texlive-bin 2005.dfsg.2-1 - feynmf 1.08-1 -CVE-2007-5939 +CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...) - heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok) -CVE-2007-5938 +CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1. ...) - linux-2.6 2.6.23-2 [etch] - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch -CVE-2007-5937 +CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2 ...) - texlive-bin 2007-13 [etch] - texlive-bin <no-dsa> (Minor issue) -CVE-2007-5936 +CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to obta ...) - texlive-bin 2007-13 [etch] - texlive-bin <no-dsa> (Minor issue) -CVE-2007-5935 +CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 200 ...) {DTSA-97-1} - texlive-bin 2007.dfsg.1-1 [etch] - texlive-bin <no-dsa> (Minor issue) -CVE-2007-5934 +CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...) - php-mdb2 2.5.0b2-1 -CVE-2007-5933 +CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...) {DTSA-89-1} - pioneers 0.11.3-2 (low; bug #449541) [etch] - pioneers <no-dsa> (Minor issue) -CVE-2007-5932 +CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...) NOT-FOR-US: Fatwire Content Server -CVE-2007-5931 +CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in Oran ...) NOT-FOR-US: OrangeHRM -CVE-2007-5930 +CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in Cerbe ...) NOT-FOR-US: Cerberus Ftp Server -CVE-2007-5929 +CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote auth ...) NOT-FOR-US: OpenBase -CVE-2007-5928 +CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to trigg ...) NOT-FOR-US: OpenBase -CVE-2007-5927 +CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier allow ...) NOT-FOR-US: OpenBase -CVE-2007-5926 +CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to execu ...) NOT-FOR-US: OpenBase -CVE-2007-5925 +CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the In ...) {DSA-1413-1 DTSA-91-1} - mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235) - mysql-dfsg-4.1 <removed> - mysql-dfsg <removed> -CVE-2007-5924 +CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-5923 +CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in ...) NOT-FOR-US: eTrust SiteMinder Agent -CVE-2007-5922 +CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloade ...) - ircii-pana <not-affected> (Does not ship this script) -CVE-2007-5921 +CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...) NOT-FOR-US: Solaris -CVE-2007-5920 +CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...) NOT-FOR-US: Domenico Mancini PicoFlat CMS -CVE-2007-5919 +CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web r ...) NOT-FOR-US: MyWebFTP -CVE-2007-5918 +CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS ...) NOT-FOR-US: MS TopSites -CVE-2007-5917 +CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in admin/admin_account ...) NOT-FOR-US: Skalinks -CVE-2007-5916 +CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 al ...) NOT-FOR-US: phphelpdesk -CVE-2007-5915 +CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 a ...) NOT-FOR-US: phphelpdesk -CVE-2007-5914 +CVE-2007-5914 (Direct static code injection vulnerability in dirsys/modules/config/po ...) NOT-FOR-US: JBC Explorer -CVE-2007-5913 +CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not ...) NOT-FOR-US: JBC Explorer -CVE-2007-5912 +CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote a ...) NOT-FOR-US: jPORTAL -CVE-2007-5911 +CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX cont ...) NOT-FOR-US: Viewpoint Media Player -CVE-2007-5910 +CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView View ...) NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others -CVE-2007-5909 +CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...) NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others CVE-2007-5908 REJECTED -CVE-2007-5907 +CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from applicatio ...) - xen-3 3.1.2-1 (unimportant; bug #451626) - xen-3.0 <removed> (unimportant) NOTE: CONFIG_SECCOMP isn't activated in Debian kernels -CVE-2007-5906 +CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of servi ...) - xen-3 3.1.2-1 (medium; bug #451626) - xen-3.0 <removed> -CVE-2007-5905 +CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...) NOT-FOR-US: Adobe ColdFusion -CVE-2007-5904 +CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earli ...) {DSA-1428-1} - linux-2.6 2.6.24-1 - linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24) NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3 CVE-2007-5903 RESERVED -CVE-2007-5902 +CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in lib/rpc/ ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html -CVE-2007-5901 +CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in lib ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html -CVE-2007-5900 +CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms co ...) NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch NOTE: from CVS and later re-introduction NOTE: http://bugs.php.net/bug.php?id=41561 -CVE-2007-5899 +CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...) {DSA-1444-1} - php5 5.2.5-1 (bug #453295) NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch NOTE: fixed in php5/etch svn -CVE-2007-5898 +CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...) {DSA-1444-1} - php5 5.2.5-1 (bug #453295) NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch NOTE: fixed in php5/etch svn -CVE-2007-5897 +CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...) NOT-FOR-US: Oracle -CVE-2007-5896 +CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of s ...) - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-5895 @@ -2108,19 +2108,19 @@ CVE-2007-5894 - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html -CVE-2007-5893 +CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote a ...) NOT-FOR-US: Sockets Library -CVE-2007-5892 +CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReade ...) NOT-FOR-US: SSReader -CVE-2007-5891 +CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...) NOT-FOR-US: ManageEngine OpManager and OpManager -CVE-2007-5890 +CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows ...) NOT-FOR-US: easyGB -CVE-2007-5889 +CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha ...) NOT-FOR-US: IDMOS -CVE-2007-5888 +CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in Copper ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-5887 +CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...) NOT-FOR-US: ASP Message Board CVE-2007-5886 RESERVED @@ -2168,255 +2168,255 @@ CVE-2007-5865 RESERVED CVE-2007-5864 RESERVED -CVE-2007-5863 +CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ex ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-5862 +CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypas ...) NOT-FOR-US: Cisco IP Phone 7940 -CVE-2007-5861 +CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allow ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-5860 +CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allo ...) NOT-FOR-US: Spin Tracer (Apple Mac OS X) -CVE-2007-5859 +CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allo ...) NOT-FOR-US: Safari RSS (Apple Mac OS X) -CVE-2007-5858 +CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 thro ...) NOT-FOR-US: Safari (Apple Mac OS X) -CVE-2007-5857 +CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from acce ...) NOT-FOR-US: Quick Look (Apple Mac OS X) -CVE-2007-5856 +CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does n ...) NOT-FOR-US: Quick Look (Apple Mac OS X) -CVE-2007-5855 +CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has be ...) NOT-FOR-US: Mail (Apple Mac OS X) -CVE-2007-5854 +CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HT ...) NOT-FOR-US: Launch Services (Apple Mac OS X) -CVE-2007-5853 +CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4. ...) NOT-FOR-US: IO Storage Family (Apple Mac OS X) CVE-2007-5852 RESERVED -CVE-2007-5851 +CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attacke ...) NOT-FOR-US: iChat (Apple Mac OS X) -CVE-2007-5850 +CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4. ...) NOT-FOR-US: Desktop Services (Apple Mac OS X) -CVE-2007-5849 +CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...) {DSA-1437-1} - cupsys 1.3.5-1 (medium; bug #457453) - cups 1.3.5-1 (medium; bug #457453) [sarge] - cupsys <not-affected> (Vulnerable code not present) -CVE-2007-5848 +CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin u ...) - cupsys 1.2.0 - cups 1.2.0 NOTE: This only affects the Cups 1.1 series [sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop) -CVE-2007-5847 +CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in Cor ...) NOT-FOR-US: Core Foundation (Apple Mac OS X) -CVE-2007-5846 +CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote a ...) {DSA-1483-1 DTSA-88-1} - net-snmp 5.4.1~dfsg-1 NOTE: 5.4.1 already includes a fix by the upstream author -CVE-2007-5845 +CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...) NOT-FOR-US: GuppY -CVE-2007-5844 +CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 a ...) NOT-FOR-US: GuppY -CVE-2007-5843 +CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in scWi ...) NOT-FOR-US: scWiki -CVE-2007-5842 +CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1. ...) NOT-FOR-US: Vortex Portal -CVE-2007-5841 +CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard ...) NOT-FOR-US: nuBoard -CVE-2007-5840 +CVE-2007-5840 (PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.i ...) NOT-FOR-US: SyndeoCMS -CVE-2007-5838 +CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 a ...) NOT-FOR-US: Symantec -CVE-2007-5837 +CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, a ...) {DSA-1477-1} - yarssr 0.2.2-3 (bug #448721) -CVE-2007-5836 +CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...) NOT-FOR-US: Amazing Flash AFCommerce -CVE-2007-5835 +CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...) NOT-FOR-US: BosDev BosNews -CVE-2007-5834 +CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows re ...) NOT-FOR-US: BosDev BosNews -CVE-2007-5833 +CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarke ...) NOT-FOR-US: BosDev BosMarket Business Directory System -CVE-2007-5832 +CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...) NOT-FOR-US: SSL-Explorer -CVE-2007-5831 +CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer bef ...) NOT-FOR-US: SSL-Explorer -CVE-2007-5830 +CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya Mes ...) NOT-FOR-US: Avaya Messaging Storage Server -CVE-2007-5829 +CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10. ...) NOT-FOR-US: Symantec AntiVirus CVE-2007-5828 - python-django 1.2.1 (unimportant) NOTE: this is documented in docs/csrf.txt included in the python-django package and NOTE: there is a plugin enabling this feature. This is intended behaviour pre-1.2. NOTE: https://docs.djangoproject.com/en/1.10/ref/csrf/#using-csrf -CVE-2007-5827 +CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...) {DTSA-106-1} - iscsitarget 0.4.15-5 (bug #448873) NOTE: init script has "dump" function, which marks conffile correctly -CVE-2007-5826 +CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX c ...) NOT-FOR-US: EDraw Flowchart -CVE-2007-5825 +CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c i ...) {DSA-1597-1} - mt-daapd 0.9~r1696-1 (bug #459961) -CVE-2007-5824 +CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allo ...) {DSA-1597-1} - mt-daapd 0.9~r1696-1.1 (bug #459961) -CVE-2007-5823 +CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 an ...) NOT-FOR-US: Ben Ng Scribe -CVE-2007-5822 +CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng Scri ...) NOT-FOR-US: Ben Ng Scribe -CVE-2007-5821 +CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...) NOT-FOR-US: DM Guestbook -CVE-2007-5820 +CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS (Ax ...) NOT-FOR-US: Ax Developer CMS -CVE-2007-5819 +CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...) NOT-FOR-US: IBM Tivoli -CVE-2007-5818 +CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...) NOT-FOR-US: sBlog -CVE-2007-5817 +CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...) NOT-FOR-US: CONTENTCustomizer -CVE-2007-5816 +CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...) NOT-FOR-US: CONTENTCustomizer -CVE-2007-5815 +CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX c ...) NOT-FOR-US: WebCacheCleaner -CVE-2007-5814 +CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunc ...) NOT-FOR-US: SonicWall SSL-VPN NetExtender -CVE-2007-5813 +CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ISPwor ...) NOT-FOR-US: ISPworker -CVE-2007-5812 +CVE-2007-5812 (Directory traversal vulnerability in modules/Builder/DownloadModule.ph ...) NOT-FOR-US: ModuleBuilder CVE-2007-5811 NOT-FOR-US: phpMyConferences -CVE-2007-5810 +CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminex ...) NOT-FOR-US: Hitachi Web Server -CVE-2007-5809 +CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 t ...) NOT-FOR-US: Hitachi Web Server -CVE-2007-5808 +CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule com ...) NOT-FOR-US: Hitachi Groupmax Collaboration Portal -CVE-2007-5807 +CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...) NOT-FOR-US: SSReader -CVE-2007-5806 +CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in Services/Utilities/classes ...) NOT-FOR-US: ILIAS -CVE-2007-5805 +CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) NOT-FOR-US: IBM AIX -CVE-2007-5804 +CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) NOT-FOR-US: IBM AIX -CVE-2007-5803 +CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...) {DSA-1883-2 DSA-1883-1} - nagios2 <removed> (low; bug #482445) - nagios3 3.0.2-1 (low; bug #485439) -CVE-2007-5802 +CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf Technologie ...) NOT-FOR-US: Firewolf Technologies Synergiser -CVE-2007-5801 +CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has u ...) NOT-FOR-US: WORK system e-commerce -CVE-2007-5800 +CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPr ...) NOT-FOR-US: BackUpWordPress -CVE-2007-5799 +CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/ ...) NOT-FOR-US: IBM WebSphere -CVE-2007-5798 +CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigat ...) NOT-FOR-US: IBM WebSphere -CVE-2007-5797 +CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ex ...) - geronimo <itp> (bug #481869) -CVE-2007-5796 +CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: Blue Coat ProxySG -CVE-2007-5794 +CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...) {DSA-1430-1} - libnss-ldap 256-1 (bug #453868) -CVE-2007-5839 +CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local user ...) - ircii-pana <removed> (low; bug #449149) [etch] - ircii-pana <no-dsa> (Minor issue) [sarge] - ircii-pana <no-dsa> (Minor issue) -CVE-2007-5795 +CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when enable-lo ...) {DTSA-79-1} - emacs22 22.1+1-2.1 (medium; bug #449008) NOTE: Emacs 21 is not affected -CVE-2007-5793 +CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/ ...) NOT-FOR-US: Stonesoft StoneGate IPS -CVE-2007-5792 +CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP pack ...) NOT-FOR-US: Vonage Motorola Phone Adapter -CVE-2007-5791 +CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify ...) NOT-FOR-US: Vonage Motorola Phone Adapter -CVE-2007-5790 +CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequ ...) NOT-FOR-US: Globe7 soft phone client -CVE-2007-5789 +CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial o ...) NOT-FOR-US: Grandstream HT-488 -CVE-2007-5788 +CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...) NOT-FOR-US: Grandstream HT-488 -CVE-2007-5787 +CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...) NOT-FOR-US: Micro Login System -CVE-2007-5786 +CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 al ...) NOT-FOR-US: GoSamba -CVE-2007-5785 +CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 al ...) NOT-FOR-US: JobSite -CVE-2007-5784 +CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro ...) NOT-FOR-US: CaupoShop Pro -CVE-2007-5783 +CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows re ...) NOT-FOR-US: emagiC cms -CVE-2007-5782 +CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows r ...) NOT-FOR-US: FireConfig -CVE-2007-5781 +CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0 ...) NOT-FOR-US: Sige -CVE-2007-5780 +CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in t ...) NOT-FOR-US: teatro -CVE-2007-5779 +CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in ...) NOT-FOR-US: Gretech Online Movie Player -CVE-2007-5778 +CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the Retinax ...) NOT-FOR-US: Mobile Spy -CVE-2007-5777 +CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information und ...) NOT-FOR-US: Blue-Collar Productions i-Gallery -CVE-2007-5776 +CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar Produ ...) NOT-FOR-US: Blue-Collar Productions i-Gallery -CVE-2007-5775 +CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute a ...) NOT-FOR-US: BitDefender -CVE-2007-5774 +CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote attac ...) NOT-FOR-US: Flatnuke -CVE-2007-5773 +CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the Fi ...) NOT-FOR-US: Flatnuke -CVE-2007-5772 +CVE-2007-5772 (Direct static code injection vulnerability in the download module in F ...) NOT-FOR-US: Flatnuke -CVE-2007-5771 +CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrat ...) NOT-FOR-US: Flatnuke -CVE-2007-5770 +CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, an ...) {DSA-1412-1 DSA-1411-1 DSA-1410-1} - ruby1.9 1.9.0+20071016-1 - ruby1.8 1.8.6.111-1 (low; bug #451374) -CVE-2007-5769 +CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit ...) - netkit-ftp <not-affected> (Vulnerable code not present) -CVE-2007-5768 +CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password informati ...) NOT-FOR-US: Globe7 soft phone client -CVE-2007-5767 +CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application (clntrust.e ...) NOT-FOR-US: Geronimo Apache -CVE-2007-5766 +CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 1 ...) NOT-FOR-US: Oracle CVE-2007-5765 RESERVED -CVE-2007-5764 +CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...) NOT-FOR-US: IBM AIX CVE-2007-5763 REJECTED -CVE-2007-5762 +CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, al ...) NOT-FOR-US: Novell NetWare Client -CVE-2007-5761 +CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 h ...) NOT-FOR-US: Motorola netOctopus -CVE-2007-5760 +CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver befor ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 CVE-2007-5759 REJECTED -CVE-2007-5758 +CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration Ser ...) NOT-FOR-US: IBM DB2 -CVE-2007-5757 +CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal Data ...) NOT-FOR-US: IBM DB2 -CVE-2007-5756 +CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...) NOT-FOR-US: WinPcap -CVE-2007-5755 +CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...) NOT-FOR-US: AOL Radio -CVE-2007-5754 +CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...) NOT-FOR-US: phpFaber -CVE-2007-5753 +CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) befor ...) NOT-FOR-US: Light FMan PHP -CVE-2007-5752 +CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does ...) NOT-FOR-US: PHP-AGTC Membership CVE-2007-5750 RESERVED @@ -2424,13 +2424,13 @@ CVE-2007-5749 RESERVED CVE-2007-5748 RESERVED -CVE-2007-5747 +CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 -CVE-2007-5746 +CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 -CVE-2007-5745 +CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allo ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 CVE-2007-5744 @@ -2438,197 +2438,197 @@ CVE-2007-5744 CVE-2007-5743 RESERVED - viewvc 1.0.3-2.1 (bug #416696) -CVE-2007-5742 +CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for W ...) {DSA-1421-1 DTSA-90-1} - wesnoth 1:1.2.8-1 (medium; bug #453500) -CVE-2007-5741 +CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...) {DSA-1405-2 DSA-1405-1} - zope-cmfplone 2.5.2-2 (bug #449523) [sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable) NOTE: Fix available: NOTE: http://plone.org/about/security/advisories/cve-2007-5741 -CVE-2007-5740 +CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail Ret ...) {DSA-1398-1 DTSA-84-1} - perdition 1.17.1-1 (medium; bug #448853) -CVE-2007-5751 +CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opm ...) {DTSA-107-1} - liferea 1.4.6-1 (low; bug #448850) [etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7) [sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7) NOTE: this file can contain credentials for rss feeds -CVE-2007-5739 +CVE-2007-5739 (Directory traversal vulnerability in component/flashupload/download.js ...) NOT-FOR-US: Korean GHBoard -CVE-2007-5738 +CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side protect ...) NOT-FOR-US: Korean GHBoard -CVE-2007-5737 +CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in Kore ...) NOT-FOR-US: Korean GHBoard -CVE-2007-5736 +CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 B ...) NOT-FOR-US: SeeBlick -CVE-2007-5735 +CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root w ...) NOT-FOR-US: eFileMan -CVE-2007-5734 +CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows ...) NOT-FOR-US: eFileMan -CVE-2007-5733 +CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in Japanes ...) NOT-FOR-US: Japanese PHP Gallery Hosting -CVE-2007-5732 +CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's Forc ...) NOT-FOR-US: eLouai's Force Download -CVE-2007-5731 +CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...) - slide-webdavclient <not-affected> (Vulnerable code is only in the server part, but debian only has the client part) -CVE-2007-5730 +CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ...) {DSA-1284-1} - qemu 0.9.0-2 (bug #424070) - kvm 72+dfsg-1 - linux-2.6 <not-affected> (vulnerability does not affected kernel module) - linux-2.6.24 <not-affected> (vulnerability does not affected kernel module) -CVE-2007-5729 +CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitr ...) {DSA-1284-1} - qemu 0.9.0-2 (bug #424070) - kvm 72+dfsg-1 - linux-2.6 <not-affected> (vulnerability does not affected kernel module) - linux-2.6.24 <not-affected> (vulnerability does not affected kernel module) -CVE-2007-5728 +CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, a ...) {DSA-1693-1} - phppgadmin 4.1.3-0.1 (bug #449103; low) -CVE-2007-5727 +CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in com ...) NOT-FOR-US: OneOrZero Helpdesk -CVE-2007-5726 +CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol ...) NOT-FOR-US: Sun Solaris -CVE-2007-5725 +CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allo ...) NOT-FOR-US: Smart-Shop -CVE-2007-5724 +CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live a ...) NOT-FOR-US: Omnistar Live -CVE-2007-5723 +CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...) {DTSA-82-1} - nufw 2.2.7-1 (low) [etch] - nufw <not-affected> (Vulnerable code not present) -CVE-2007-5722 +CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...) NOT-FOR-US: GlobalLink -CVE-2007-5721 +CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in My ...) NOT-FOR-US: MySpacePros MySpace Resource Script -CVE-2007-5720 +CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in Profi ...) NOT-FOR-US: ProfileCMS -CVE-2007-5719 +CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...) NOT-FOR-US: miniBB -CVE-2007-5717 +CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded L ...) NOT-FOR-US: Sun Fire -CVE-2007-5716 +CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality ...) NOT-FOR-US: Sun Solaris 10 -CVE-2007-5715 +CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log me ...) - denyhosts 2.6-2 (low) [etch] - denyhosts <no-dsa> (Minor issue) NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch -CVE-2007-5714 +CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account w ...) - mldonkey <not-affected> (Gentoo-specific packaging flaw) -CVE-2007-5713 +CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...) NOT-FOR-US: Half-Life Server -CVE-2007-5712 +CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1 ...) {DSA-1640-1} - python-django 0.96-1.1 (low; bug #448838) -CVE-2007-5711 +CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows remot ...) NOT-FOR-US: Conflict -CVE-2007-5710 +CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.ph ...) - wordpress 2.3.1-1 (unimportant) NOTE: requires register_globals On, which we don't support -CVE-2007-5709 +CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...) NOT-FOR-US: Sony SonicStage CONNECT Player -CVE-2007-5718 +CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...) - vobcopy 1.0.2-1 (low; bug #448319) [etch] - vobcopy <no-dsa> (Minor issue) [sarge] - vobcopy <no-dsa> (Minor issue) -CVE-2007-5706 +CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles Direc ...) NOT-FOR-US: Jeebles -CVE-2007-5705 +CVE-2007-5705 (Unspecified vulnerability in the Settings component in the administrat ...) NOT-FOR-US: Jeebles -CVE-2007-5704 +CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...) NOT-FOR-US: CodeWidgets -CVE-2007-5703 +CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk ...) NOT-FOR-US: RSA KEON -CVE-2007-5702 +CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions ...) NOT-FOR-US: SWAMP OpenSUSE -CVE-2007-5701 +CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) i ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-5700 +CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-5699 +CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security Analyze ...) NOT-FOR-US: eIQNetworks -CVE-2007-5698 +CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark GO ...) NOT-FOR-US: CREApark GOLD KOY PORTALI -CVE-2007-5697 +CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 al ...) NOT-FOR-US: phpImage -CVE-2007-5696 +CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic al ...) NOT-FOR-US: phpBasic -CVE-2007-5695 +CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows rem ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #448690) NOTE: there is no real exploit scenario -CVE-2007-5694 +CVE-2007-5694 (Absolute path traversal vulnerability in the translation module (trans ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #447135) -CVE-2007-5693 +CVE-2007-5693 (Eval injection vulnerability in the translation module (translator.php ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #447135) -CVE-2007-5692 +CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 a ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #448689) -CVE-2007-5691 +CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...) - iceweasel 2.0.0.8-1 (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-5690 - zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763) NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault -CVE-2007-5689 +CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) i ...) - sun-java6 6-03-1 (medium) - sun-java5 1.5.0-13-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5688 +CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the Multi-F ...) NOT-FOR-US: Multi Host Forum Pro -CVE-2007-5687 +CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...) NOT-FOR-US: JustSystems Ichitaro -CVE-2007-5686 +CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...) - shadow <unfixed> (unimportant) NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so NOTE: unknown usernames are not recorded on login failures -CVE-2007-5685 +CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers t ...) NOT-FOR-US: shttp -CVE-2007-5684 +CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and e ...) - tikiwiki <removed> -CVE-2007-5683 +CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8. ...) - tikiwiki <removed> -CVE-2007-5682 +CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWi ...) - tikiwiki <removed> CVE-2007-5681 RESERVED CVE-2007-5680 RESERVED -CVE-2007-5707 +CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of se ...) {DSA-1541-1} - openldap2.3 2.3.38-1 (medium; bug #440632) - openldap2.2 <removed> - openldap2 <not-affected> (slapd not built) -CVE-2007-5708 +CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, w ...) {DSA-1541-1 DTSA-87-1} - openldap2.3 2.3.39-1 (medium; bug #448644) -CVE-2007-2983 +CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer w ...) NOT-FOR-US: British Telecommunications Consumer webhelper -CVE-2007-5679 +CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Be ...) NOT-FOR-US: DM CMS -CVE-2007-5678 +CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows rem ...) NOT-FOR-US: phpBasic -CVE-2007-5677 +CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hac ...) NOT-FOR-US: Hackish -CVE-2007-5676 +CVE-2007-5676 (PHP remote file inclusion vulnerability in modules/Forums/favorites.ph ...) NOT-FOR-US: PHP-Nuke -CVE-2007-5675 +CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm Ap ...) NOT-FOR-US: MultiXTpm Application Server -CVE-2007-5674 +CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ( ...) NOT-FOR-US: InstaGuide Weather -CVE-2007-5673 +CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...) NOT-FOR-US: ifnet WebIf CVE-2007-5672 RESERVED -CVE-2007-5671 +CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...) - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2007-5670 REJECTED @@ -2636,235 +2636,235 @@ CVE-2007-5669 RESERVED CVE-2007-5668 RESERVED -CVE-2007-5667 +CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...) NOT-FOR-US: Novell Client -CVE-2007-5666 +CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 ...) NOT-FOR-US: Adobe Reader -CVE-2007-5665 +CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...) NOT-FOR-US: Novell ZENworks Endpoint Security Management -CVE-2007-5664 +CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal ...) NOT-FOR-US: IBM DB2 -CVE-2007-5663 +CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Adobe Reader CVE-2007-5662 RESERVED -CVE-2007-5661 +CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) Ac ...) NOT-FOR-US: Macrovision InstallShield -CVE-2007-5660 +CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in isu ...) NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008 -CVE-2007-5659 +CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlie ...) NOT-FOR-US: Adobe Reader -CVE-2007-5658 +CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ea ...) NOT-FOR-US: TIBCO SmartSockets RTserver -CVE-2007-5657 +CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...) NOT-FOR-US: TIBCO SmartSockets RTserver -CVE-2007-5656 +CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...) NOT-FOR-US: TIBCO SmartSockets RTserver -CVE-2007-5655 +CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...) NOT-FOR-US: TIBCO SmartSockets RTserver -CVE-2007-5654 +CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger u ...) NOT-FOR-US: LiteSpeed -CVE-2007-5653 +CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do no ...) - php5 <not-affected> (windows only) -CVE-2007-5652 +CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a ...) NOT-FOR-US: IBM DB2 -CVE-2007-5651 +CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol (E ...) NOT-FOR-US: Cisco IOS -CVE-2007-5650 +CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 all ...) NOT-FOR-US: ReloadCMS -CVE-2007-5649 +CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Di ...) NOT-FOR-US: Creative Digital Resources SocketMail -CVE-2007-5648 +CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rN ...) NOT-FOR-US: rnote -CVE-2007-5647 +CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 ...) NOT-FOR-US: SocketKB -CVE-2007-5646 +CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines F ...) NOT-FOR-US: Simple Machines Forum -CVE-2007-5644 +CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges fo ...) NOT-FOR-US: Lussumo Vanilla -CVE-2007-5643 +CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ea ...) NOT-FOR-US: Lussumo Vanilla -CVE-2007-5642 +CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...) NOT-FOR-US: PHP Project Management -CVE-2007-5641 +CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project Mana ...) NOT-FOR-US: PHP Project Management -CVE-2007-5640 +CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...) NOT-FOR-US: Nortel VOIP products -CVE-2007-5639 +CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...) NOT-FOR-US: Nortel VOIP products -CVE-2007-5638 +CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...) NOT-FOR-US: Nortel VOIP products -CVE-2007-5637 +CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...) NOT-FOR-US: Nortel VOIP products -CVE-2007-5636 +CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote ...) NOT-FOR-US: Nortel VOIP products -CVE-2007-5635 +CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support Incid ...) NOT-FOR-US: Salford Software Support Incident Tracke -CVE-2007-5634 +CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...) NOT-FOR-US: SpeedFan -CVE-2007-5633 +CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...) NOT-FOR-US: SpeedFan -CVE-2007-5632 +CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 th ...) NOT-FOR-US: Solaris -CVE-2007-5631 +CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...) NOT-FOR-US: PeopleAggregator -CVE-2007-5630 +CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.1 ...) NOT-FOR-US: BBsProcesS BBPortalS -CVE-2007-5629 +CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in Shoppin ...) NOT-FOR-US: ShoppingTree CandyPress Store # -CVE-2007-5628 +CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The On ...) NOT-FOR-US: TOWeLS -CVE-2007-5627 +CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php i ...) NOT-FOR-US: Socketmail -CVE-2007-5626 +CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MyS ...) - bacula 5.0.0-1 (unimportant; bug #446809) NOTE: this script needs the default database password and name needs to be set which NOTE: would be a bigger problem in a non-trusted environment. Apart from NOTE: this is documented in the bacula documentation NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected -CVE-2007-5625 +CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site S ...) NOT-FOR-US: Site Search SearchSimon Lite -CVE-2007-5624 +CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 all ...) {DSA-1883-2 DSA-1883-1} - nagios2 2.9-1.1 (low; bug #448371) -CVE-2007-5623 +CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins (nagios-p ...) {DSA-1495-1} - nagios-plugins 1.4.8-2.2 (medium; bug #448372) [sarge] - nagios-plugins <not-affected> (Vulnerable code not present) -CVE-2007-5622 +CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in 3prox ...) NOT-FOR-US: 3proxy -CVE-2007-5621 +CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token modul ...) NOT-FOR-US: Token Drupal NOTE: Token is not included in the drupal packages -CVE-2007-5620 +CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashCha ...) NOT-FOR-US: ZZ:FlashChat -CVE-2007-5619 +CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user pa ...) - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs -CVE-2007-5618 +CVE-2007-5618 (Unquoted Windows search path vulnerability in the Authorization and ot ...) - vmware-package <not-affected> (Only vulnerable on windows hosted systems) [etch] - vmware-package <no-dsa> (Contrib not supported) -CVE-2007-5617 +CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs -CVE-2007-5616 +CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...) NOT-FOR-US: SSH Tectia Client and Server -CVE-2007-5615 +CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows r ...) - jetty 6.1.19-1 (low; bug #454529) -CVE-2007-5614 +CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...) - jetty 6.1.19-1 (low; bug #454529) -CVE-2007-5613 +CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Je ...) - jetty 6.1.19-1 (low; bug #454529) -CVE-2007-5612 +CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers ...) NOT-FOR-US: IBM Director CVE-2007-5611 RESERVED -CVE-2007-5610 +CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr Active ...) NOT-FOR-US: ActiveX control CVE-2007-5609 RESERVED -CVE-2007-5608 +CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX co ...) NOT-FOR-US: ActiveX control -CVE-2007-5607 +CVE-2007-5607 (Buffer overflow in the RegistryString function in the HPISDataManagerL ...) NOT-FOR-US: ActiveX control -CVE-2007-5606 +CVE-2007-5606 (Buffer overflow in the MoveFile function in the HPISDataManagerLib.Dat ...) NOT-FOR-US: ActiveX control -CVE-2007-5605 +CVE-2007-5605 (Buffer overflow in the GetFileTime function in the HPISDataManagerLib. ...) NOT-FOR-US: ActiveX control -CVE-2007-5604 +CVE-2007-5604 (Buffer overflow in the ExtractCab function in the HPISDataManagerLib.D ...) NOT-FOR-US: ActiveX control -CVE-2007-5603 +CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELau ...) NOT-FOR-US: SonicWall SSL-VPN NetExtender -CVE-2007-5602 +CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5 ...) NOT-FOR-US: SwiftView Viewer -CVE-2007-5601 +CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...) NOT-FOR-US: RealPlayer (windows only issue) -CVE-2007-5600 +CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 an ...) NOT-FOR-US: Artmedic CMS -CVE-2007-5599 +CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...) NOT-FOR-US: awrate -CVE-2007-5598 +CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x ...) - drupal5 <not-affected> (bug #447748) - drupal <not-affected> (bug #447746) NOTE: drupal weblinks is not included in the drupal package in debian -CVE-2007-5597 +CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...) - drupal5 5.3-1 - drupal 4.7.8-1 -CVE-2007-5596 +CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...) - drupal5 5.3-1 - drupal 4.7.8-1 -CVE-2007-5595 +CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in includes/c ...) - drupal5 5.3-1 - drupal 4.7.8-1 -CVE-2007-5594 +CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection a ...) - drupal5 5.3-1 - drupal 4.7.8-1 -CVE-2007-5593 +CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ser ...) - drupal5 5.3-1 - drupal 4.7.8-1 -CVE-2007-5592 +CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...) NOT-FOR-US: awzMB -CVE-2007-5591 +CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Ch ...) NOT-FOR-US: Nortel Enterprise VoIP-Core-CS -CVE-2007-5590 +CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote attacke ...) NOT-FOR-US: Miranda -CVE-2007-5588 +CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...) {DTSA-103-1} - mnogosearch 3.3.4-4.1 (low; bug #447753) [sarge] - mnogosearch <no-dsa> (Minor issue) [etch] - mnogosearch <no-dsa> (Minor issue) -CVE-2007-5587 +CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...) NOT-FOR-US: Microsoft Windows CVE-2007-5586 REJECTED -CVE-2007-5585 +CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without xscreensaver-gl-ex ...) {DTSA-83-1} - xscreensaver 5.03-3.1 (medium; bug #448157) [etch] - xscreensaver <not-affected> (Vulnerable code not present) [sarge] - xscreensaver <not-affected> (Vulnerable code not present) -CVE-2007-5584 +CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2 ...) NOT-FOR-US: Cisco -CVE-2007-5583 +CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...) NOT-FOR-US: Cisco IP Phone -CVE-2007-5582 +CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco Ci ...) NOT-FOR-US: Cisco -CVE-2007-5581 +CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/m ...) NOT-FOR-US: Cisco Unified MeetingPlace -CVE-2007-5580 +CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 befo ...) NOT-FOR-US: Cisco -CVE-2007-5589 +CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1403-1} - phpmyadmin 4:2.11.1.2-1 -CVE-2007-5579 +CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when res ...) NOT-FOR-US: Pligg CMS -CVE-2007-5578 +CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirec ...) - acidbase 1.3.8 (low) [etch] - acidbase <no-dsa> (Minor issue) -CVE-2007-5577 +CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! -CVE-2007-5576 +CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterpr ...) NOT-FOR-US: BEA Tuxedo -CVE-2007-5575 +CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allo ...) NOT-FOR-US: 1024 CMS -CVE-2007-5574 +CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 all ...) NOT-FOR-US: PHPDJPHPDJ -CVE-2007-5573 +CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php i ...) - limesurvey <itp> (bug #472802) -CVE-2007-5572 +CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple P ...) NOT-FOR-US: SPHPBlog -CVE-2007-5571 +CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...) NOT-FOR-US: Cisco Firewall Services Module -CVE-2007-5570 +CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...) NOT-FOR-US: Cisco Firewall Services Module -CVE-2007-5569 +CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configure ...) NOT-FOR-US: Cisco -CVE-2007-5568 +CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...) NOT-FOR-US: Cisco -CVE-2007-5567 +CVE-2007-5567 (PHP remote file inclusion vulnerability in _lib/fckeditor/upload_confi ...) - moin <not-affected> (Does not contain the vulnerable code) - karrigell <not-affected> (Does not contain the vulnerable code) - knowledgeroot <not-affected> (Does not contain the vulnerable code) @@ -2872,369 +2872,369 @@ CVE-2007-5566 NOT-FOR-US: PHPBlog CVE-2007-5565 NOT-FOR-US: phpSCMS -CVE-2007-5564 +CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (forme ...) NOT-FOR-US: NSSboard -CVE-2007-5563 +CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote at ...) NOT-FOR-US: VirtueMart -CVE-2007-5562 +CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the l ...) NOT-FOR-US: Netgear firmware -CVE-2007-5561 +CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...) NOT-FOR-US: Oracle -CVE-2007-5560 +CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote a ...) NOT-FOR-US: Juniper HTTP Service -CVE-2007-5559 +CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...) NOT-FOR-US: IBM ThinkVantage TPM Service -CVE-2007-5558 +CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to c ...) NOT-FOR-US: LG Mobile handset -CVE-2007-5557 +CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote atta ...) NOT-FOR-US: NEC mobile handset -CVE-2007-5556 +CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote atta ...) NOT-FOR-US: Avaya VoIP Handset -CVE-2007-5555 +CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution allo ...) NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2007-5554 +CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via cr ...) NOT-FOR-US: Oracle CVE-2007-5553 REJECTED -CVE-2007-5552 +CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute arbit ...) NOT-FOR-US: Cisco -CVE-2007-5551 +CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute arbit ...) NOT-FOR-US: Cisco -CVE-2007-5550 +CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to obta ...) NOT-FOR-US: Cisco -CVE-2007-5549 +CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local us ...) NOT-FOR-US: Cisco -CVE-2007-5548 +CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS all ...) NOT-FOR-US: Cisco -CVE-2007-5547 +CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote at ...) NOT-FOR-US: Cisco -CVE-2007-5546 +CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remot ...) NOT-FOR-US: TIBCO SmartPGM FX -CVE-2007-5545 +CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote attacke ...) NOT-FOR-US: TIBCO SmartPGM FX -CVE-2007-5544 +CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before ...) NOT-FOR-US: IBM Lotus Notes -CVE-2007-5543 +CVE-2007-5543 (Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remot ...) NOT-FOR-US: Miranda -CVE-2007-5542 +CVE-2007-5542 (Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attacker ...) NOT-FOR-US: Miranda -CVE-2007-5541 +CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an "externa ...) NOT-FOR-US: Opera -CVE-2007-5540 +CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...) NOT-FOR-US: Opera -CVE-2007-5539 +CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact Managem ...) NOT-FOR-US: Cisco -CVE-2007-5538 +CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco ...) NOT-FOR-US: Cisco -CVE-2007-5537 +CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 ...) NOT-FOR-US: Cisco -CVE-2007-5536 +CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11. ...) NOT-FOR-US: HP-UX -CVE-2007-5535 +CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown im ...) NOT-FOR-US: RunCms -CVE-2007-5534 +CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft En ...) NOT-FOR-US: Oracle -CVE-2007-5533 +CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle Peop ...) NOT-FOR-US: Oracle -CVE-2007-5532 +CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle Peop ...) NOT-FOR-US: Oracle -CVE-2007-5531 +CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle Ap ...) NOT-FOR-US: Oracle -CVE-2007-5530 +CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle ...) NOT-FOR-US: Oracle -CVE-2007-5529 +CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications ...) NOT-FOR-US: Oracle -CVE-2007-5528 +CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...) NOT-FOR-US: Oracle -CVE-2007-5527 +CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle -CVE-2007-5526 +CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle -CVE-2007-5525 +CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...) NOT-FOR-US: Oracle -CVE-2007-5524 +CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...) NOT-FOR-US: Oracle -CVE-2007-5523 +CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle -CVE-2007-5522 +CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle -CVE-2007-5521 +CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle -CVE-2007-5520 +CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle -CVE-2007-5519 +CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle -CVE-2007-5518 +CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle -CVE-2007-5517 +CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle -CVE-2007-5516 +CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt & Notificatio ...) NOT-FOR-US: Oracle -CVE-2007-5515 +CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle -CVE-2007-5514 +CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) NOT-FOR-US: Oracle -CVE-2007-5513 +CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, an ...) NOT-FOR-US: Oracle -CVE-2007-5512 +CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in Or ...) NOT-FOR-US: Oracle -CVE-2007-5511 +CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database b ...) NOT-FOR-US: Oracle -CVE-2007-5510 +CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager componen ...) NOT-FOR-US: Oracle -CVE-2007-5509 +CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle -CVE-2007-5508 +CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia applic ...) NOT-FOR-US: Oracle -CVE-2007-5507 +CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component ...) NOT-FOR-US: Oracle -CVE-2007-5506 +CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8 ...) NOT-FOR-US: Oracle -CVE-2007-5505 +CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...) NOT-FOR-US: Oracle -CVE-2007-5504 +CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 1 ...) NOT-FOR-US: Oracle -CVE-2007-5503 +CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote a ...) {DSA-1542-1 DTSA-96-1} - libcairo 1.4.10-1.1 (medium; bug #453686) -CVE-2007-5502 +CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does ...) NOT-FOR-US: OpenSSL Fips object module -CVE-2007-5501 +CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux ...) - linux-2.6 2.6.23-1 (high) [etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21) NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38 -CVE-2007-5500 +CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 che ...) {DSA-1428-1} - linux-2.6 2.6.23-2 CVE-2007-5499 REJECTED -CVE-2007-5498 +CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when ...) - xen-unstable <not-affected> (Vulnerable code not present) - xen-3 <not-affected> (Vulnerable code not present) -CVE-2007-5497 +CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 all ...) {DSA-1422-1 DTSA-95-1} - e2fsprogs 1.40.3-1 (bug #454760) -CVE-2007-5496 +CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allow ...) NOT-FOR-US: setroubleshoot -CVE-2007-5495 +CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitr ...) NOT-FOR-US: setroubleshoot -CVE-2007-5494 +CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...) - linux-2.6 <not-affected> (RedHat specific patch) -CVE-2007-5493 +CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...) NOT-FOR-US: Windows Mobile -CVE-2007-5492 +CVE-2007-5492 (Static code injection vulnerability in the translation module (transla ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (bug #447135) -CVE-2007-5491 +CVE-2007-5491 (Directory traversal vulnerability in the translation module (translato ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (bug #447135) -CVE-2007-5490 +CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2. ...) NOT-FOR-US: Okul Otomasyon Portal -CVE-2007-5489 +CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...) NOT-FOR-US: Artmedic CMS -CVE-2007-5487 +CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allo ...) NOT-FOR-US: COWON America jetAudioc -CVE-2007-5486 +CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...) NOT-FOR-US: dotProject -CVE-2007-5485 +CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for Kws ...) NOT-FOR-US: KwsPHP -CVE-2007-5484 +CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows lo ...) NOT-FOR-US: WWWISIS -CVE-2007-5483 +CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such ...) NOT-FOR-US: IBM WebSphere -CVE-2007-5482 +CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTe ...) NOT-FOR-US: Sun firmware -CVE-2007-5481 +CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attacker ...) - dcc <not-affected> (vulnerable code introduced in 1.3.65) -CVE-2007-5480 +CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge Innov ...) NOT-FOR-US: ZInnovaAge InnovaShop -CVE-2007-5479 +CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer al ...) NOT-FOR-US: Xcomputer -CVE-2007-5478 +CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbea ...) NOT-FOR-US: Sbportal -CVE-2007-5477 +CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...) NOT-FOR-US: djeyl.net WebMod -CVE-2007-5476 +CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...) NOT-FOR-US: Opera specific flash vulnerability -CVE-2007-5475 +CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in L ...) NOT-FOR-US: Linksys WAP4400N Wi-Fi access point -CVE-2007-5474 +CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware 2. ...) NOT-FOR-US: Linksys WRT350N Wi-Fi access point -CVE-2007-5473 +CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when runnin ...) - mono <not-affected> (Windows-specific vulnerability) -CVE-2007-5472 +CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...) NOT-FOR-US: HIPS -CVE-2007-5488 +CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk- ...) - asterisk-addons 1.4.4-1 -CVE-2007-5471 +CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUS ...) - libgssapi 0.8-1 -CVE-2007-5470 +CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...) NOT-FOR-US: Microsoft Expression Media CVE-2007-5469 - openser 1.3.0-1 (unimportant; bug #446956) NOTE: should be only "exploitable" in local network with untrusted users -CVE-2007-5468 +CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest authenticati ...) NOT-FOR-US: Cisco -CVE-2007-5467 +CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote attacker ...) NOT-FOR-US: eXtremail -CVE-2007-5466 +CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...) NOT-FOR-US: eXtremail -CVE-2007-5465 +CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...) NOT-FOR-US: doop CMS -CVE-2007-5464 +CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allow ...) NOT-FOR-US: Live for Speed -CVE-2007-5463 +CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta a ...) NOT-FOR-US: ViArt Shop -CVE-2007-5462 +CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library (lib ...) NOT-FOR-US: Solaris -CVE-2007-5460 +CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak enc ...) NOT-FOR-US: Microsoft ActiveSync -CVE-2007-5459 +CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in t ...) NOT-FOR-US: MouseoverDictionary -CVE-2007-5458 +CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...) NOT-FOR-US: KwsPHP -CVE-2007-5457 +CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...) NOT-FOR-US: Joomla! extension -CVE-2007-5456 +CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to b ...) NOT-FOR-US: Internet Explorer -CVE-2007-5455 +CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 an ...) NOT-FOR-US: WWWISIS -CVE-2007-5454 +CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing Sys ...) NOT-FOR-US: PHP File Sharing -CVE-2007-5453 +CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow rem ...) NOT-FOR-US: Php-Stats -CVE-2007-5452 +CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-S ...) NOT-FOR-US: Php-Stats -CVE-2007-5451 +CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the com_ ...) NOT-FOR-US: Joomla! extension -CVE-2007-5450 +CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouc ...) NOT-FOR-US: Apple firmware -CVE-2007-5449 +CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes Por ...) NOT-FOR-US: Softbiz Recipes Portal Script -CVE-2007-5448 +CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...) - madwifi 1:0.9.3.2-2 (medium; bug #446824) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch2 -CVE-2007-5447 +CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...) NOT-FOR-US: ionCube -CVE-2007-5446 +CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: PBEmail -CVE-2007-5445 +CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...) NOT-FOR-US: VImpX -CVE-2007-5444 +CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full pat ...) NOT-FOR-US: CMS Made Simpe -CVE-2007-5443 +CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) NOT-FOR-US: CMS Made Simpe -CVE-2007-5442 +CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...) NOT-FOR-US: CMS Made Simpe -CVE-2007-5441 +CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...) NOT-FOR-US: CMS Made Simpe CVE-2007-5440 NOT-FOR-US: Crs Manager -CVE-2007-5439 +CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stor ...) NOT-FOR-US: eTrust ITM -CVE-2007-5438 +CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...) - vmware-package <not-affected> (Windows only) -CVE-2007-5437 +CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM (Threa ...) NOT-FOR-US: eTrust ITM -CVE-2007-5436 +CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...) NOT-FOR-US: G DATA Antivirus -CVE-2007-5435 +CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFus ...) NOT-FOR-US: CA ERwin Process Modeler -CVE-2007-5434 +CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earl ...) NOT-FOR-US: PRO-search -CVE-2007-5433 +CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Si ...) NOT-FOR-US: Site-Up -CVE-2007-5432 +CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the pa ...) NOT-FOR-US: Stride -CVE-2007-5431 +CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 conta ...) NOT-FOR-US: Stride module -CVE-2007-5430 +CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote atta ...) NOT-FOR-US: Stride -CVE-2007-5429 +CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...) NOT-FOR-US: Nucleus -CVE-2007-5428 +CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote atta ...) NOT-FOR-US: UMI CMS -CVE-2007-5427 +CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component i ...) NOT-FOR-US: Joomla! -CVE-2007-5426 +CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5 ...) NOT-FOR-US: ActiveKB NX -CVE-2007-5425 +CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...) NOT-FOR-US: ActiveKB NX -CVE-2007-5424 +CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to bypas ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: if the function is blacklisted but not its alias it is a configuration NOTE: issue of the site not a vulnerability in php -CVE-2007-5423 +CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ex ...) - tikiwiki <removed> -CVE-2007-5422 +CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...) NOT-FOR-US: Solaris Auditing CVE-2007-5421 REJECTED -CVE-2007-5420 +CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote manag ...) NOT-FOR-US: 3Com 3CRWER100-75 -CVE-2007-5419 +CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...) NOT-FOR-US: 3Com 3CRWER100-75 -CVE-2007-5418 +CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 al ...) NOT-FOR-US: CARE2X -CVE-2007-5417 +CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka bM ...) NOT-FOR-US: boastMachine -CVE-2007-5416 +CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the inpu ...) - drupal5 <unfixed> (unimportant; bug #446887) - drupal <unfixed> (unimportant) NOTE: The underlying PHP issue has been fixed in DSA 1206. NOTE: Plus, register_globals is not supported in Debian -CVE-2007-5415 +CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...) - iceweasel <removed> (unimportant) NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the NOTE: equivalent strings in UTF-7 NOTE: referring to the mozilla security team this is a non-issue and a duplicate of NOTE: CVE-2007-5414, mailed mitre -CVE-2007-5414 +CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...) - iceweasel 2.0+dfsg-1 -CVE-2007-5413 +CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...) NOT-FOR-US: HP OpenView -CVE-2007-5412 +CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...) NOT-FOR-US: Joomla! extension -CVE-2007-5411 +CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Ph ...) NOT-FOR-US: Linksys -CVE-2007-5410 +CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in t ...) NOT-FOR-US: Joomla! extension -CVE-2007-5409 +CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...) NOT-FOR-US: NuSEO -CVE-2007-5408 +CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...) NOT-FOR-US: cpDynaLinks -CVE-2007-5407 +CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the JContentSubs ...) NOT-FOR-US: Joomla! extension -CVE-2007-5406 +CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Auto ...) NOT-FOR-US: KeyView -CVE-2007-5405 +CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the A ...) NOT-FOR-US: KeyView -CVE-2007-5404 +CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on whethe ...) NOT-FOR-US: Layton HelpBox -CVE-2007-5403 +CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...) NOT-FOR-US: Layton HelpBox -CVE-2007-5402 +CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ( ...) NOT-FOR-US: Layton HelpBox -CVE-2007-5401 +CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...) NOT-FOR-US: Layton HelpBox -CVE-2007-5400 +CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...) NOT-FOR-US: RealPlayer -CVE-2007-5399 +CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...) NOT-FOR-US: KeyView -CVE-2007-5398 +CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in nm ...) {DSA-1409-3 DSA-1409-2 DSA-1409-1} - samba 3.0.27-1 (high) -CVE-2007-5397 +CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka APServ ...) NOT-FOR-US: activePDF Server -CVE-2007-5396 +CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...) NOT-FOR-US: Miranda -CVE-2007-5395 +CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in tokenize. ...) {DSA-1432-1} - link-grammar 4.2.5-1 (medium; bug #450695) -CVE-2007-5394 +CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...) NOT-FOR-US: Adobe PageMaker -CVE-2007-5393 +CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...) {DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1} - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) @@ -3251,7 +3251,7 @@ CVE-2007-5393 - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - swftools 0.9.2+ds1-2 -CVE-2007-5392 +CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...) {DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1} - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) @@ -3269,94 +3269,94 @@ CVE-2007-5392 - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - swftools 0.9.2+ds1-2 -CVE-2007-5461 +CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4 ...) {DSA-1453-1 DSA-1447-1} - tomcat5.5 5.5.25-2 (low; bug #448664) - tomcat5 <removed> NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E -CVE-2007-5391 +CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...) NOT-FOR-US: HP Select Identity -CVE-2007-5390 +CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0 ...) NOT-FOR-US: PicoFlat CVE-2007-5389 NOT-FOR-US: Joomla! extension -CVE-2007-5388 +CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 a ...) NOT-FOR-US: WebDesktop -CVE-2007-5387 +CVE-2007-5387 (PHP remote file inclusion vulnerability in active/components/xmlrpc/cl ...) NOT-FOR-US: Pindorama -CVE-2007-5386 +CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMy ...) {DSA-1403-1} - phpmyadmin 4:2.11.1.2-1 (bug #446451) [sarge] - phpmyadmin <not-affected> (vulnerable script not present) -CVE-2007-5385 +CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alc ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router -CVE-2007-5384 +CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Thom ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router -CVE-2007-5383 +CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router -CVE-2007-5382 +CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...) NOT-FOR-US: CiscoWorks -CVE-2007-5381 +CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco ...) NOT-FOR-US: Line Printer Daemon (LPD) Cisco -CVE-2007-5380 +CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...) - rails 1.2.5-1 -CVE-2007-5379 +CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...) - rails 1.2.5-1 [etch] - rails <not-affected> (Vulnerable code not present) -CVE-2007-5378 +CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolk ...) {DSA-1743-1 DSA-1416-1 DSA-1415-1} - tk8.3 8.3.5-10 (medium; bug #446465) - tk8.4 8.4.16-1 (medium) - libtk-img 1.3-release-8 (medium) -CVE-2007-5377 +CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functi ...) - tramp <not-affected> (the version we ship still uses make-temp-file) - emacs22 <not-affected> (the version we ship still uses make-temp-file) CVE-2007-5376 RESERVED -CVE-2007-5375 +CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows u ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5374 +CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrati ...) NOT-FOR-US: LightBlog -CVE-2007-5373 +CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument wh ...) {DSA-1517-1 DTSA-68-1} - ldapscripts 1.7.1-2 (bug #445582; medium) -CVE-2007-5372 +CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...) - sql-ledger <unfixed> (unimportant; bug #446366) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users -CVE-2007-5371 +CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php i ...) NOT-FOR-US: MODx -CVE-2007-5370 +CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewswe ...) NOT-FOR-US: NetWin -CVE-2007-5369 +CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in Co ...) NOT-FOR-US: conflict -CVE-2007-5368 +CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions i ...) NOT-FOR-US: Sun Solaris -CVE-2007-5367 +CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun Sola ...) NOT-FOR-US: Sun Solaris -CVE-2007-5366 +CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...) NOT-FOR-US: Fujitsu Interstage Application Server -CVE-2007-5365 +CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c ...) {DSA-1388-3 DSA-1388-1} - dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354) - dhcp3 <not-affected> (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c) NOTE: dhcp has a request for removal #446386 CVE-2007-5364 NOT-FOR-US: ViArt Shopping Cart -CVE-2007-5363 +CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the ...) NOT-FOR-US: Joomla! extension -CVE-2007-5362 +CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: Joomla! and mambo extension -CVE-2007-5361 +CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...) NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise -CVE-2007-5360 +CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...) NOT-FOR-US: OpenPegasus Management server CVE-2007-5359 RESERVED -CVE-2007-5358 +CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk 1 ...) - asterisk 1:1.4.13~dfsg-1 (medium) [sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected) [etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected) @@ -3364,59 +3364,59 @@ CVE-2007-5357 REJECTED CVE-2007-5356 REJECTED -CVE-2007-5355 +CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Expl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5354 REJECTED CVE-2007-5353 REJECTED -CVE-2007-5352 +CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem Servic ...) NOT-FOR-US: Microsoft Windows -CVE-2007-5351 +CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) si ...) NOT-FOR-US: Microsoft Vista -CVE-2007-5350 +CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...) NOT-FOR-US: Microsoft Vista CVE-2007-5349 REJECTED -CVE-2007-5348 +CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-5347 +CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5346 REJECTED CVE-2007-5345 REJECTED -CVE-2007-5344 +CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5343 REJECTED -CVE-2007-5342 +CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache To ...) {DSA-1447-1} - tomcat5.5 5.5.25-4 (low; bug #458237) - tomcat5 <not-affected> (Vulnerable code not present) -CVE-2007-5341 +CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla Firefo ...) - iceweasel 2.0.0.8-1 -CVE-2007-5340 +CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox b ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (high) - xulrunner 1.8.1.9-1 (high) - icedove 2.0.0.9-1 (low) - iceape 1.1.5 (high) NOTE: MFSA2007-29 -CVE-2007-5339 +CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbir ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (high) - xulrunner 1.8.1.9-1 (bug #447734; high) - icedove 2.0.0.9-1 (low) - iceape 1.1.5 NOTE: MFSA2007-29 -CVE-2007-5338 +CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...) {DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-35 -CVE-2007-5337 +CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when runnin ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 - xulrunner 1.8.1.9-1 @@ -3424,108 +3424,108 @@ CVE-2007-5337 NOTE: MFSA2007-34 CVE-2007-5336 REJECTED -CVE-2007-5335 +CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain s ...) {DSA-1396-1} - iceweasel 2.0.0.8-1 (low) NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8 -CVE-2007-5334 +CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-33 -CVE-2007-5333 +CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 th ...) - tomcat5.5 5.5.26-1 (low; bug #465645) - tomcat5 <removed> -CVE-2007-5332 +CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5331 +CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA BrightS ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5330 +CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5329 +CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5328 +CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5327 +CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message Engin ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5326 +CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5325 +CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5324 REJECTED -CVE-2007-5323 +CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote atta ...) NOT-FOR-US: RepliStor Server Service -CVE-2007-5322 +CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX cont ...) NOT-FOR-US: Microsoft Visual FoxPro -CVE-2007-5321 +CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control Pan ...) NOT-FOR-US: Verlihub Control Panel -CVE-2007-5320 +CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging Im ...) NOT-FOR-US: Imaging ImagXpress -CVE-2007-5319 +CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...) NOT-FOR-US: Solaris -CVE-2007-5318 +CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 all ...) NOT-FOR-US: Typolight webCMS CVE-2007-5317 REJECTED -CVE-2007-5316 +CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recr ...) NOT-FOR-US: Softbiz Jobs -CVE-2007-5315 +CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9 ...) NOT-FOR-US: LiveAlbum -CVE-2007-5314 +CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in x ...) NOT-FOR-US: xKiosk WEB -CVE-2007-5313 +CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in Pictu ...) NOT-FOR-US: Picturesolution -CVE-2007-5312 +CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...) NOT-FOR-US: TorrentTrader Classic -CVE-2007-5311 +CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in To ...) NOT-FOR-US: TorrentTrader Classic -CVE-2007-5310 +CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in t ...) NOT-FOR-US: TorrentTrader Classic -CVE-2007-5309 +CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...) NOT-FOR-US: Joomla! extension -CVE-2007-5308 +CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) ...) NOT-FOR-US: phpHPm) -CVE-2007-5307 +CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input d ...) NOT-FOR-US: ELSEIF CMS -CVE-2007-5306 +CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: ELSEIF CMS -CVE-2007-5305 +CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta ...) NOT-FOR-US: ELSEIF CMS -CVE-2007-5304 +CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...) NOT-FOR-US: ELSEIF CMS -CVE-2007-5303 +CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS ...) NOT-FOR-US: SnewsCMS -CVE-2007-5302 +CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System Manag ...) NOT-FOR-US: HP System Management Homepage -CVE-2007-5300 +CVE-2007-5300 (Off-by-one error in the do_login_loop function in libwzd-core/wzd_logi ...) {DSA-1452-1} - wzdftpd 0.8.2-2.1 (medium; bug #446192) -CVE-2007-5299 +CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, a ...) NOT-FOR-US: SkaDate -CVE-2007-5298 +CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion a ...) NOT-FOR-US: CMS Creamotion -CVE-2007-5297 +CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 al ...) NOT-FOR-US: Minki -CVE-2007-5296 +CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp ...) NOT-FOR-US: dbList -CVE-2007-5295 +CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a ...) NOT-FOR-US: Wikepage Opus -CVE-2007-5294 +CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0 ...) NOT-FOR-US: IDMOS -CVE-2007-5293 +CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta ...) NOT-FOR-US: IDMOS -CVE-2007-5292 +CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Im ...) NOT-FOR-US: Directory Image Gallery -CVE-2007-5291 +CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...) NOT-FOR-US: DB Manager -CVE-2007-5290 +CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...) NOT-FOR-US: MailBee WebMail Pro -CVE-2007-5289 +CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirec ...) NOT-FOR-US: HP Mercury Quality Center -CVE-2007-5301 +CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in input/vorbis/vor ...) {DSA-1538-1 DTSA-66-1} - alsaplayer 0.99.80~rc4-1 (low; bug #446034) CVE-2007-5288 @@ -3538,195 +3538,195 @@ CVE-2007-5285 REJECTED CVE-2007-5284 REJECTED -CVE-2007-5283 +CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...) NOT-FOR-US: Hitachi TPBroker -CVE-2007-5282 +CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library S ...) NOT-FOR-US: Hitachi Cosminexus -CVE-2007-5281 +CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Deve ...) NOT-FOR-US: Hitachi Cosminexus -CVE-2007-5280 +CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...) NOT-FOR-US: Appfuse -CVE-2007-5279 +CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...) NOT-FOR-US: PowerArchiver -CVE-2007-5278 +CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information und ...) NOT-FOR-US: Zomplog -CVE-2007-5277 +CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed connectio ...) NOT-FOR-US: Internet Explorer -CVE-2007-5276 +CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP p ...) NOT-FOR-US: Opera -CVE-2007-5275 +CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...) - flashplugin-nonfree 9.0.115.0.1 (bug #449110) [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) -CVE-2007-5274 +CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5273 +CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5272 +CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allo ...) NOT-FOR-US: Furkan Tastan Blog -CVE-2007-5271 +CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...) NOT-FOR-US: Trionic Cite CMS -CVE-2007-5270 +CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5. ...) - drupal <not-affected> (does not ship this module) -CVE-2007-5269 +CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...) - libpng 1.2.15~beta5-3 (low; bug #446308) [sarge] - libpng <no-dsa> (Minor issue) [etch] - libpng 1.2.15~beta5-1+etch2 -CVE-2007-5268 +CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) log ...) - libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19) -CVE-2007-5267 +CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...) - libpng <not-affected> (vulnerable code not present) NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1 NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe -CVE-2007-5266 +CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...) - libpng <not-affected> (vulnerable code not present) NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1 NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe -CVE-2007-5265 +CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1 ...) NOT-FOR-US: Dawn of Time -CVE-2007-5264 +CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online accou ...) NOT-FOR-US: Battlefront -CVE-2007-5263 +CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier al ...) NOT-FOR-US: Battlefront -CVE-2007-5262 +CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 a ...) NOT-FOR-US: Battlefront -CVE-2007-5261 +CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote a ...) NOT-FOR-US: MultiCart -CVE-2007-5260 +CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with insuf ...) NOT-FOR-US: ASP-CMS -CVE-2007-5259 +CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.0 ...) NOT-FOR-US: SysAid -CVE-2007-5258 +CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...) NOT-FOR-US: FreeLog -CVE-2007-5257 +CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control ...) NOT-FOR-US: EDraw Office Viewer -CVE-2007-5256 +CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...) NOT-FOR-US: FSD -CVE-2007-5255 +CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...) NOT-FOR-US: Google Mini Search Appliance -CVE-2007-5254 +CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Wr ...) NOT-FOR-US: VirusBlokAda Vba32 AntiVirus -CVE-2007-5253 +CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attac ...) NOT-FOR-US: Cart32 -CVE-2007-5252 +CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, an ...) NOT-FOR-US: NetSupport Manager/School Student -CVE-2007-5251 +CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 all ...) NOT-FOR-US: Helm -CVE-2007-5250 +CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by America ...) NOT-FOR-US: Americas Army -CVE-2007-5249 +CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal engine ...) NOT-FOR-US: Americas Army -CVE-2007-5248 +CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 engin ...) NOT-FOR-US: Doom 3 engine -CVE-2007-5247 +CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech engine ...) NOT-FOR-US: Monolith engine -CVE-2007-5246 +CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2 ...) - firebird2.0 2.0.3.12981.ds1-1 - firebird1.5 <removed> (medium; bug #446472) -CVE-2007-5245 +CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1. ...) - firebird2.0 2.0.3.12981.ds1-1 - firebird1.5 <removed> (medium; bug #446475) -CVE-2007-5244 +CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8 ...) NOT-FOR-US: Borland InterBase -CVE-2007-5243 +CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...) NOT-FOR-US: Borland InterBase -CVE-2007-5242 +CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON ...) NOT-FOR-US: HP OpenVMS -CVE-2007-5241 +CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...) NOT-FOR-US: HP OpenVMS -CVE-2007-5240 +CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5239 +CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5238 +CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...) - sun-java6 6-03-1 (unimportant) - sun-java5 1.5.0-13-1 (unimportant) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) NOTE: Leaked information hardly sensitive -CVE-2007-5237 +CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not prop ...) - sun-java6 6-03-1 (medium) - sun-java5 1.5.0-13-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5236 +CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK a ...) - sun-java6 <not-affected> (Windows only) - sun-java5 <not-affected> (Windows only) - openjdk-6 <not-affected> (Windows only) -CVE-2007-5235 +CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7. ...) NOT-FOR-US: Uebimiau -CVE-2007-5234 +CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...) NOT-FOR-US: Ossigeno CMS -CVE-2007-5233 +CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management Sy ...) NOT-FOR-US: Web Template Management System -CVE-2007-5232 +CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-5231 +CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in Zo ...) NOT-FOR-US: Zomplog -CVE-2007-5230 +CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...) NOT-FOR-US: Zomplog -CVE-2007-5229 +CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner Feed ...) NOT-FOR-US: FeedBurner FeedSmith wordpress plugin -CVE-2007-5228 +CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription functiona ...) - drupal <not-affected> (does not shipt this module) -CVE-2007-5227 +CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in messaging/cours ...) NOT-FOR-US: BlackBoard Learning System -CVE-2007-5226 +CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...) - dircproxy 1.0.5-5.1 (low; bug #445883) [sarge] - dircproxy <no-dsa> (Minor issue) [etch] - dircproxy 1.0.5-5etch1 -CVE-2007-5225 +CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun Sola ...) NOT-FOR-US: Sun Solaris -CVE-2007-5224 +CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows r ...) NOT-FOR-US: Original Photo Gallery -CVE-2007-5223 +CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network P ...) NOT-FOR-US: AlstraSoft -CVE-2007-5222 +CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...) NOT-FOR-US: MAXdev -CVE-2007-5221 +CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...) NOT-FOR-US: Poppawid -CVE-2007-5220 +CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog allo ...) NOT-FOR-US: ASP Product Catalog -CVE-2007-5219 +CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 Activ ...) NOT-FOR-US: CyberLink Power DVD -CVE-2007-5218 +CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DR ...) NOT-FOR-US: Don Barnes DRBGuestbook -CVE-2007-5217 +CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...) NOT-FOR-US: Altnet Download Manager -CVE-2007-5216 +CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...) NOT-FOR-US: eArk -CVE-2007-5215 +CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle God ...) NOT-FOR-US: GodSend -CVE-2007-5214 +CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...) NOT-FOR-US: Axis Network Camera -CVE-2007-5213 +CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) NOT-FOR-US: Axis Network Camera -CVE-2007-5212 +CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...) NOT-FOR-US: Axis Network Camera -CVE-2007-5211 +CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...) NOT-FOR-US: Peakflow -CVE-2007-5210 +CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6 ...) NOT-FOR-US: Peakflow -CVE-2007-5209 +CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...) NOT-FOR-US: CenterTools -CVE-2007-5208 +CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1. ...) {DSA-1462-1 DTSA-72-1} - hplip 1.6.10-4.3 (medium; bug #447341) [sarge] - hplip <not-affected> (This code was using smtp directly) @@ -3740,94 +3740,94 @@ CVE-2007-5203 RESERVED CVE-2007-5202 RESERVED -CVE-2007-5201 +CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a com ...) - duplicity 0.4.3-2 (low; bug #442840) [etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3) [sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3) NOTE: ftp is an inherently insecure protocol, any security-sensitive data would NOTE: be transferred through the scp, sftp or rsync backends. NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html -CVE-2007-5200 +CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE 10 ...) {DTSA-74-1} - hugin 0.6.1-1.1 (low; bug #447344) [etch] - hugin <no-dsa> (Minor issue) -CVE-2007-5199 +CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows r ...) - libxfont 1:1.3.2-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=327854 NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef -CVE-2007-5198 +CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios Plugin ...) {DSA-1495-1 DTSA-67-1} - nagios-plugins 1.4.8-2.2 (low; bug #445475) NOTE: Requires the webserver, which has to be checked, to be compromised -CVE-2007-5197 +CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...) {DSA-1397-1 DTSA-76-1} - mono 1.2.5.1-2 -CVE-2007-5196 +CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...) NOT-FOR-US: novell-groupwise-client -CVE-2007-5195 +CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...) NOT-FOR-US: novell-groupwise-client -CVE-2007-5194 +CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...) NOT-FOR-US: rMake CVE-2007-5192 RESERVED -CVE-2007-5191 +CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and ...) {DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1} - util-linux 2.13-8 (low) - loop-aes-utils 2.13-2 (low) -CVE-2007-5190 +CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVis ...) NOT-FOR-US: Alcatel OmniVista -CVE-2007-5189 +CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script Gues ...) NOT-FOR-US: X-Script -CVE-2007-5188 +CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17. ...) NOT-FOR-US: Xoops -CVE-2007-5187 +CVE-2007-5187 (SQL injection vulnerability in infusions/calendar_events_panel/show_si ...) NOT-FOR-US: Php-Fusion -CVE-2007-5186 +CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8. ...) NOT-FOR-US: Segue CMS -CVE-2007-5185 +CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...) NOT-FOR-US: phpWCMS XT -CVE-2007-5184 +CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...) NOT-FOR-US: smbFtpd -CVE-2007-5183 +CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuit ...) NOT-FOR-US: OdysseySuite -CVE-2007-5182 +CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak ...) NOT-FOR-US: Netkamp Emlak Scripti -CVE-2007-5181 +CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allo ...) NOT-FOR-US: Netkamp Emlak Scripti -CVE-2007-5180 +CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow re ...) NOT-FOR-US: Ohesa Emlak Portali -CVE-2007-5179 +CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...) NOT-FOR-US: Iletisim Formu -CVE-2007-5178 +CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB pla ...) NOT-FOR-US: mxBB -CVE-2007-5177 +CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads) ...) NOT-FOR-US: Mambo extension -CVE-2007-5176 +CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelp ...) NOT-FOR-US: eHelpDesk -CVE-2007-5175 +CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 ...) NOT-FOR-US: actSite -CVE-2007-5174 +CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 a ...) NOT-FOR-US: actSite -CVE-2007-5173 +CVE-2007-5173 (PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID ...) NOT-FOR-US: phpBB Openid -CVE-2007-5207 +CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a symli ...) - guilt 0.27-1.2 (medium; bug #445308) -CVE-2007-5193 +CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and pos ...) - twiki 1:4.1.2-3 (bug #444982; low) [etch] - twiki <no-dsa> (Minor packaging flaw, doesn't warrant an update) -CVE-2007-5172 +CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain sens ...) NOT-FOR-US: Quicksilver Forums -CVE-2007-5171 +CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows re ...) NOT-FOR-US: Quicksilver Forums -CVE-2007-5170 +CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) befor ...) NOT-FOR-US: Sun Fire -CVE-2007-5169 +CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...) NOT-FOR-US: Adobe PageMaker -CVE-2007-5168 +CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01 ...) NOT-FOR-US: Clan lite -CVE-2007-5167 +CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in p ...) NOT-FOR-US: phpLister -CVE-2007-5166 +CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a all ...) NOT-FOR-US: SiteSys CVE-2007-5165 NOT-FOR-US: myIpacNG-stats @@ -3835,23 +3835,23 @@ CVE-2007-5164 NOT-FOR-US: UniversiBO CVE-2007-5163 NOT-FOR-US: nexty -CVE-2007-5162 +CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net ...) {DSA-1412-1 DSA-1411-1 DSA-1410-1} - ruby1.9 1.9.0+20071016-1 (low) - ruby1.8 1.8.6.111-1 (low; bug #444929) NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504 -CVE-2007-5161 +CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in i-System ...) NOT-FOR-US: Feedreader 3 NOTE: editor not included in native wordpress -CVE-2007-5160 +CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...) NOT-FOR-US: Thierry Leriche Restaurant Management System -CVE-2007-5159 +CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g pac ...) - ntfs-3g 1:1.913-2 (medium; bug #445315) -CVE-2007-5158 +CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet Explo ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-5157 +CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex Koc ...) NOT-FOR-US: PHP Fidonet Tosser -CVE-2007-5156 +CVE-2007-5156 (Incomplete blacklist vulnerability in editor/filemanager/upload/php/up ...) - knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928) - moin 1.5.8-4.1 (unimportant) NOTE: This problem should rather be addressed by proper httpd config @@ -3860,174 +3860,174 @@ CVE-2007-5156 - gforge 4.6.99+svn6169-1 (low; bug #447590) [etch] - gforge <not-affected> (fckeditor is not shipped in these versions) [sarge] - gforge <not-affected> (fckeditor is not shipped in these versions) -CVE-2007-5155 +CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments ...) NOT-FOR-US: ICEOWS -CVE-2007-5154 +CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlie ...) NOT-FOR-US: Aipo -CVE-2007-5153 +CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...) NOT-FOR-US: Sun Java System Access Manager -CVE-2007-5152 +CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java Syste ...) NOT-FOR-US: Sun Java System Access Manager -CVE-2007-5151 +CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in includes/nu ...) NOT-FOR-US: NukeSentinel -CVE-2007-5150 +CVE-2007-5150 (SQL injection vulnerability in the is_god function in includes/nukesen ...) NOT-FOR-US: NukeSentinel -CVE-2007-5149 +CVE-2007-5149 (PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc. ...) NOT-FOR-US: North Country Public Radio Public Media Manager CVE-2007-5148 NOT-FOR-US: FrontAccounting -CVE-2007-5147 +CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...) NOT-FOR-US: Puzzle Apps CMS -CVE-2007-5146 +CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der D ...) NOT-FOR-US: Der Dirigent -CVE-2007-5145 +CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...) NOT-FOR-US: Windows XP -CVE-2007-5144 +CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used f ...) NOT-FOR-US: Windows Live Messenger -CVE-2007-5143 +CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows loca ...) NOT-FOR-US: Anti-Virus for Windows Servers -CVE-2007-5142 +CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Nov ...) NOT-FOR-US: Solidweb Novus -CVE-2007-5141 +CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allo ...) NOT-FOR-US: SiteX -CVE-2007-5140 +CVE-2007-5140 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...) NOT-FOR-US: IntegraMOD Nederland -CVE-2007-5139 +CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...) NOT-FOR-US: Chupix -CVE-2007-5138 +CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in lustig.c ...) NOT-FOR-US: lustig.cms -CVE-2007-5137 +CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...) {DSA-1743-1} - tk8.4 8.4.16-1 [etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13) [sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13) - tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13) - libtk-img 1.3-release-8 -CVE-2007-5136 +CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...) NOT-FOR-US: DFD Cart -CVE-2007-5134 +CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP address ...) NOT-FOR-US: Cisco firmware -CVE-2007-5133 +CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft Windows Explorer -CVE-2007-5132 +CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) NOT-FOR-US: Solaris -CVE-2007-5131 +CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...) NOT-FOR-US: ActiveKB -CVE-2007-5130 +CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: SimpGB -CVE-2007-5129 +CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with in ...) NOT-FOR-US: SimpGB -CVE-2007-5128 +CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows rem ...) NOT-FOR-US: SimpNews -CVE-2007-5127 +CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...) NOT-FOR-US: SimpGB -CVE-2007-5126 +CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup Exe ...) NOT-FOR-US: Symantec Veritas Backup Exec CVE-2007-5125 REJECTED -CVE-2007-5124 +CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...) NOT-FOR-US: AOL Messenger -CVE-2007-5123 +CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote at ...) NOT-FOR-US: Solidweb Novus -CVE-2007-5122 +CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds P ...) NOT-FOR-US: SoftBiz Classifieds PLUS -CVE-2007-5121 +CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allow ...) - jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files) [sarge] - jspwiki <no-dsa> (Contrib not supported) -CVE-2007-5120 +CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...) - jspwiki 2.5.139-1 (medium; bug #445477) [sarge] - jspwiki <no-dsa> (Contrib not supported) -CVE-2007-5119 +CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sen ...) - jspwiki 2.5.139-1 (unimportant; bug #445477) [sarge] - jspwiki <no-dsa> (Contrib not supported) -CVE-2007-5118 +CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class dr ...) NOT-FOR-US: Solaris -CVE-2007-5117 +CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...) NOT-FOR-US: FrontAccounting -CVE-2007-5116 +CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular Expre ...) {DSA-1400-1 DTSA-78-1} - perl 5.8.8-12 (medium; bug #450794) NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647 -CVE-2007-5135 +CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9 ...) {DSA-1379-1} - openssl 0.9.8e-9 (low; bug #444435) [sarge] - openssl 0.9.7e-3sarge5 -CVE-2007-5115 +CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Cont ...) NOT-FOR-US: Ekke Doerre Contenido CVE-2007-5114 NOT-FOR-US: phpmyProfiler -CVE-2007-5113 +CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass authenti ...) NOT-FOR-US: Google Urchin -CVE-2007-5112 +CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...) NOT-FOR-US: Google Urchin -CVE-2007-5111 +CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allo ...) NOT-FOR-US: ebCrypt -CVE-2007-5110 +CVE-2007-5110 (Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator ...) NOT-FOR-US: ebCrypt -CVE-2007-5109 +CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in FlatNu ...) NOT-FOR-US: flatnuke -CVE-2007-5108 +CVE-2007-5108 (Unspecified vulnerability in IAC Search & Media ask.com toolbar ha ...) NOT-FOR-US: IAC Search & Media ask.com toolbar -CVE-2007-5107 +CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 A ...) NOT-FOR-US: AskJeevesToolBar -CVE-2007-5106 +CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...) - wordpress 2.0.2-1 (low) -CVE-2007-5105 +CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...) - wordpress 2.0.4-1 (low) -CVE-2007-5104 +CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...) NOT-FOR-US: bcoos -CVE-2007-5103 +CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 R ...) NOT-FOR-US: Wordsmith -CVE-2007-5102 +CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...) NOT-FOR-US: Wordsmith -CVE-2007-5101 +CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter accou ...) NOT-FOR-US: ChironFS -CVE-2007-5100 +CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...) NOT-FOR-US: phpBB plus (phpbb2 does not include this module) -CVE-2007-5099 +CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters H ...) NOT-FOR-US: helplink -CVE-2007-5098 +CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 a ...) NOT-FOR-US: DFD Cart CVE-2007-5097 NOT-FOR-US: Online Fantasy Football League -CVE-2007-5096 +CVE-2007-5096 (PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822 ...) NOT-FOR-US: guanxiCRM Business Solution -CVE-2007-5095 +CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Inter ...) NOT-FOR-US: Windows Media Player -CVE-2007-5094 +CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitc ...) NOT-FOR-US: Ipswitch IMail Server -CVE-2007-5093 +CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2} - linux-2.6 2.6.23-1 -CVE-2007-5092 +CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music modu ...) NOT-FOR-US: phpNuke module -CVE-2007-5091 +CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4. ...) - egroupware 1.2.107-2.dfsg-2 (low; bug #444351) -CVE-2007-5090 +CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Micr ...) NOT-FOR-US: IBM Rational ClearQuest -CVE-2007-5089 +CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.l ...) NOT-FOR-US: Sklog -CVE-2007-5088 +CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...) NOT-FOR-US: freeside -CVE-2007-5087 +CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support ...) - linux-2.6 <not-affected> (2.6 code base handles ARP entries differently) -CVE-2007-5086 +CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not ...) NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0 -CVE-2007-5085 +CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache Geron ...) NOT-FOR-US: Geronimo Apache -CVE-2007-5084 +CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) Bri ...) NOT-FOR-US: CA BrightStor Hierarchical Storage Manager -CVE-2007-5083 +CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor Hier ...) NOT-FOR-US: CA BrightStor Hierarchical Storage Manager -CVE-2007-5082 +CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) Brig ...) NOT-FOR-US: CA BrightStor Hierarchical Storage Manager -CVE-2007-5081 +CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...) NOT-FOR-US: RealPlayer -CVE-2007-5080 +CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Playe ...) NOT-FOR-US: RealPlayer -CVE-2007-5079 +CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...) - gdm <not-affected> (Red Hat-specific packaging flaw) -CVE-2007-5078 +CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager al ...) NOT-FOR-US: eGov Manager CVE-2007-5077 RESERVED @@ -4039,243 +4039,243 @@ CVE-2007-5074 RESERVED CVE-2007-5073 RESERVED -CVE-2007-5072 +CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Simple PHP Blog -CVE-2007-5071 +CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...) NOT-FOR-US: Simple PHP Blog -CVE-2007-5070 +CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX contr ...) NOT-FOR-US: Easy Mail Message Printer -CVE-2007-5069 +CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke M ...) NOT-FOR-US: PHP-Nuke -CVE-2007-5068 +CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allo ...) NOT-FOR-US: phpFullAnnu -CVE-2007-5067 +CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remo ...) NOT-FOR-US: iMatix Xitami Web Server -CVE-2007-5066 +CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows rem ...) - webmin <removed> -CVE-2007-5065 +CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...) NOT-FOR-US: Joomla! extension -CVE-2007-5064 +CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6 ...) NOT-FOR-US: Xunlei Web Thunder -CVE-2007-5063 +CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information unde ...) NOT-FOR-US: Adam Scheinberg Flip -CVE-2007-5062 +CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote atta ...) NOT-FOR-US: Adam Scheinberg Flip -CVE-2007-5061 +CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere ...) NOT-FOR-US: Clansphere -CVE-2007-5060 +CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass functiona ...) NOT-FOR-US: XCMS -CVE-2007-5059 +CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow ...) NOT-FOR-US: GreenSQL -CVE-2007-5058 +CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration int ...) NOT-FOR-US: Barracuda -CVE-2007-5057 +CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...) NOT-FOR-US: NetSupport Manager Client -CVE-2007-5056 +CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lit ...) NOT-FOR-US: ADOdb Lite -CVE-2007-5055 +CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and ...) NOT-FOR-US: iziContents -CVE-2007-5054 +CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC ...) NOT-FOR-US: iziContents -CVE-2007-5053 +CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...) NOT-FOR-US: iziContents -CVE-2007-5052 +CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...) NOT-FOR-US: Vigile CMS -CVE-2007-5051 +CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1. ...) {DSA-1559-1} - phpgedview 4.1.e+4.1.1-2 (low; bug #443901) -CVE-2007-5050 +CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 allo ...) NOT-FOR-US: Neuron News CVE-2007-5049 REJECTED -CVE-2007-5048 +CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote attack ...) NOT-FOR-US: lhaplus -CVE-2007-5047 +CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate cer ...) NOT-FOR-US: Norton Internet Security -CVE-2007-5046 +CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...) NOT-FOR-US: IceWarp Merak Mail Server -CVE-2007-5045 +CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...) - iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows) - icedove <not-affected> (Only affects Firefox/Thunderbird on Windows) -CVE-2007-5044 +CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameter ...) NOT-FOR-US: ZoneAlam Pro -CVE-2007-5043 +CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate certa ...) NOT-FOR-US: Kaspersky Internet Security -CVE-2007-5042 +CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...) NOT-FOR-US: Outpost Firewall PRO -CVE-2007-5041 +CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain parame ...) NOT-FOR-US: G DATA InternetSecurity -CVE-2007-5040 +CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain pa ...) NOT-FOR-US: Ghost Security Suite -CVE-2007-5039 +CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain par ...) NOT-FOR-US: Ghost Security Suite -CVE-2007-5038 +CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for B ...) - bugzilla <not-affected> (Affected versions were never present in the archive) -CVE-2007-5037 +CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in src/inotifyto ...) {DSA-1440-1} - inotify-tools 3.11-1 (medium; bug #443913) -CVE-2007-5036 +CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with firmwa ...) NOT-FOR-US: AirDefense firmware CVE-2007-5035 NOT-FOR-US: openEngine -CVE-2007-5034 +CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ap ...) {DSA-1380-1} - elinks 0.11.1-1.5 (low; bug #443914) -CVE-2007-5033 +CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...) NOT-FOR-US: phpBB XS -CVE-2007-5032 +CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in Franci ...) NOT-FOR-US: Php-Nuke -CVE-2007-5031 +CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbl ...) - dibbler 0.6.1-1 (low; bug #444002) -CVE-2007-5030 +CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...) - dibbler 0.6.1-1 (low; bug #444002) -CVE-2007-5029 +CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are appro ...) - dibbler 0.6.1-1 (low; bug #444002) -CVE-2007-5028 +CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspec ...) - dibbler 0.6.1-1 (medium; bug #444002) -CVE-2007-5027 +CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...) NOT-FOR-US: WBR3404TX firmware -CVE-2007-5026 +CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ro ...) NOT-FOR-US: dBlog CMS -CVE-2007-5025 +CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 a ...) NOT-FOR-US: VMware -CVE-2007-5024 +CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in clearte ...) NOT-FOR-US: VMware -CVE-2007-5023 +CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation b ...) NOT-FOR-US: VMware -CVE-2007-5022 +CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2007-5021 REJECTED -CVE-2007-5020 +CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows a ...) NOT-FOR-US: Acrobat Reader CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips] - mp 3.7.1-8 (low) [sarge] - mp <no-dsa> (Minor issue) [etch] - mp <no-dsa> (Minor issue) NOTE: Can be fixed in a point update -CVE-2007-5019 +CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java Runt ...) - sun-java6 <removed> (unimportant) - sun-java5 <removed> (unimportant) - openjdk-6 <removed> (unimportant) NOTE: exploiting this would not work under Linux -CVE-2007-5018 +CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...) NOT-FOR-US: Pegasus Mail Mercury -CVE-2007-5017 +CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-5016 +CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows re ...) NOT-FOR-US: OneCMS -CVE-2007-5015 +CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP M ...) NOT-FOR-US: Streamline -CVE-2007-5014 +CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allo ...) NOT-FOR-US: pSlash -CVE-2007-5013 +CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ph ...) NOT-FOR-US: Phormer -CVE-2007-5012 +CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGalle ...) NOT-FOR-US: PhpWebGallery -CVE-2007-5011 +CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive i ...) NOT-FOR-US: WebBatch -CVE-2007-5010 +CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote att ...) NOT-FOR-US: WebBatch -CVE-2007-5009 +CVE-2007-5009 (PHP remote file inclusion vulnerability in language/lang_german/lang_m ...) NOT-FOR-US: Phpbb Plus NOTE: vulnerable code not included in phpbb2 -CVE-2007-5008 +CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not cor ...) NOT-FOR-US: HP-UX -CVE-2007-5007 +CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa befo ...) - balsa 2.3.20-1 (low) [etch] - balsa 2.3.13-3 NOTE: Minor issue fixed in 4.0r4 point release [sarge] - balsa <no-dsa> (Minor issue) NOTE: attacker needs to get the victim a prepared server to use -CVE-2007-5006 +CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ARCse ...) NOT-FOR-US: CA ARCserve Backup -CVE-2007-5005 +CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer Associa ...) NOT-FOR-US: CA ARCserve Backup -CVE-2007-5004 +CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve Backu ...) NOT-FOR-US: CA ARCserve Backup -CVE-2007-5003 +CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) Brig ...) NOT-FOR-US: CA ARCserve Backup CVE-2007-5002 RESERVED -CVE-2007-5001 +CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ser ...) - linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only) -CVE-2007-5000 +CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...) [sarge] - apache2 <no-dsa> (minor issue) [sarge] - apache <no-dsa> (minor issue) - apache2 2.2.8-1 (low) - apache <removed> (low) [etch] - apache2 2.2.3-4+etch4 [etch] - apache 1.3.34-4.1+etch1 -CVE-2007-4999 +CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allo ...) - pidgin 2.2.2-1 (medium) -CVE-2007-4998 +CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...) - coreutils 4.1.2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471 -CVE-2007-4997 +CVE-2007-4997 (Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80 ...) {DSA-1428-1} - linux-2.6 2.6.23-1 -CVE-2007-4996 +CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge me ...) - pidgin 2.2.1-1 (medium) NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0 -CVE-2007-4995 +CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0. ...) {DSA-1571-1} - openssl 0.9.8f-1 (low) - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) - openssl096 <not-affected> (DTLS support was introduced in 0.9.8) [sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8) -CVE-2007-4994 +CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not p ...) NOT-FOR-US: Redhat Certificate Server -CVE-2007-4993 +CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a gue ...) {DSA-1384-1} - xen-3 3.1.1-1 (medium; bug #444430) - xen-3.0 <removed> -CVE-2007-4992 +CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in fbserver ...) - firebird1.5 <removed> (medium; bug #446373) - firebird2.0 2.0.3.12981.ds1-1 (medium) -CVE-2007-4991 +CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...) NOT-FOR-US: Microsoft Internet Security and Acceleration -CVE-2007-4990 +CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 all ...) {DSA-1385-1} - xfs 1:1.0.5-1 CVE-2007-4989 REJECTED -CVE-2007-4988 +CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick befor ...) {DSA-1903-1 DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick 1.1.11-1 (medium; bug #444266) -CVE-2007-4987 +CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ImageMagi ...) {DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) -CVE-2007-4986 +CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow context ...) {DSA-1903-1 DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick 1.1.11-1 (medium; bug #444266) -CVE-2007-4985 +CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...) {DSA-1903-1 DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick 1.1.11-1 (medium; bug #444266) -CVE-2007-4984 +CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...) NOT-FOR-US: StylesDemo -CVE-2007-4983 +CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX ...) NOT-FOR-US: jetAudio -CVE-2007-4982 +CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCo ...) NOT-FOR-US: QRCode -CVE-2007-4981 +CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in Obedi ...) NOT-FOR-US: Obedit -CVE-2007-4980 +CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java i ...) NOT-FOR-US: GCALDaemon -CVE-2007-4979 +CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in Kws ...) NOT-FOR-US: KwsPHP -CVE-2007-4978 +CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 ...) NOT-FOR-US: phpSyncML -CVE-2007-4977 +CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Pho ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-4976 +CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo G ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-4975 +CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...) NOT-FOR-US: b1gMail -CVE-2007-4974 +CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in libsndf ...) {DSA-1442-1} - libsndfile 1.0.17-4 (bug #443386; medium) [sarge] - libsndfile <not-affected> (Vulnerable code not present) @@ -4284,52 +4284,52 @@ CVE-2007-4974 [etch] - ardour <not-affected> (Vulnerable code not present) CVE-2007-4973 RESERVED -CVE-2007-4972 +CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System Se ...) NOT-FOR-US: NtRegmon -CVE-2007-4971 +CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...) NOT-FOR-US: ProSecurity -CVE-2007-4970 +CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to Sy ...) NOT-FOR-US: ProcessGuard -CVE-2007-4969 +CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...) NOT-FOR-US: Process Monitor -CVE-2007-4968 +CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...) NOT-FOR-US: Privatefirewal -CVE-2007-4967 +CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ce ...) NOT-FOR-US: Online Armor Personal Firewall -CVE-2007-4966 +CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge 4. ...) NOTE: Duplicate of CVE-2007-3913 -CVE-2007-4965 +CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and e ...) {DSA-1620-1 DSA-1551-1} - python2.5 2.5.1-6 (low; bug #443333) [etch] - python2.5 <no-dsa> (Minor issue) [sarge] - python2.5 <no-dsa> (Minor issue) - python2.4 2.4.4-7 (low; bug #443335) [etch] - python2.4 <no-dsa> (Minor issue) -CVE-2007-4964 +CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: WinImage -CVE-2007-4963 +CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows re ...) NOT-FOR-US: WinImage -CVE-2007-4962 +CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...) NOT-FOR-US: WinImage -CVE-2007-4961 +CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by th ...) - secondlife-client <itp> (low; bug #406335) -CVE-2007-4960 +CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life secondl ...) - secondlife-client <itp> (low; bug #406335) -CVE-2007-4959 +CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in catalog_products_with_imag ...) NOT-FOR-US: osCMax -CVE-2007-4958 +CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) NOT-FOR-US: TinyWebGallery -CVE-2007-4957 +CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...) NOT-FOR-US: ChupixCMS -CVE-2007-4956 +CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote atta ...) NOT-FOR-US: KwsPhp -CVE-2007-4955 +CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...) NOT-FOR-US: Joomla! extension -CVE-2007-4954 +CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...) NOT-FOR-US: Joomla! extension -CVE-2007-4953 +CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote atta ...) NOT-FOR-US: SimpCMS -CVE-2007-4952 +CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...) NOT-FOR-US: OmniStar Article Manager CVE-2007-4951 NOT-FOR-US: YaPiG @@ -4337,130 +4337,130 @@ CVE-2007-4950 NOT-FOR-US: Phportal CVE-2007-4949 NOT-FOR-US: phpreactor -CVE-2007-4948 +CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia Explore ...) NOT-FOR-US: Webmedia Explorer -CVE-2007-4947 +CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0. ...) NOT-FOR-US: myphpPagetool -CVE-2007-4946 +CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information (i ...) NOT-FOR-US: LetterGrade -CVE-2007-4945 +CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade all ...) NOT-FOR-US: LetterGrade -CVE-2007-4944 +CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...) NOT-FOR-US: Opera -CVE-2007-4943 +CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...) NOT-FOR-US: Baofeng Storm -CVE-2007-4942 +CVE-2007-4942 (PHP remote file inclusion vulnerability in modules/Discipline/StudentF ...) NOT-FOR-US: Focus/SIS -CVE-2007-4941 +CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a den ...) NOT-FOR-US: KMPlayer for windows NOTE: its not kmplayer we ship its a windows only media player -CVE-2007-4940 +CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and e ...) NOT-FOR-US: Media Player Classic -CVE-2007-4939 +CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MP ...) NOT-FOR-US: Media Player Classic -CVE-2007-4938 +CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...) {DTSA-65-1} - mplayer 1.0~rc1-16.1 (bug #443478) -CVE-2007-4937 +CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with insu ...) NOT-FOR-US: CS Guestbook -CVE-2007-4936 +CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has u ...) NOT-FOR-US: SafeSquid -CVE-2007-4935 +CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...) NOT-FOR-US: phpFFL -CVE-2007-4934 +CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...) NOT-FOR-US: phpFFL -CVE-2007-4933 +CVE-2007-4933 (Direct static code injection vulnerability in includes/admin/sub/conf_ ...) NOT-FOR-US: Shop-Script FREE -CVE-2007-4932 +CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...) NOT-FOR-US: Shop-Script FREE -CVE-2007-4931 +CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in conjunct ...) NOT-FOR-US: HP System Management Homepage -CVE-2007-4930 +CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) NOT-FOR-US: Axis firmware -CVE-2007-4929 +CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W c ...) NOT-FOR-US: Axis firmware -CVE-2007-4928 +CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the confi ...) NOT-FOR-US: Axis firmware -CVE-2007-4927 +CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote auth ...) NOT-FOR-US: Axis firmware -CVE-2007-4926 +CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and pass ...) NOT-FOR-US: Axis firmware -CVE-2007-4925 +CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...) NOT-FOR-US: eWire Payment Client -CVE-2007-4924 +CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...) - opal 2.2.11~dfsg1-1 (low) [etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141) NOTE: will be fixed by regular stable update -CVE-2007-4923 +CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...) NOT-FOR-US: Joomla extension -CVE-2007-4922 +CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module fo ...) NOT-FOR-US: KwsPhp -CVE-2007-4921 +CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php ...) NOT-FOR-US: Ajax File Browser -CVE-2007-4920 +CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2 ...) NOT-FOR-US: Webquest -CVE-2007-4919 +CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote a ...) NOT-FOR-US: Jblog -CVE-2007-4918 +CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato allo ...) NOT-FOR-US: Gelato -CVE-2007-4917 +CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats ...) NOT-FOR-US: Php-Stats -CVE-2007-4916 +CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC ...) NOT-FOR-US: MFC Library -CVE-2007-4915 +CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLa ...) - boa <not-affected> (We don't ship this extension) -CVE-2007-4914 +CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision Pow ...) NOT-FOR-US: Invision Power Board -CVE-2007-4913 +CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) ...) NOT-FOR-US: Invision Power Board -CVE-2007-4912 +CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php ...) NOT-FOR-US: Invision Power Board -CVE-2007-4911 +CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...) NOT-FOR-US: JetCast Server -CVE-2007-4910 +CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown imp ...) NOT-FOR-US: Netinvoicing -CVE-2007-4909 +CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...) NOT-FOR-US: WinSCP -CVE-2007-4908 +CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and earl ...) NOT-FOR-US: AuraCMS -CVE-2007-4907 +CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow rem ...) NOT-FOR-US: X-Cart -CVE-2007-4906 +CVE-2007-4906 (PHP remote file inclusion vulnerability in tasks/send_queued_emails.ph ...) NOT-FOR-US: NuclearBB -CVE-2007-4905 +CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2. ...) NOT-FOR-US: AuraCMS -CVE-2007-4904 +CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0. ...) - helix-player <unfixed> (unimportant; bug #443130) NOTE: Just a floating point exception by via a crafted .au file) -CVE-2007-4903 +CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll ...) NOT-FOR-US: Ultra Crypto Component -CVE-2007-4902 +CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Ultra Crypto Component -CVE-2007-4901 +CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...) NOT-FOR-US: AOL Instant Messenger -CVE-2007-4900 +CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVi ...) NOT-FOR-US: RSA EnVision -CVE-2007-4899 +CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.1 ...) NOT-FOR-US: Boinc Forum -CVE-2007-4898 +CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 ...) NOT-FOR-US: Xwiki -CVE-2007-4897 +CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remo ...) {DTSA-94-1} - pwlib 1.10.10-1.1 (low; bug #454133) - pwlib-titan 1.11.2-1.1 (low; bug #454139) [etch] - pwlib 1.10.2-2+etch1 [sarge] - pwlib 1.8.4-1+sarge1.1 -CVE-2007-4896 +CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in admin/header.ph ...) NOT-FOR-US: Toms Gaestebuch -CVE-2007-4895 +CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ( ...) NOT-FOR-US: Sisfo Kampus -CVE-2007-4894 +CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ...) - wordpress 2.2.3-1 (medium) [etch] - wordpress <not-affected> (Vulnerable code not yet introduced) -CVE-2007-4893 +CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ...) - wordpress 2.2.3-1 (low) [etch] - wordpress <not-affected> (Vulnerable code not yet introduced) -CVE-2007-4892 +CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...) NOT-FOR-US: Plesk (Windows) CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer] - libwmf <unfixed> (unimportant) @@ -4468,33 +4468,33 @@ CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer] NOTE: Only present in one of the sample pl-scheme packages (plot) - libgd2 2.0.35.dfsg-3 [etch] - libgd2 2.0.33-5.2etch1 -CVE-2007-4891 +CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Mi ...) NOT-FOR-US: PDWizard -CVE-2007-4890 +CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX contro ...) NOT-FOR-US: Microsoft Visual Studio -CVE-2007-4889 +CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...) - php5 <removed> (unimportant) NOTE: basedir and safemode not supported -CVE-2007-4888 +CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...) NOT-FOR-US: Xwiki -CVE-2007-4887 +CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent atta ...) - php5 5.2.5-1 (unimportant) NOTE: Only triggerable by malicious script -CVE-2007-4886 +CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and pro ...) NOT-FOR-US: Aura CMS -CVE-2007-4885 +CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a d ...) NOT-FOR-US: Avnex AV MP3 Player -CVE-2007-4884 +CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ca ...) NOT-FOR-US: Windows -CVE-2007-4883 +CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in ...) - mediawiki-extensions <not-affected> (We don't ship this extension) -CVE-2007-4882 +CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel Custo ...) NOT-FOR-US: TechExcel CustomerWise -CVE-2007-4881 +CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com s ...) NOT-FOR-US: Psilabs -CVE-2007-4880 +CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ce ...) NOT-FOR-US: IBM Tivoli Storage Manager (TSM) -CVE-2007-4879 +CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, c ...) {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 (low; bug #444803) - iceape 1.1.9-1 (low; bug #444805) @@ -4507,11 +4507,11 @@ CVE-2007-4876 RESERVED CVE-2007-4875 RESERVED -CVE-2007-4874 +CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.0 ...) NOT-FOR-US: SimpNews -CVE-2007-4873 +CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with ...) NOT-FOR-US: SimpNews -CVE-2007-4872 +CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: SimpNews CVE-2007-4871 RESERVED @@ -4529,11 +4529,11 @@ CVE-2007-4865 RESERVED CVE-2007-4864 RESERVED -CVE-2007-4863 +CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote ...) NOT-FOR-US: SAXON -CVE-2007-4862 +CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5. ...) NOT-FOR-US: SAXON -CVE-2007-4861 +CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to obt ...) NOT-FOR-US: SAXON CVE-2007-4860 RESERVED @@ -4555,177 +4555,177 @@ CVE-2007-4852 RESERVED CVE-2007-4851 REJECTED -CVE-2007-4850 +CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ...) - php4 <removed> (unimportant) - php5 5.2.6-1 (unimportant) NOTE: Safe mode bypasses not treated as security problems -CVE-2007-4849 +CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly o ...) {DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.23-1 (bug #442245; low) -CVE-2007-4848 +CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to d ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-4847 +CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by Pi ...) NOT-FOR-US: Google Picasa -CVE-2007-4846 +CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1. ...) NOT-FOR-US: Webace-Linkscript -CVE-2007-4845 +CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Down ...) NOT-FOR-US: RW::Download -CVE-2007-4844 +CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly rea ...) NOT-FOR-US: Unreal Commander -CVE-2007-4843 +CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 bu ...) NOT-FOR-US: Unreal Commander -CVE-2007-4842 +CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan Explo ...) NOT-FOR-US: Magellan Explorer -CVE-2007-4841 +CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMon ...) - iceweasel <not-affected> (windows only issue) - iceape <not-affected> (windows only issue) - xulrunner <not-affected> (windows only issue) - icedove <not-affected> (windows only issue) NOTE: MFSA2007-36 NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974 -CVE-2007-4840 +CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a de ...) - glibc 2.7-1 (unimportant) NOTE: Original PHP issue only triggerable by malicious script -CVE-2007-4839 +CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...) NOT-FOR-US: IBM WebSphere -CVE-2007-4838 +CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier al ...) NOT-FOR-US: CellFactor Revolution -CVE-2007-4837 +CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows r ...) NOT-FOR-US: Proxy Anket -CVE-2007-4836 +CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0. ...) NOT-FOR-US: phpMyQuote -CVE-2007-4835 +CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows rem ...) NOT-FOR-US: phpMyQuote -CVE-2007-4834 +CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 a ...) NOT-FOR-US: phpRealty -CVE-2007-4833 +CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere Appli ...) NOT-FOR-US: IBM WebSphere -CVE-2007-4832 +CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...) NOT-FOR-US: CellFactor Revolution -CVE-2007-4831 +CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in account_setting ...) NOT-FOR-US: TorrentTrader -CVE-2007-4830 +CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...) NOT-FOR-US: DirectAdmin -CVE-2007-4829 +CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...) - perl 5.10.0-19 [etch] - perl <not-affected> (Was merged into Perl as of 5.10) - libarchive-tar-perl 1.38-1 (low; bug #449544) [sarge] - libarchive-tar-perl <no-dsa> (Minor issue) [etch] - libarchive-tar-perl <no-dsa> (Minor issue) -CVE-2007-4828 +CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing mo ...) - mediawiki 1.10.2-1 (low; bug #442255) [etch] - mediawiki <not-affected> (Does not include the vulnerable code) -CVE-2007-4827 +CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in Min ...) NOT-FOR-US: Modbus Slave ActiveX Control -CVE-2007-4826 +CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...) {DSA-1382-1} - quagga 0.99.9-1 (low; bug #442133) NOTE: Upstream says that this can only be exploited by configured peers. -CVE-2007-4825 +CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ...) - php5 5.2.5-1 (unimportant) - php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...") NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems -CVE-2007-4824 +CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google P ...) NOT-FOR-US: Google Picasa -CVE-2007-4823 +CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack vec ...) NOT-FOR-US: Google Picasa -CVE-2007-4822 +CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device manageme ...) NOT-FOR-US: Buffalo AirStation firmware -CVE-2007-4821 +CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.2 ...) NOT-FOR-US: EDraw Office Viewer -CVE-2007-4820 +CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo K ...) NOT-FOR-US: Sisfo Kampus -CVE-2007-4819 +CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 all ...) NOT-FOR-US: Txx CMS -CVE-2007-4818 +CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allo ...) NOT-FOR-US: Txx CMS -CVE-2007-4817 +CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante (com_restaur ...) NOT-FOR-US: Joomla component NOTE: not included in standard joomla installation, joomla has an itp though -CVE-2007-4816 +CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps ...) NOT-FOR-US: BaoFeng2 -CVE-2007-4815 +CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus ...) NOT-FOR-US: WebED -CVE-2007-4814 +CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed Ma ...) NOT-FOR-US: Microsoft SQL Server Enterprise Manager -CVE-2007-4813 +CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Bet ...) NOT-FOR-US: Domino Blogsphere -CVE-2007-4812 +CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions bef ...) NOT-FOR-US: Mac OS -CVE-2007-4811 +CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...) NOT-FOR-US: Netjuke -CVE-2007-4810 +CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...) NOT-FOR-US: Netjuke -CVE-2007-4809 +CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy F ...) NOT-FOR-US: Online Fantasy Football League -CVE-2007-4808 +CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote att ...) NOT-FOR-US: TLM CMS -CVE-2007-4807 +CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 al ...) NOT-FOR-US: Focus/SIS -CVE-2007-4806 +CVE-2007-4806 (PHP remote file inclusion vulnerability in modules/Discipline/Category ...) NOT-FOR-US: Focus/SIS -CVE-2007-4805 +CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime (cms ...) NOT-FOR-US: Fuzzylime CMS -CVE-2007-4804 +CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote a ...) NOT-FOR-US: AuraCMS -CVE-2007-4803 +CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...) NOT-FOR-US: AtomixMP3 -CVE-2007-4802 +CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remot ...) NOT-FOR-US: GlobalLink CVE-2007-4801 RESERVED CVE-2007-4800 RESERVED -CVE-2007-4799 +CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...) NOT-FOR-US: AIX perfstat kernel extension -CVE-2007-4798 +CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in invscout.r ...) NOT-FOR-US: invscout -CVE-2007-4797 +CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) comm ...) NOT-FOR-US: System V print -CVE-2007-4796 +CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows ...) NOT-FOR-US: uucp IBM AIX -CVE-2007-4795 +CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 al ...) NOT-FOR-US: mkpath IBM AIX -CVE-2007-4794 +CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 ...) NOT-FOR-US: fcstat IBM AIX -CVE-2007-4793 +CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allo ...) NOT-FOR-US: xlplm IBM AIX -CVE-2007-4792 +CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 ...) NOT-FOR-US: ibstat IBM AIX -CVE-2007-4791 +CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5. ...) NOT-FOR-US: swcons IBM AIX -CVE-2007-4790 +CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.O ...) NOT-FOR-US: Microsoft Visual FoxPro -CVE-2007-4789 +CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Cont ...) NOT-FOR-US: Cisco CSM -CVE-2007-4788 +CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Con ...) NOT-FOR-US: Cisco CSM -CVE-2007-4787 +CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...) NOT-FOR-US: Sophos Anti-Virus -CVE-2007-4786 +CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1 ...) NOT-FOR-US: Cisco ASA -CVE-2007-4785 +CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...) NOT-FOR-US: Sony Micro Vault -CVE-2007-4784 +CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent at ...) - php5 5.2.5-1 (unimportant; bug #441972) NOTE: Only triggerable by malicious script -CVE-2007-4783 +CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...) - php5 5.2.5-1 (unimportant; bug #441972) NOTE: Only triggerable by malicious script -CVE-2007-4782 +CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...) - php5 5.2.3-1 (unimportant) NOTE: Only triggerable by malicious script -CVE-2007-4781 +CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...) NOT-FOR-US: Joomla! -CVE-2007-4780 +CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...) NOT-FOR-US: Joomla! -CVE-2007-4779 +CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (ak ...) NOT-FOR-US: Joomla! -CVE-2007-4778 +CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component (com_c ...) NOT-FOR-US: Joomla! -CVE-2007-4777 +CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) al ...) NOT-FOR-US: Joomla! -CVE-2007-4776 +CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6 ...) NOT-FOR-US: Microsoft Visual Basic CVE-2007-4775 RESERVED @@ -4733,7 +4733,7 @@ CVE-2007-4774 RESERVED CVE-2007-4773 RESERVED -CVE-2007-4772 +CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 @@ -4742,32 +4742,32 @@ CVE-2007-4772 - tcl8.4 8.4.17-1 (low) [etch] - tcl8.4 <no-dsa> (Minor issue) [sarge] - postgresql <unfixed> -CVE-2007-4771 +CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...) {DSA-1511-1} - icu 3.8-6 (bug #463688) -CVE-2007-4770 +CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...) {DSA-1511-1} - icu 3.8-6 (bug #463688) -CVE-2007-4769 +CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 - tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer) - tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer) [sarge] - postgresql <unfixed> -CVE-2007-4768 +CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector -CVE-2007-4767 +CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector -CVE-2007-4766 +CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression (PCRE ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 @@ -4775,37 +4775,37 @@ CVE-2007-4766 NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-4765 RESERVED -CVE-2007-4764 +CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...) NOT-FOR-US: Pawfaliki -CVE-2007-4763 +CVE-2007-4763 (PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.ph ...) NOT-FOR-US: PHPOF -CVE-2007-4762 +CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMAR ...) NOT-FOR-US: E-SMARTCART -CVE-2007-4761 +CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 al ...) NOT-FOR-US: Barbo91 -CVE-2007-4760 +CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus ...) NOT-FOR-US: Cosminexus Developer's Kit -CVE-2007-4759 +CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in C ...) NOT-FOR-US: Cosminexus Developer's Kit -CVE-2007-4758 +CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus D ...) NOT-FOR-US: Cosminexus Developer's Kit -CVE-2007-4757 +CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney al ...) NOT-FOR-US: phpMytourney -CVE-2007-4756 +CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...) NOT-FOR-US: Total Commander -CVE-2007-4755 +CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a d ...) - alien-arena 6.05-4.1 (low; bug #442075) -CVE-2007-4754 +CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in acesrc/ace ...) - alien-arena 6.05-4.1 (medium; bug #442075) -CVE-2007-4753 +CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...) NOT-FOR-US: Thomson ST 2030 SIP phone -CVE-2007-4751 +CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...) NOT-FOR-US: RemoteDocs R-Viewer -CVE-2007-4750 +CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allow ...) NOT-FOR-US: RemoteDocs R-Viewer -CVE-2007-4749 +CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attacker ...) NOT-FOR-US: Autodesk Backburner -CVE-2007-4752 +CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted c ...) {DSA-1576-1} - openssh 1:4.7p1-1 (low; bug #444738) [etch] - openssh <no-dsa> (minor issue in weak security measure) @@ -4814,51 +4814,51 @@ CVE-2007-4752 NOTE: trusted X client, so this is only a slight privilege NOTE: escalation. The X Security extension is merely an afterthought NOTE: and is unlikely to provide strong security guarantees. -CVE-2007-4748 +CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0 ...) NOT-FOR-US: PowerPlayer -CVE-2007-4747 +CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway Encoder/Deco ...) NOT-FOR-US: Cisco firmware -CVE-2007-4746 +CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone an ...) NOT-FOR-US: Cisco firmware -CVE-2007-4745 +CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.4 ...) NOT-FOR-US: AkoBook -CVE-2007-4744 +CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in AnyInven ...) NOT-FOR-US: AnyInventory -CVE-2007-4742 +CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to o ...) NOT-FOR-US: Claroline -CVE-2007-4741 +CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Cl ...) NOT-FOR-US: Claroline -CVE-2007-4740 +CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.Regis ...) NOT-FOR-US: HPRevolutionRegistryManager -CVE-2007-4739 +CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...) {DSA-1394-1} - reprepro 2.2.4-1 (high; bug #440535) NOTE: patch for etch in the BTS [sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0) -CVE-2007-4738 +CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...) NOT-FOR-US: SpeedTech PHP Library -CVE-2007-4737 +CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...) NOT-FOR-US: SpeedTech PHP Library -CVE-2007-4736 +CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold Shopp ...) NOT-FOR-US: CartKeeper CKGold Shopping Cart -CVE-2007-4735 +CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allow ...) NOT-FOR-US: Virtual DJ -CVE-2007-4734 +CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted re ...) NOT-FOR-US: OTSTurntables -CVE-2007-4733 +CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is di ...) NOT-FOR-US: Aztech firmware -CVE-2007-4732 +CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special F ...) NOT-FOR-US: Special File System -CVE-2007-4743 +CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_G ...) {DSA-1387-1 DSA-1367-1} - krb5 1.6.dfsg.1-7 (high; bug #441209) [sarge] - krb5 <not-affected> (Vulnerable code not present) - librpcsecgss 0.14-4 (high; bug #441393) NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86 NOTE: 1.6.dfsg.1-7 somehow already includes the updated version -CVE-2007-4731 +CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll i ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-4730 +CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the Co ...) {DSA-1372-1 DTSA-73-1} - xorg-server 2:1.4-1 NOTE: XFree86 is not affected @@ -4866,425 +4866,425 @@ CVE-2007-4729 RESERVED CVE-2007-4728 RESERVED -CVE-2007-4727 +CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fast ...) {DSA-1362-1} - lighttpd 1.4.18-1 (medium; bug #441555) NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch NOTE: http://www.milw0rm.com/exploits/4391 -CVE-2007-4726 +CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote at ...) NOT-FOR-US: Web Oddity -CVE-2007-4725 +CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4. ...) NOT-FOR-US: AkkyWareHOUSE -CVE-2007-4724 +CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the cal ...) - tomcat5.5 <not-affected> (Version already ships fixed files) - tomcat5 <removed> (unimportant; bug #441205) - libservlet2.4-java 5.0.30-6 (unimportant) NOTE: DSA should not be required, minor issue, jsp just present as example -CVE-2007-4723 +CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel 4.3 ...) NOT-FOR-US: Ragnarok -CVE-2007-4722 +CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming Interne ...) NOT-FOR-US: Quantum Streaming CVE-2007-4721 REJECTED -CVE-2007-4720 +CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/C ...) NOT-FOR-US: Hitachi -CVE-2007-4719 +CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allo ...) NOT-FOR-US: 212cafeBoard -CVE-2007-4718 +CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in Claro ...) NOT-FOR-US: Claroline -CVE-2007-4717 +CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...) NOT-FOR-US: Claroline -CVE-2007-4716 +CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 al ...) NOT-FOR-US: PHD Help Desk -CVE-2007-4715 +CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allo ...) NOT-FOR-US: Weblogicnet -CVE-2007-4714 +CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows remo ...) NOT-FOR-US: Yvora -CVE-2007-4713 +CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in U ...) NOT-FOR-US: Urchin -CVE-2007-4712 +CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 allo ...) NOT-FOR-US: eNetman -CVE-2007-4711 +CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...) NOT-FOR-US: Toms Gaestebuch -CVE-2007-4710 +CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allow ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4709 +CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5. ...) NOT-FOR-US: CFNetwork (Apple Mac OS X) -CVE-2007-4708 +CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Address Book (Apple Mac OS X) -CVE-2007-4707 +CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in App ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4706 +CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2007-4705 RESERVED -CVE-2007-4704 +CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...) NOT-FOR-US: Mac OS X -CVE-2007-4703 +CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a roo ...) NOT-FOR-US: Mac OS X -CVE-2007-4702 +CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when "Block all incom ...) NOT-FOR-US: Mac OS X -CVE-2007-4701 +CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporar ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4700 +CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10. ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4699 +CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through 10. ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4698 +CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X, Windows -CVE-2007-4697 +CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4696 +CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allow ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4695 +CVE-2007-4695 (Unspecified "input validation" vulnerability in WebCore in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4694 +CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4693 +CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows at ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4692 +CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4691 +CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ca ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4690 +CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4689 +CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4688 +CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4687 +CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 conta ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4686 +CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4685 +CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users t ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4684 +CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4683 +CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4682 +CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ca ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4681 +CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 th ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4680 +CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not p ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4679 +CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remo ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4678 +CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows att ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4677 +CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4676 +CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4675 +CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4674 +CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote att ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4673 +CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4672 +CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows remot ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4671 +CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...) NOT-FOR-US: Safari -CVE-2007-4670 +CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ...) - php5 5.2.4-1 (unimportant) - php4 <removed> (unimportant) NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue -CVE-2007-4669 +CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-4668 +CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-4667 +CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-4666 +CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-4665 +CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-4664 +CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create da ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-4663 +CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...) - php5 5.2.4-1 (unimportant) NOTE: open_basedir not supported -CVE-2007-4662 +CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...) {DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 NOTE: fixed in php5/etch svn NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147 -CVE-2007-4661 +CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...) - php5 5.2.4-1 (unimportant) NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only NOTE: triggerable by malicious script -CVE-2007-4660 +CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before 5. ...) {DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 NOTE: fixed in php5/etch svn NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2 NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2 -CVE-2007-4659 +CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...) {DTSA-61-1} - php5 5.2.4-1 (low) [etch] - php5 <no-dsa> (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway) -CVE-2007-4658 +CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...) {DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 (low) NOTE: fixed in php5/etch svn NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667" NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and % -CVE-2007-4657 +CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...) {DSA-1578-1 DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 - php4 <removed> NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641 NOTE: Only exploitable by malicious script -CVE-2007-4656 +CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...) {DSA-1518-1} - backup-manager 0.7.6-3 (bug #439392) -CVE-2007-4655 +CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Ba ...) NOT-FOR-US: CGI RESCUE Shopping Basket -CVE-2007-4654 +CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cis ...) NOT-FOR-US: SSHield -CVE-2007-4653 +CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ea ...) NOT-FOR-US: Cisco Content Services Switch -CVE-2007-4652 +CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to b ...) - php5 5.2.4-1 (unimportant) NOTE: open_basedir() not supported -CVE-2007-4651 +CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows ...) NOT-FOR-US: Adobe Connect Enterprise Server -CVE-2007-4650 +CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow att ...) {DSA-1404-1} - gallery2 2.2.3-1 NOTE: does not affect gallery 1.x (package 'gallery') -CVE-2007-4649 +CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and In ...) NOT-FOR-US: MicroWorld eScan Virus Contro -CVE-2007-4648 +CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak perm ...) NOT-FOR-US: Norman Virus Control -CVE-2007-4647 +CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allow ...) NOT-FOR-US: Ourspace -CVE-2007-4646 +CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite ...) NOT-FOR-US: Hexamail -CVE-2007-4645 +CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remo ...) NOT-FOR-US: NMDeluxe -CVE-2007-4644 +CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...) NOT-FOR-US: Doomsday/deng -CVE-2007-4643 +CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier all ...) NOT-FOR-US: Doomsday/deng -CVE-2007-4642 +CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ear ...) NOT-FOR-US: Doomsday/deng -CVE-2007-4641 +CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...) NOT-FOR-US: Pakupaku -CVE-2007-4640 +CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0. ...) NOT-FOR-US: Pakupaku -CVE-2007-4639 +CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain debu ...) NOT-FOR-US: EnterpriseDB -CVE-2007-4638 +CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows r ...) NOT-FOR-US: StarCraft -CVE-2007-4637 +CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit a ...) NOT-FOR-US: xGB -CVE-2007-4636 +CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allo ...) NOT-FOR-US: phpBG -CVE-2007-4635 +CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ca ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-4634 +CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and Unifie ...) NOT-FOR-US: Cisco -CVE-2007-4633 +CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManag ...) NOT-FOR-US: Cisco -CVE-2007-4632 +CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VT ...) NOT-FOR-US: Cisco -CVE-2007-4631 +CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and o ...) - qgit 1.5.5-1.1 (bug #440950; low) [etch] - qgit <no-dsa> (Minor issue) -CVE-2007-4630 +CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...) NOT-FOR-US: Absolute Poll Manager -CVE-2007-4629 +CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in MapSer ...) {DSA-1539-1} - mapserver 4.10.3-1 -CVE-2007-4628 +CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...) NOT-FOR-US: phpns -CVE-2007-4627 +CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows remo ...) NOT-FOR-US: ABC eStore -CVE-2007-4626 +CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote attacke ...) - polipo 1.0.2-1 (low) [sarge] - polipo <no-dsa> (Minor issue) [etch] - polipo <no-dsa> (Minor issue) -CVE-2007-4625 +CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of se ...) - polipo 1.0.2-1 (low) [sarge] - polipo <no-dsa> (Minor issue) [etch] - polipo <no-dsa> (Minor issue) -CVE-2007-4624 +CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign D ...) NOT-FOR-US: AbleDesign Dynamic Picture Frame -CVE-2007-4623 +CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...) NOT-FOR-US: IBM AIX -CVE-2007-4622 +CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) libdns_nons ...) NOT-FOR-US: IBM AIX -CVE-2007-4621 +CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain p ...) NOT-FOR-US: IBM AIX -CVE-2007-4620 +CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) Aler ...) NOT-FOR-US: CA products -CVE-2007-4619 +CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) {DSA-1469-1} - flac 1.2.1-1 (medium) -CVE-2007-4618 +CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...) NOT-FOR-US: BEA WebLogic -CVE-2007-4617 +CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...) NOT-FOR-US: BEA WebLogic -CVE-2007-4616 +CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through ...) NOT-FOR-US: BEA WebLogic -CVE-2007-4615 +CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 ...) NOT-FOR-US: BEA WebLogic -CVE-2007-4614 +CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an adm ...) NOT-FOR-US: BEA WebLogic -CVE-2007-4613 +CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold th ...) NOT-FOR-US: BEA WebLogic -CVE-2007-4612 +CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale Moon ...) NOT-FOR-US: Moonware -CVE-2007-4611 +CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale Moo ...) NOT-FOR-US: Moonware -CVE-2007-4610 +CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in Moonwar ...) NOT-FOR-US: Moonware -CVE-2007-4609 +CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for a ...) NOT-FOR-US: eyeOS -CVE-2007-4608 +CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ePersonne ...) NOT-FOR-US: ePersonnel -CVE-2007-4607 +CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6 ...) NOT-FOR-US: EasyMailSMTPObj ActiveX control -CVE-2007-4606 +CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in ...) NOT-FOR-US: Php-Nuke -CVE-2007-4605 +CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...) NOT-FOR-US: Vwar -CVE-2007-4604 +CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows ...) NOT-FOR-US: DL PayCart -CVE-2007-4603 +CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 al ...) NOT-FOR-US: ACG news -CVE-2007-4602 +CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by De ...) NOT-FOR-US: Micro-CMS -CVE-2007-4600 +CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 1 ...) NOT-FOR-US: Mathsoft Mathcad -CVE-2007-4599 +CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...) NOT-FOR-US: RealPlayer -CVE-2007-4598 +CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager ...) NOT-FOR-US: IBM -CVE-2007-4597 +CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...) NOT-FOR-US: SunShop Shopping Cart -CVE-2007-4596 +CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, whic ...) - php5 <removed> (unimportant) NOTE: Safe mode violations not treated as vulnerabilities -CVE-2007-4595 +CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...) NOT-FOR-US: Mayaa -CVE-2007-4594 +CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly valid ...) NOT-FOR-US: Entrust Entelligence Security Provider -CVE-2007-4593 +CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...) - vmware-package <not-affected> (Only vulnerable on windows hosted systems) -CVE-2007-4592 +CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Rational -CVE-2007-4591 +CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...) - vmware-package <not-affected> (Only vulnerable on windows hosted systems) -CVE-2007-4590 +CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynR ...) NOT-FOR-US: Ignite-UX -CVE-2007-4589 +CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...) NOT-FOR-US: InterWorx Hosting Control Panel -CVE-2007-4588 +CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...) NOT-FOR-US: InterWorx Hosting Control Panel -CVE-2007-4587 +CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria es ...) NOT-FOR-US: escafeWeb -CVE-2007-4586 +CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension ...) NOT-FOR-US: iisfunc (windows only) -CVE-2007-4585 +CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2 ...) NOT-FOR-US: 2532|Gigs -CVE-2007-4584 +CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC serv ...) - ircii-pana <removed> (medium; bug #443544) -CVE-2007-4583 +CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the nvUtility.Util ...) NOT-FOR-US: ACTi Network Video Recorder -CVE-2007-4582 +CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX cont ...) NOT-FOR-US: ACTi Network Video Recorder -CVE-2007-4581 +CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 al ...) NOT-FOR-US: WBB2-Addon: Acrotxt 1 -CVE-2007-4601 +CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might all ...) - tcp-wrappers 7.6.dbs-12 (bug #405342; medium) [etch] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10) [sarge] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10) -CVE-2007-4580 +CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows loca ...) NOT-FOR-US: BufferZone (Windows) CVE-2007-4579 REJECTED -CVE-2007-4578 +CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...) NOT-FOR-US: Sophos -CVE-2007-4577 +CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...) NOT-FOR-US: Sophos CVE-2007-4576 REJECTED -CVE-2007-4575 +CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...) {DSA-1419-1} - openoffice.org 2.3.1~rc1-1 (medium; bug #454463) - hsqldb 1.8.0.9-1 -CVE-2007-4574 +CVE-2007-4574 (Unspecified vulnerability in the "stack unwinder fixes" in kernel in R ...) - linux-2.6 <not-affected> (Redhat specific vulnerability) NOTE: I contacted the redhat security team about this, this was caused by an incomplete NOTE: backport for stack unwinder fixes in the linux kernel made by them. NOTE: redhat sent a reproducer to the vendor-sec list -CVE-2007-4573 +CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...) {DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.22-5 (medium) -CVE-2007-4572 +CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, wh ...) {DSA-1409-3 DSA-1409-2 DSA-1409-1} - samba 3.0.27-1 (high; bug #451385) -CVE-2007-4571 +CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the Advance ...) {DSA-1505-1 DSA-1479-1} - linux-2.6 2.6.22-5 (low; bug #444571) - alsa-driver 1.0.15-1 NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 NOTE: very easy to exploit locally -CVE-2007-4570 +CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in ...) NOT-FOR-US: MCS translation daemon -CVE-2007-4569 +CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...) {DSA-1376-1 DTSA-60-1} - kdebase 4:3.5.7-4 [sarge] - kdebase <not-affected> (problem not present in code) NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt -CVE-2007-4568 +CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server (x ...) {DSA-1385-1} - xfs 1:1.0.5-1 -CVE-2007-4567 +CVE-2007-4567 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...) - linux-2.6 2.6.22-1 [etch] - linux-2.6 <not-affected> (Introduced in 2.6.20) -CVE-2007-4566 +CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...) NOT-FOR-US: SIDVault -CVE-2007-4565 +CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...) {DSA-1377-2} - fetchmail 6.3.8-8 (bug #440006; low) [etch] - fetchmail <no-dsa> (Hardly a security problem) [sarge] - fetchmail <not-affected> (problem not present in source) -CVE-2007-4564 +CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later mi ...) NOT-FOR-US: Hitachi Cosminexus -CVE-2007-4563 +CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later mi ...) NOT-FOR-US: Hitachi Cosminexus -CVE-2007-4562 +CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosm ...) NOT-FOR-US: Hitachi DABroker -CVE-2007-4561 +CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server bef ...) NOT-FOR-US: Helix DNA Server -CVE-2007-4560 +CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, al ...) {DSA-1366-1} - clamav 0.91.2-1~volatile1 (high) -CVE-2007-4559 +CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) extractal ...) - python2.3 <removed> (unimportant) - python2.4 <unfixed> (unimportant; bug #440097) - python2.5 <unfixed> (unimportant; bug #440099) @@ -5298,82 +5298,82 @@ CVE-2007-4559 NOTE: provided by design. CVE-2007-4558 REJECTED -CVE-2007-4557 +CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in Nove ...) NOT-FOR-US: Novell -CVE-2007-4556 +CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0. ...) NOT-FOR-US: OpenSymphony XWork -CVE-2007-4555 +CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows rem ...) NOT-FOR-US: Ipswitch WS_FTP -CVE-2007-4554 +CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php i ...) - tikiwiki <removed> -CVE-2007-4553 +CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...) NOT-FOR-US: Thomson ST 2030 SIP phone -CVE-2007-4552 +CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...) NOT-FOR-US: Agares Media Arcadem -CVE-2007-4551 +CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media A ...) NOT-FOR-US: Agares Media Arcadem -CVE-2007-4550 +CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean migh ...) NOT-FOR-US: ALPass -CVE-2007-4549 +CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...) NOT-FOR-US: ALPass -CVE-2007-4548 +CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...) NOT-FOR-US: Apache Geronimo -CVE-2007-4547 +CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...) NOT-FOR-US: Unreal Commander -CVE-2007-4546 +CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the C ...) NOT-FOR-US: Unreal Commander -CVE-2007-4545 +CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...) NOT-FOR-US: Unreal Commander -CVE-2007-4544 +CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPres ...) NOT-FOR-US: WordPress multi-user (MU) -CVE-2007-4543 +CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...) - bugzilla 2.22.1-2.2 (low; bug #440106) [etch] - bugzilla <no-dsa> (Affected code only shipped in example, minor issue anyway) [sarge] - bugzilla <not-affected> (Vulnerable code not present) -CVE-2007-4542 +CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer befor ...) {DSA-1539-1} - mapserver 4.10.3-1 (bug #439346) -CVE-2007-4541 +CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...) NOT-FOR-US: Olate Download -CVE-2007-4540 +CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate Downlo ...) NOT-FOR-US: Olate Download -CVE-2007-4539 +CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 do ...) - bugzilla <not-affected> (Affected versions were never present in the archive) -CVE-2007-4538 +CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers t ...) - bugzilla <not-affected> (Affected versions were never present in the archive) -CVE-2007-4537 +CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm impl ...) NOT-FOR-US: Skulltag -CVE-2007-4536 +CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...) NOT-FOR-US: TorrentTrader -CVE-2007-4535 +CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...) NOT-FOR-US: Vavoom -CVE-2007-4534 +CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker ...) NOT-FOR-US: Vavoom -CVE-2007-4533 +CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in Vavoo ...) NOT-FOR-US: Vavoom -CVE-2007-4532 +CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...) NOT-FOR-US: Soldat game server -CVE-2007-4531 +CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...) NOT-FOR-US: Soldat game server -CVE-2007-4530 +CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Serve ...) - teamspeak-server 2.0.23.19-1 -CVE-2007-4529 +CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote auth ...) - teamspeak-server 2.0.23.19-1 -CVE-2007-4528 +CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not f ...) NOT-FOR-US: ffi extension for php -CVE-2007-4527 +CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...) NOT-FOR-US: phUploader -CVE-2007-4526 +CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before 3.5 ...) NOT-FOR-US: Novell Identity Manager CVE-2007-4525 - spip 2.0.6-1 -CVE-2007-4524 +CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2 ...) NOT-FOR-US: PhPress -CVE-2007-4523 +CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Ma ...) NOT-FOR-US: Ripe Website Manager -CVE-2007-4522 +CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 a ...) NOT-FOR-US: Ripe Website Manager -CVE-2007-4521 +CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an I ...) - asterisk <not-affected> (The voicemail backend is not enabled in Debian) [sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected) [etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected) @@ -5385,117 +5385,117 @@ CVE-2007-4519 RESERVED CVE-2007-4518 RESERVED -CVE-2007-4517 +CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedur ...) NOT-FOR-US: Oracle -CVE-2007-4516 +CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in Syman ...) NOT-FOR-US: Volume Manager Scheduler Service -CVE-2007-4515 +CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before 20 ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-4514 +CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manag ...) NOT-FOR-US: HP ProCurve Manager -CVE-2007-4513 +CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow loc ...) NOT-FOR-US: IBM AIX -CVE-2007-4512 +CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Wind ...) NOT-FOR-US: Sophos Anti-Virus for Windows -CVE-2007-4511 +CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...) NOT-FOR-US: Sun Application Server -CVE-2007-4510 +CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...) {DSA-1366-1} - clamav 0.91.2-1~volatile1 [sarge] - clamav <not-affected> (Vulnerable code not present) NOTE: Only exploitable if CL_EXPERIMENTAL is set -CVE-2007-4509 +CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component (c ...) NOT-FOR-US: EventList component for Joomla! -CVE-2007-4508 +CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...) NOT-FOR-US: Rebellion Asura engine -CVE-2007-4507 +CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 al ...) NOT-FOR-US: External PHP component only relevant for Windows -CVE-2007-4506 +CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ( ...) NOT-FOR-US: NeoRecruit component for Joomla! -CVE-2007-4505 +CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ( ...) NOT-FOR-US: RemoSitory component for Mambo -CVE-2007-4504 +CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles componen ...) NOT-FOR-US: RSfiles component for Joomla! -CVE-2007-4503 +CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component (c ...) NOT-FOR-US: Nice Talk component for Joomla! -CVE-2007-4502 +CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component (com_ ...) NOT-FOR-US: BibTeX component for Joomla! -CVE-2007-4501 +CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...) NOT-FOR-US: SSHKeychain -CVE-2007-4500 +CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...) NOT-FOR-US: SSHKeychain -CVE-2007-4499 +CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American Finan ...) NOT-FOR-US: American Financing eMail Image Upload -CVE-2007-4498 +CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0 ...) NOT-FOR-US: Grandstream SIP Phone -CVE-2007-4497 +CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) - vmware-package 0.16 -CVE-2007-4496 +CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) - vmware-package 0.16 -CVE-2007-4495 +CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) NOT-FOR-US: Solaris -CVE-2007-4494 +CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9 ...) - ezpublish <removed> -CVE-2007-4493 +CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...) - ezpublish <removed> -CVE-2007-4492 +CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun Sol ...) NOT-FOR-US: Solaris -CVE-2007-4491 +CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows r ...) NOT-FOR-US: Gurur haber -CVE-2007-4490 +CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProte ...) NOT-FOR-US: Trend Micro -CVE-2007-4489 +CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...) NOT-FOR-US: eCentrex VOIP -CVE-2007-4488 +CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gig ...) NOT-FOR-US: Siemens GigaSet firmware -CVE-2007-4487 +CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...) NOT-FOR-US: Invision Power Board -CVE-2007-4486 +CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in Lin ...) NOT-FOR-US: Linkliste -CVE-2007-4485 +CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly on ...) NOT-FOR-US: Butterfly online visitors counter -CVE-2007-4484 +CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER 1.0 ...) NOT-FOR-US: My_REFERER -CVE-2007-4483 +CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) -CVE-2007-4482 +CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0. ...) NOT-FOR-US: Pool 1.0.7 theme for WordPress -CVE-2007-4481 +CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...) NOT-FOR-US: Rus themes for WordPress -CVE-2007-4480 +CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1. ...) NOT-FOR-US: Sirius 1.0 theme for WordPress -CVE-2007-4479 +CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search Engi ...) NOT-FOR-US: Search Engine Builder -CVE-2007-4478 +CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...) NOT-FOR-US: Internet Explorer -CVE-2007-4477 +CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...) NOT-FOR-US: Planet VC-200M VDSL2 router -CVE-2007-4476 +CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...) {DSA-1566-1 DSA-1438-1} - tar 1.18-1 (low; bug #441444) - cpio 2.9-5 (low; bug #449222) -CVE-2007-4475 +CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webvie ...) NOT-FOR-US: EAI WebViewer3D ActiveX control -CVE-2007-4474 +CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web Acce ...) NOT-FOR-US: IBM Lotus Domino Web Access -CVE-2007-4473 +CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate se ...) NOT-FOR-US: Gesytec Easylon OPC Server -CVE-2007-4472 +CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings Play ...) NOT-FOR-US: Broderbund Expressit -CVE-2007-4471 +CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online E ...) NOT-FOR-US: QuickBooks -CVE-2007-4470 +CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping NC ...) NOT-FOR-US: Earth Resource Mapping NCSView CVE-2007-4469 RESERVED CVE-2007-4468 RESERVED -CVE-2007-4467 +CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...) NOT-FOR-US: Oracle -CVE-2007-4466 +CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCt ...) NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX -CVE-2007-4465 +CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apa ...) - apache <removed> (low) - apache2 2.2.6-1 (bug #453783) [sarge] - apache <no-dsa> (browser issue, low impact) @@ -5504,258 +5504,258 @@ CVE-2007-4465 NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset, NOTE: but many users change this. NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3. -CVE-2007-4464 +CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Co ...) NOT-FOR-US: Total Commander -CVE-2007-4463 +CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted rem ...) NOT-FOR-US: Total Commander -CVE-2007-4462 +CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwr ...) - po4a 0.31-1 (bug #439226) [etch] - po4a 0.29-1etch1 [sarge] - po4a 0.20-2sarge1 -CVE-2007-4461 +CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote attack ...) - nufw 2.2.4-1 (bug #439227) [etch] - nufw <not-affected> -CVE-2007-4460 +CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8 ...) {DSA-1365-3 DSA-1365-2 DSA-1365-1} - id3lib3.8.3 3.8.3-7 (low; bug #438540) -CVE-2007-4459 +CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...) NOT-FOR-US: Cisco IP Phone -CVE-2007-4458 +CVE-2007-4458 (PHP remote file inclusion vulnerability in includes/class/class_tpl.ph ...) NOT-FOR-US: Firesoft -CVE-2007-4457 +CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...) NOT-FOR-US: Dalai Forum -CVE-2007-4456 +CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ (com_simplef ...) NOT-FOR-US: mambo NOTE: mambo is in experimental though -CVE-2007-4455 +CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...) - asterisk 1:1.4.11~dfsg-1 [sarge] - asterisk <not-affected> (not affected according to advisory) [etch] - asterisk <not-affected> (not affected according to advisory) -CVE-2007-4454 +CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...) NOT-FOR-US: Olate Download CVE-2007-4453 NOT-FOR-US: vBulletin -CVE-2007-4452 +CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...) NOT-FOR-US: Toribash -CVE-2007-4451 +CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote attac ...) NOT-FOR-US: Toribash -CVE-2007-4450 +CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...) NOT-FOR-US: Toribash -CVE-2007-4449 +CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...) NOT-FOR-US: Toribash -CVE-2007-4448 +CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle parti ...) NOT-FOR-US: Toribash -CVE-2007-4447 +CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier a ...) NOT-FOR-US: Toribash -CVE-2007-4446 +CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...) NOT-FOR-US: Toribash -CVE-2007-4445 +CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...) NOT-FOR-US: Image space rfactor -CVE-2007-4444 +CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier all ...) NOT-FOR-US: Image space rfactor -CVE-2007-4443 +CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and 2004 ...) NOT-FOR-US: Unreal on Windows -CVE-2007-4442 +CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal engi ...) NOT-FOR-US: Unreal on Windows -CVE-2007-4441 +CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...) - php5 <not-affected> (Windows-specific) -CVE-2007-4440 +CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mai ...) NOT-FOR-US: Mercury mail system -CVE-2007-4439 +CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in Squirre ...) NOT-FOR-US: Squirrelcart -CVE-2007-4438 +CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...) - ampache 3.3.3.5-dfsg-1 (bug #407337) -CVE-2007-4437 +CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 al ...) - ampache 3.3.3.5-dfsg-1 (bug #407337) -CVE-2007-4436 +CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...) - drupal <not-affected> (External addon, see bug #439379) -CVE-2007-4435 +CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 al ...) NOT-FOR-US: TorrentTrader -CVE-2007-4434 +CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...) NOT-FOR-US: Text File Search ASP -CVE-2007-4433 +CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...) NOT-FOR-US: Text File Search ASP -CVE-2007-4432 +CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...) NOT-FOR-US: SUSE -CVE-2007-4431 +CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earli ...) NOT-FOR-US: Safari/windows -CVE-2007-4430 +CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows contex ...) NOT-FOR-US: Cisco IOS -CVE-2007-4429 +CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...) NOT-FOR-US: Skype -CVE-2007-4428 +CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via unknow ...) NOT-FOR-US: lhaz -CVE-2007-4427 +CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the C ...) NOT-FOR-US: InterSystems Cache -CVE-2007-4426 +CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a deni ...) NOT-FOR-US: Live for Speed -CVE-2007-4425 +CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 all ...) NOT-FOR-US: Live for Speed -CVE-2007-4424 +CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user be ...) NOT-FOR-US: Safari -CVE-2007-4423 +CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID functio ...) NOT-FOR-US: IBM DB2 -CVE-2007-4422 +CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN wi ...) NOT-FOR-US: Symantec Enterprise Firewall -CVE-2007-4421 +CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...) NOT-FOR-US: Olate Download -CVE-2007-4420 +CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: EDraw Office Viewer Component -CVE-2007-4419 +CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin u ...) NOT-FOR-US: Olate Download -CVE-2007-4418 +CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...) NOT-FOR-US: IBM DB2 -CVE-2007-4417 +CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not proper ...) NOT-FOR-US: IBM DB2 CVE-2007-4416 NOT-FOR-US: BellaBook -CVE-2007-4415 +CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 In ...) NOT-FOR-US: Cisco VPN client/windows -CVE-2007-4414 +CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to g ...) NOT-FOR-US: Cisco VPN client/windows -CVE-2007-4413 +CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...) NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2 -CVE-2007-4412 +CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solut ...) NOT-FOR-US: Deskpro -CVE-2007-4411 +CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the hi ...) - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314) [etch] - ircd-ircu <no-dsa> (Minor issue) -CVE-2007-4410 +CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick actio ...) - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314) [etch] - ircd-ircu <no-dsa> (Minor issue) -CVE-2007-4409 +CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote att ...) - ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed) -CVE-2007-4408 +CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allow ...) - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314) [etch] - ircd-ircu <no-dsa> (Minor issue) -CVE-2007-4407 +CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...) - ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed) -CVE-2007-4406 +CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...) - ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed) -CVE-2007-4405 +CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...) - ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed) -CVE-2007-4404 +CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of servi ...) - ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed) -CVE-2007-4403 +CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote attack ...) NOT-FOR-US: mirc/winamp -CVE-2007-4402 +CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote attack ...) NOT-FOR-US: mirc -CVE-2007-4401 +CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC Integrati ...) NOT-FOR-US: mirc -CVE-2007-4400 +CVE-2007-4400 (CRLF injection vulnerability in the included media script in Konversat ...) - konversation 1.0.1-4 (low; bug #439837) [etch] - konversation <no-dsa> (minor issue) [sarge] - konversation <no-dsa> (minor issue) -CVE-2007-4399 +CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allo ...) NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package) -CVE-2007-4398 +CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...) - irssi-scripts 20070925 (low; bug #439840) - weechat-scripts 20070425-0.1 (low; bug #439839) [etch] - irssi-scripts <no-dsa> (minor issue) [etch] - weechat-scripts <no-dsa> (minor issue) [sarge] - irssi-scripts <no-dsa> (minor issue) -CVE-2007-4397 +CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMM ...) NOT-FOR-US: various IRC now_playing scripts -CVE-2007-4396 +CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33t ...) - irssi-scripts 20070925 (low; bug #439840) [etch] - irssi-scripts <no-dsa> (minor issue) [sarge] - irssi-scripts <no-dsa> (minor issue) NOTE: weechat-scripts does not include the mentioned scripts -CVE-2007-4395 +CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...) NOT-FOR-US: Sun Solaris 8 -CVE-2007-4394 +CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the fi ...) NOT-FOR-US: findutils-locate on SUSE Linux -CVE-2007-4393 +CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 place ...) NOT-FOR-US: oracle -CVE-2007-4392 +CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service (prog ...) NOT-FOR-US: winamp -CVE-2007-4391 +CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...) NOT-FOR-US: kakadu -CVE-2007-4390 +CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, o ...) NOT-FOR-US: BlueCat -CVE-2007-4389 +CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...) NOT-FOR-US: 2wire -CVE-2007-4388 +CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17. ...) NOT-FOR-US: 2wire -CVE-2007-4387 +CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...) NOT-FOR-US: 2wire -CVE-2007-4386 +CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows rem ...) NOT-FOR-US: GetMyOwnArcade -CVE-2007-4385 +CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input valid ...) NOT-FOR-US: Stinger -CVE-2007-4384 +CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...) NOT-FOR-US: Stephane Pineau VOTE CVE-2007-4383 NOT-FOR-US: Trackeur -CVE-2007-4382 +CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote atta ...) NOT-FOR-US: CounterPath X-Lite -CVE-2007-4381 +CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun JD ...) - sun-java5 1.5.0-10-1 -CVE-2007-4380 +CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8. ...) NOT-FOR-US: Altiris Deployment Solution -CVE-2007-4379 +CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Babo Violent -CVE-2007-4378 +CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and e ...) NOT-FOR-US: Babo Violent -CVE-2007-4377 +CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k allow ...) NOT-FOR-US: SurgeMail -CVE-2007-4376 +CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...) NOT-FOR-US: Szymon Kosok Best Top List -CVE-2007-4375 +CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 Profes ...) NOT-FOR-US: Diskeeper -CVE-2007-4374 +CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat me ...) NOT-FOR-US: Babo Violent -CVE-2007-4373 +CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly imp ...) NOT-FOR-US: Babo Violent -CVE-2007-4372 +CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 20 ...) NOT-FOR-US: SurgeMail CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions] - libpam-usb 0.4.1-1 (medium) NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel CVE-2007-XXXX [lwat sometimes logs passwords in access.log] - lwat 0.15-2 (low) -CVE-2007-4371 +CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...) NOT-FOR-US: Neuron Blog -CVE-2007-4370 +CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer 0. ...) NOT-FOR-US: Racer -CVE-2007-4369 +CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4. ...) NOT-FOR-US: SOTEeSKLEP -CVE-2007-4368 +CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) W ...) NOT-FOR-US: IBM Rational ClearQuest (CQ) -CVE-2007-4367 +CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code vi ...) NOT-FOR-US: Opera -CVE-2007-4366 +CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service (d ...) - wengophone 2.1.1.dfsg0-3 (bug #438419) -CVE-2007-4365 +CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...) NOT-FOR-US: eXV2 CMS -CVE-2007-4364 +CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain authentic ...) NOT-FOR-US: Fedora Commons -CVE-2007-4363 +CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the nodereferen ...) NOT-FOR-US: Drupal Content Construction Kit (CCK) -CVE-2007-4362 +CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...) NOT-FOR-US: Prozilla Webring -CVE-2007-4361 +CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...) NOT-FOR-US: ReadyNAS RAIDiator -CVE-2007-4360 +CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with fi ...) NOT-FOR-US: Dell -CVE-2007-4359 +CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems J ...) NOT-FOR-US: JobLister3 -CVE-2007-4358 +CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Zoidcom -CVE-2007-4357 +CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof t ...) - mozilla-firefox <removed> (unimportant) - mozilla <removed> (unimportant) - iceweasel <removed> (unimportant) - iceape <removed> (unimportant) -CVE-2007-4356 +CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML fil ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-4355 +CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...) NOT-FOR-US: AIX -CVE-2007-4354 +CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...) NOT-FOR-US: AIX -CVE-2007-4353 +CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...) NOT-FOR-US: AIX -CVE-2007-4352 +CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...) {DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1} - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) @@ -5773,120 +5773,120 @@ CVE-2007-4352 - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - swftools 0.9.2+ds1-2 -CVE-2007-4351 +CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...) {DSA-1407-1 DTSA-81-1} - cupsys 1.3.4-1 (medium; bug #448866) - cups 1.3.4-1 (medium; bug #448866) [sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise) -CVE-2007-4350 +CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface i ...) NOT-FOR-US: HP SiteScope -CVE-2007-4349 +CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...) NOT-FOR-US: HP OpenView Report -CVE-2007-4348 +CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tiv ...) NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2007-4347 +CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...) NOT-FOR-US: Job Engine -CVE-2007-4346 +CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for Windo ...) NOT-FOR-US: Job Engine -CVE-2007-4345 +CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail S ...) NOT-FOR-US: IMail Client -CVE-2007-4344 +CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...) NOT-FOR-US: ACDSee -CVE-2007-4343 +CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-ass ...) NOT-FOR-US: IrfanView -CVE-2007-4342 +CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral L ...) NOT-FOR-US: PHPCentral -CVE-2007-4341 +CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in Om ...) NOT-FOR-US: Omnistar Lib2 PHP -CVE-2007-4340 +CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 a ...) NOT-FOR-US: phpDVD -CVE-2007-4339 +CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...) NOT-FOR-US: PHPCentral Poll Script -CVE-2007-4338 +CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 al ...) NOT-FOR-US: Family Connections -CVE-2007-4337 +CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in l ...) {DSA-1683-1} - streamripper 1.62.2-1 (low) -CVE-2007-4336 +CVE-2007-4336 (Buffer overflow in the Live Picture Corporation DXSurface.LivePicture. ...) NOT-FOR-US: Microsoft -CVE-2007-4335 +CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik WinGa ...) NOT-FOR-US: Qbik WinGate -CVE-2007-4334 +CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1 ...) NOT-FOR-US: Php-stats -CVE-2007-4333 +CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in A ...) NOT-FOR-US: Article Dashboard -CVE-2007-4332 +CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when ...) NOT-FOR-US: Article Dashboard -CVE-2007-4331 +CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...) NOT-FOR-US: FindNix -CVE-2007-4330 +CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1. ...) NOT-FOR-US: Shoutbox -CVE-2007-4329 +CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 all ...) NOT-FOR-US: Web News -CVE-2007-4328 +CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Gal ...) NOT-FOR-US: Bilder Galerie -CVE-2007-4327 +CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader 1. ...) NOT-FOR-US: File Uploader -CVE-2007-4326 +CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader ...) NOT-FOR-US: Bilder Uploader -CVE-2007-4325 +CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...) NOT-FOR-US: Gaestebuch -CVE-2007-4324 +CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other version ...) - flashplugin-nonfree 9.0.115.0.1 [etch] - flashplugin-nonfree 9.0.115.0.1~etch1 [sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported) -CVE-2007-4323 +CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows rem ...) - denyhosts 2.6-2.1 (bug #438162; medium) [etch] - denyhosts 2.6-1etch1 -CVE-2007-4322 +CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftp ...) NOT-FOR-US: BlockHosts -CVE-2007-4321 +CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...) {DSA-1456-1} - fail2ban 0.8.0-4 (bug #438187; medium) -CVE-2007-4320 +CVE-2007-4320 (PHP remote file inclusion vulnerability in admin/addons/archive/archiv ...) NOT-FOR-US: Ncaster -CVE-2007-4319 +CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...) NOT-FOR-US: Zyxel -CVE-2007-4318 +CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the man ...) NOT-FOR-US: Zyxel -CVE-2007-4317 +CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...) NOT-FOR-US: Zyxel -CVE-2007-4316 +CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...) NOT-FOR-US: Zyxel -CVE-2007-4315 +CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows loca ...) NOT-FOR-US: ATI -CVE-2007-4314 +CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the readin ...) NOT-FOR-US: Pixlie -CVE-2007-4313 +CVE-2007-4313 (PHP remote file inclusion vulnerability in public_includes/pub_blocks/ ...) NOT-FOR-US: Php Blue Dragon CMS -CVE-2007-4312 +CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...) NOT-FOR-US: Php Blue Dragon CMS -CVE-2007-4311 +CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...) {DSA-1503-2 DSA-1503-1} - linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it) -CVE-2007-4310 +CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remot ...) NOT-FOR-US: Solaris -CVE-2007-4309 +CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenti ...) NOT-FOR-US: IBM Lotus Notes -CVE-2007-4308 +CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI la ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1} - linux-2.6 2.6.22-4 (medium; bug #443694) -CVE-2007-4307 +CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 a ...) NOT-FOR-US: Storesprite -CVE-2007-4306 +CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...) - phpmyadmin <unfixed> (unimportant) [sarge] - phpmyadmin <not-affected> NOTE: It seems that this requires knowledge of a unguessable session token. NOTE: Confirmed by upstream. Sarge is not affected at all. -CVE-2007-4305 +CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...) NOT-FOR-US: NetBSD and OpenBSD -CVE-2007-4304 +CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...) NOT-FOR-US: CerbNG for FreeBSD -CVE-2007-4303 +CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...) NOT-FOR-US: CerbNG for FreeBSD -CVE-2007-4302 +CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic So ...) NOT-FOR-US: Generic Software Wrappers Toolkit -CVE-2007-4301 +CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: WebCart CVE-2007-4300 RESERVED @@ -5894,397 +5894,397 @@ CVE-2007-4299 RESERVED CVE-2007-4298 RESERVED -CVE-2007-4297 +CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...) NOT-FOR-US: Modulu -CVE-2007-4296 +CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (A ...) NOT-FOR-US: Anti-Spam SMTP Proxy Server -CVE-2007-4295 +CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...) NOT-FOR-US: Cisco -CVE-2007-4294 +CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...) NOT-FOR-US: Cisco -CVE-2007-4293 +CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco -CVE-2007-4292 +CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote atta ...) NOT-FOR-US: Cisco -CVE-2007-4291 +CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco CVE-2007-4290 NOT-FOR-US: Guestbook Script -CVE-2007-4289 +CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT style ...) NOT-FOR-US: Sun Java System Portal Server -CVE-2007-4288 +CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted ...) NOT-FOR-US: Microsoft -CVE-2007-4287 +CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...) NOT-FOR-US: FishCart -CVE-2007-4286 +CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionali ...) NOT-FOR-US: Cisco -CVE-2007-4285 +CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12. ...) NOT-FOR-US: Cisco -CVE-2007-4284 +CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified M ...) NOT-FOR-US: Cisco -CVE-2007-4283 +CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Co ...) NOT-FOR-US: Coppermine Photo Gallery (CPG) -CVE-2007-4282 +CVE-2007-4282 (The "Extended properties for entries" (entryproperties) plugin in sere ...) - serendipity 1.1.4-1 [etch] - serendipity <not-affected> (introduced in 1.1.x) -CVE-2007-4281 +CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...) - knowledgetree <removed> -CVE-2007-4279 +CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in FrontAccounti ...) NOT-FOR-US: FrontAccounting -CVE-2007-4278 +CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE servi ...) NOT-FOR-US: ESRI ArcSDE -CVE-2007-4277 +CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Tr ...) NOT-FOR-US: Trend Micro AntiVirus -CVE-2007-4276 +CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) NOT-FOR-US: IBM DB2 -CVE-2007-4275 +CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...) NOT-FOR-US: IBM DB2 CVE-2007-4274 REJECTED -CVE-2007-4273 +CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local us ...) NOT-FOR-US: IBM DB2 -CVE-2007-4272 +CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...) NOT-FOR-US: IBM DB2 -CVE-2007-4271 +CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 an ...) NOT-FOR-US: IBM DB2 -CVE-2007-4270 +CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...) NOT-FOR-US: IBM DB2 -CVE-2007-4269 +CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 th ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4268 +CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-4267 +CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4266 RESERVED -CVE-2007-4265 +CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3 ...) NOT-FOR-US: VisionProject -CVE-2007-4264 +CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...) NOT-FOR-US: snif -CVE-2007-4280 +CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...) - asterisk 1:1.4.10~dfsg-1 NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-019.htm [sarge] - asterisk <not-affected> (not affected according to advisory) [etch] - asterisk <not-affected> (not affected according to advisory) -CVE-2007-4263 +CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP) ...) NOT-FOR-US: Cisco -CVE-2007-4262 +CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earli ...) NOT-FOR-US: EZPhotoSales -CVE-2007-4261 +CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the ...) NOT-FOR-US: EZPhotoSales -CVE-2007-4260 +CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default "admin" account for galle ...) NOT-FOR-US: EZPhotoSales -CVE-2007-4259 +CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download arb ...) NOT-FOR-US: EZPhotoSales -CVE-2007-4258 +CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site Dire ...) NOT-FOR-US: Prozilla -CVE-2007-4257 +CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user ...) NOT-FOR-US: Live for Speed -CVE-2007-4256 +CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...) NOT-FOR-US: YNP Portal System -CVE-2007-4255 +CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-depe ...) - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: Only exploitable by malicious script -CVE-2007-4254 +CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...) NOT-FOR-US: Microsoft -CVE-2007-4253 +CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in Envol ...) NOT-FOR-US: Envolution -CVE-2007-4252 +CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: CHILKAT ASP String -CVE-2007-4251 +CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...) - openoffice.org <unfixed> (unimportant) NOTE: Only a crasher with malformed documents -CVE-2007-4250 +CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.3 ...) NOT-FOR-US: Advanced Searchbar -CVE-2007-4249 +CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...) NOT-FOR-US: ExportNation toolbar -CVE-2007-4248 +CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolb ...) NOT-FOR-US: Toolbar Gaming toolbar -CVE-2007-4247 +CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...) NOT-FOR-US: Microsoft -CVE-2007-4246 +CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem I ...) NOT-FOR-US: Justsystem Ichitaro -CVE-2007-4245 +CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTE ...) NOT-FOR-US: DiMeMa CONTENTdm -CVE-2007-4244 +CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! Reactions ...) NOT-FOR-US: Joomla! -CVE-2007-4243 +CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Ga ...) NOT-FOR-US: Astaro Security Gateway -CVE-2007-4242 +CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform vir ...) NOT-FOR-US: Astaro Security Gateway -CVE-2007-4241 +CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisc ...) NOT-FOR-US: Hewlett-Packard -CVE-2007-4240 +CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl) ...) NOT-FOR-US: Help Center Live -CVE-2007-4239 +CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp i ...) NOT-FOR-US: C-SAM oneWallet -CVE-2007-4238 +CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, ...) NOT-FOR-US: AIX -CVE-2007-4237 +CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...) NOT-FOR-US: AIX -CVE-2007-4236 +CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows l ...) NOT-FOR-US: AIX -CVE-2007-4235 +CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow re ...) NOT-FOR-US: VietPHP -CVE-2007-4234 +CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote atta ...) NOT-FOR-US: Camera Life -CVE-2007-4233 +CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow a ...) NOT-FOR-US: Camera Life -CVE-2007-4232 +CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...) NOT-FOR-US: PHPNews -CVE-2007-4231 +CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...) NOT-FOR-US: PhpHostBot CVE-2007-4230 NOT-FOR-US: BellaBiblio -CVE-2007-4229 +CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows re ...) - kdebase <unfixed> (unimportant) NOTE: Browser DoS not treated as vulnerabilities -CVE-2007-4228 +CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ( ...) NOT-FOR-US: AIX -CVE-2007-4227 +CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft -CVE-2007-4226 +CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...) NOT-FOR-US: BlueCat Networks Proteus IPAM appliance -CVE-2007-4225 +CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote a ...) - kdebase 4:3.5.7-3 (bug #433072; low) [sarge] - kdebase <no-dsa> (Minor issue) [etch] - kdebase <no-dsa> (Minor issue) -CVE-2007-4224 +CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address b ...) - kdebase 4:3.5.7-3 (bug #433072; low) [sarge] - kdebase <no-dsa> (Minor issue) [etch] - kdebase <no-dsa> (Minor issue) -CVE-2007-4223 +CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an u ...) NOT-FOR-US: Microsoft Sysinternals DebugView -CVE-2007-4222 +CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in ...) NOT-FOR-US: IBM Lotus Notes -CVE-2007-4221 +CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Wi ...) NOT-FOR-US: Motorola Timbuktu -CVE-2007-4220 +CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6. ...) NOT-FOR-US: Motorola Timbuktu -CVE-2007-4219 +CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as u ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-4218 +CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) i ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-4217 +CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...) NOT-FOR-US: IBM AIX -CVE-2007-4216 +CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.3 ...) NOT-FOR-US: ZoneAlarm CVE-2007-4215 RESERVED CVE-2007-4214 RESERVED -CVE-2007-4213 +CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote at ...) NOT-FOR-US: Palm OS -CVE-2007-4212 +CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search Modu ...) NOT-FOR-US: PHP-Nuke -CVE-2007-4211 +CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated use ...) - dovecot 1:1.0.3-2 (low) [etch] - dovecot <no-dsa> (minor issue) [sarge] - dovecot <no-dsa> (minor issue) -CVE-2007-4210 +CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...) NOT-FOR-US: LANAI CMS -CVE-2007-4209 +CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows ...) NOT-FOR-US: Aceboard forum -CVE-2007-4208 +CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio Manag ...) NOT-FOR-US: Next Gen Portfolio Manager -CVE-2007-4207 +CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...) NOT-FOR-US: Gallery In A Box -CVE-2007-4206 +CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets inc ...) NOT-FOR-US: Kaspersky Anti-Spam -CVE-2007-4205 +CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2 ...) NOT-FOR-US: BlueCat Networks Adonis -CVE-2007-4204 +CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collabo ...) NOT-FOR-US: Hitachi Groupmax Collaboration -CVE-2007-4203 +CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attack ...) NOT-FOR-US: Mambo -CVE-2007-4202 +CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...) NOT-FOR-US: Guidance Software EnCase -CVE-2007-4201 +CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...) NOT-FOR-US: Guidance Software EnCase -CVE-2007-4200 +CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 int ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. -CVE-2007-4199 +CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted re ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. -CVE-2007-4198 +CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sle ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. -CVE-2007-4197 +CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL poin ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. -CVE-2007-4196 +CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. -CVE-2007-4195 +CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth K ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. -CVE-2007-4194 +CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to ...) NOT-FOR-US: Guidance Software EnCase -CVE-2007-4193 +CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...) NOT-FOR-US: DVD Rental System -CVE-2007-4192 +CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD R ...) NOT-FOR-US: DVD Rental System -CVE-2007-4191 +CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's in ...) NOT-FOR-US: Panda Antivirus -CVE-2007-4190 +CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) al ...) NOT-FOR-US: Joomla! -CVE-2007-4189 +CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! -CVE-2007-4188 +CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...) NOT-FOR-US: Joomla! -CVE-2007-4187 +CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...) NOT-FOR-US: Joomla! -CVE-2007-4186 +CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...) NOT-FOR-US: Joomla! addon -CVE-2007-4185 +CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Joomla! -CVE-2007-4184 +CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...) NOT-FOR-US: Joomla! -CVE-2007-4183 +CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earli ...) NOT-FOR-US: paBugs -CVE-2007-4182 +CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1 ...) NOT-FOR-US: WikiWebWeaver CVE-2007-4181 NOT-FOR-US: Pluck CVE-2007-4180 NOT-FOR-US: Pluck -CVE-2007-4179 +CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HPUX -CVE-2007-4178 +CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2 ...) NOT-FOR-US: Webdirector -CVE-2007-4177 +CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...) NOT-FOR-US: Interact -CVE-2007-4176 +CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...) NOT-FOR-US: EQDKP Plus -CVE-2007-4175 +CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...) NOT-FOR-US: Openrat CMS -CVE-2007-4174 +CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly re ...) - tor 0.1.2.16-1 (medium) -CVE-2007-4173 +CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...) NOT-FOR-US: Hunkaray Okul Portali -CVE-2007-4172 +CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (O ...) NOT-FOR-US: Openwebmail -CVE-2007-4171 +CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for au ...) NOT-FOR-US: Aura CMS -CVE-2007-4170 +CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 al ...) NOT-FOR-US: AL-Athkar CVE-2007-4169 NOT-FOR-US: vgallite -CVE-2007-4167 +CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in AL-Carica ...) NOT-FOR-US: AL-Caricatier -CVE-2007-4166 +CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed t ...) NOT-FOR-US: Xu Yiyang -CVE-2007-4165 +CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue Memo ...) - wordpress <not-affected> (Wordpress doesn't ship this theme) -CVE-2007-4164 +CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java Syste ...) NOT-FOR-US: IndexScript -CVE-2007-4163 +CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 befo ...) NOT-FOR-US: IndexScript -CVE-2007-4162 +CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integr ...) NOT-FOR-US: TIBCO Rendezvous (RV) -CVE-2007-4161 +CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...) NOT-FOR-US: TIBCO Rendezvous (RV) -CVE-2007-4160 +CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...) NOT-FOR-US: TIBCO Rendezvous (RV) -CVE-2007-4159 +CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...) NOT-FOR-US: TIBCO Rendezvous (RV) -CVE-2007-4158 +CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5 ...) NOT-FOR-US: TIBCO Rendezvous (RV) -CVE-2007-4157 +CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with insuff ...) NOT-FOR-US: PHPBlogger -CVE-2007-4156 +CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote attack ...) NOT-FOR-US: wolioCMS -CVE-2007-4155 +CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - vmware-package 0.16 -CVE-2007-4154 +CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows r ...) {DSA-1564-1} - wordpress 2.2.2-1 -CVE-2007-4153 +CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...) {DSA-1564-1} - wordpress 2.2.2-1 (low) NOTE: see issue 4690 and 4691 in wordpress trac -CVE-2007-4152 +CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service -CVE-2007-4151 +CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service -CVE-2007-4150 +CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service -CVE-2007-4149 +CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service -CVE-2007-4148 +CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ( ...) NOT-FOR-US: Visionsoft Audit on Demand Service -CVE-2007-4147 +CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX befo ...) NOT-FOR-US: Interspire ArticleLive NX -CVE-2007-4146 +CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2 ...) NOT-FOR-US: WebEvent -CVE-2007-4145 +CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX con ...) NOT-FOR-US: BlueSkychat -CVE-2007-4144 +CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in sample-forms/simple-contac ...) NOT-FOR-US: MitriDAT eMail Form Processor Pro -CVE-2007-4143 +CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote authe ...) NOT-FOR-US: Billing Control Panel in phpCoupon -CVE-2007-4142 +CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...) NOT-FOR-US: IBM Lotus Sametime Server -CVE-2007-4141 +CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain se ...) NOT-FOR-US: OpenRat CMS -CVE-2007-4140 +CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows use ...) NOT-FOR-US: Live for Speed -CVE-2007-4139 +CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads edit ...) NOT-FOR-US: Temporary Uploads -CVE-2007-4138 +CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...) - samba 3.0.26-1 [etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25) [sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25) -CVE-2007-4137 +CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...) {DSA-1426-1} - qt-x11-free 3:3.3.7-8 (medium; bug #442780) - qt4-x11 <not-affected> (Not exploitable according to upstream) -CVE-2007-4136 +CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ca ...) NOT-FOR-US: Conga -CVE-2007-4135 +CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle re ...) - libnfsidmap 0.18-0 (low; bug #442935) NOTE: https://issues.rpath.com/browse/RPL-1731 -CVE-2007-4134 +CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 a ...) - star 1.5a67-1.1 (bug #440100; low) [etch] - star <no-dsa> (Minor issue) -CVE-2007-4133 +CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions i ...) {DSA-1504-1 DSA-1381-2} - linux-2.6 2.6.20-1 -CVE-2007-4132 +CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 al ...) NOT-FOR-US: Red Hat Satellite Server -CVE-2007-4131 +CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) {DSA-1438-1} - tar 1.18-2 (medium; bug #439335) -CVE-2007-4130 +CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RH ...) - linux-2.6 2.6.12-1 (low) NOTE: a fix is included in 2.6, see line 854 mempolicy.c NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git NOTE: which I can see and ships the fix -CVE-2007-4129 +CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a sy ...) - coolkey 1.1.0-3 -CVE-2007-4128 +CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...) NOT-FOR-US: com_gmaps for Joomla! CVE-2007-4127 NOT-FOR-US: Ralf Image Gallery -CVE-2007-4126 +CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...) NOT-FOR-US: Sun Solaris -CVE-2007-4125 +CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX -CVE-2007-4124 +CVE-2007-4124 (The session failover function in Cosminexus Component Container in Cos ...) NOT-FOR-US: Cosminexus -CVE-2007-4123 +CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax ...) NOT-FOR-US: Hitachi Groupmax -CVE-2007-4122 +CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) ...) NOT-FOR-US: Hitachi Hierarchical Viewer -CVE-2007-4121 +CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scr ...) NOT-FOR-US: E-Commerce Scripts Shopping Cart Script CVE-2007-4120 NOT-FOR-US: vBulletin -CVE-2007-4119 +CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Zi ...) NOT-FOR-US: Defteri -CVE-2007-4118 +CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php ...) NOT-FOR-US: phpVoter CVE-2007-4117 NOT-FOR-US: phpVoter @@ -6292,188 +6292,188 @@ CVE-2007-XXXX [teamspeak-server arbitrary file disclosure] - teamspeak-server 2.0.23.19-1 (bug #435707; medium) CVE-2007-XXXX [tor insufficient authentication on control port] - tor 0.1.2.16-1 -CVE-2007-4116 +CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum Por ...) NOT-FOR-US: Metyus Forum Portal -CVE-2007-4115 +CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...) NOT-FOR-US: IT!CMS (itcms) -CVE-2007-4114 +CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygula ...) NOT-FOR-US: SuskunDuygular Uyelik Sistemi -CVE-2007-4113 +CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) be ...) NOT-FOR-US: Advanced Webhost Billing System (AWBS) -CVE-2007-4112 +CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing Sys ...) NOT-FOR-US: Advanced Webhost Billing System (AWBS) -CVE-2007-4111 +CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...) NOT-FOR-US: Real Estate listing website -CVE-2007-4110 +CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / Threade ...) NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template -CVE-2007-4109 +CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...) NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template) -CVE-2007-4108 +CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...) NOT-FOR-US: WebEvents (Online Event Registration Template) -CVE-2007-4107 +CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...) NOT-FOR-US: phpMyForum -CVE-2007-4106 +CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Tim ...) NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface -CVE-2007-4105 +CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...) NOT-FOR-US: Baidu Soba Search Bar -CVE-2007-4104 +CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStat ...) NOT-FOR-US: WP-FeedStats plugin for WordPress -CVE-2007-4103 +CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2. ...) - asterisk 1:1.4.9~dfsg-1 [etch] - asterisk <not-affected> (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected) [sarge] - asterisk <not-affected> (1.0 not affected) -CVE-2007-4102 +CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...) NOT-FOR-US: sBlog -CVE-2007-4101 +CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 a ...) NOT-FOR-US: Madoa Poll -CVE-2007-4100 +CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_in ...) - mldonkey 2.9.0-1 (bug #435439) [etch] - mldonkey <no-dsa> (Minor issue) -CVE-2007-4099 +CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ne ...) - tor 0.1.2.15-1 -CVE-2007-4098 +CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from diff ...) - tor 0.1.2.15-1 -CVE-2007-4097 +CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for te ...) - tor 0.1.2.15-1 -CVE-2007-4096 +CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, a ...) - tor 0.1.2.15-1 -CVE-2007-4095 +CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...) NOT-FOR-US: BSM Store Dependent Forums -CVE-2007-4094 +CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ID ...) NOT-FOR-US: IDevSpot PhpHostBot -CVE-2007-4093 +CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web r ...) NOT-FOR-US: Minb Is Not a Blog (minb) -CVE-2007-4092 +CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and earl ...) NOT-FOR-US: iFoto -CVE-2007-4091 +CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...) {DSA-1360-1} - rsync 2.6.9-5 (bug #438125; medium) -CVE-2007-4090 +CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...) NOT-FOR-US: Vikingboard -CVE-2007-4089 +CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Vikingboard -CVE-2007-4088 +CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...) NOT-FOR-US: Vikingboard -CVE-2007-4087 +CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain se ...) NOT-FOR-US: AlstraSoft Video Share Enterprise -CVE-2007-4086 +CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enter ...) NOT-FOR-US: AlstraSoft Video Share Enterprise -CVE-2007-4085 +CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow r ...) NOT-FOR-US: AlstraSoft AskMe Pro -CVE-2007-4084 +CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) NOT-FOR-US: AlstraSoft Affiliate Network -CVE-2007-4083 +CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskM ...) NOT-FOR-US: AlstraSoft AskMe Pro -CVE-2007-4082 +CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php AlstraS ...) NOT-FOR-US: AlstraSoft Article Manager Pro -CVE-2007-4081 +CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...) NOT-FOR-US: AlstraSoft Affiliate Network Pro -CVE-2007-4080 +CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Fri ...) NOT-FOR-US: AlstraSoft -CVE-2007-4079 +CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...) NOT-FOR-US: AlstraSoft -CVE-2007-4078 +CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...) NOT-FOR-US: AlstraSoft -CVE-2007-4077 +CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Vide ...) NOT-FOR-US: AlstraSoft -CVE-2007-4076 +CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris Sites ...) NOT-FOR-US: Alisveris Sitesi Scripti -CVE-2007-4075 +CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sit ...) NOT-FOR-US: Alisveris Sitesi Scripti -CVE-2007-4074 +CVE-2007-4074 (The default configuration of Centre for Speech Technology Research (CS ...) - festival 1.96~beta-6 (bug #435445; low) [etch] - festival <no-dsa> (Minor issue) -CVE-2007-4073 +CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a fri ...) NOT-FOR-US: Webbler CMS -CVE-2007-4072 +CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within HT ...) NOT-FOR-US: Webbler CMS -CVE-2007-4071 +CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in uploader/index. ...) NOT-FOR-US: Webbler CMS -CVE-2007-4070 +CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun S ...) - lbxproxy <removed> -CVE-2007-4069 +CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ear ...) NOT-FOR-US: IndexScript -CVE-2007-4068 +CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote at ...) NOT-FOR-US: Webyapar -CVE-2007-4067 +CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav Ac ...) NOT-FOR-US: Clever Internet ActiveX Suite -CVE-2007-4066 +CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow con ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780 -CVE-2007-4065 +CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 a ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780 -CVE-2007-4064 +CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...) - drupal 4.7.7-1 (low) - drupal5 5.2-1 (low) [sarge] - drupal <not-affected> (Only Drupal 5.x is affected) -CVE-2007-4063 +CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...) - drupal5 5.2-1 (low) NOTE: DRUPAL-SA-2007-017 -CVE-2007-4062 +CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vuln ...) - nessus-core <not-affected> (Windows only) -CVE-2007-4061 +CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in Ness ...) - nessus-core <not-affected> (Windows only) -CVE-2007-4060 +CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...) NOT-FOR-US: corehttp -CVE-2007-4059 +CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - vmware-package 0.16 -CVE-2007-4058 +CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - vmware-package 0.16 -CVE-2007-4057 +CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...) NOT-FOR-US: Neocrome Seditio -CVE-2007-4056 +CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult Directo ...) NOT-FOR-US: Adult Directory -CVE-2007-4055 +CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allo ...) NOT-FOR-US: SimpleBlog -CVE-2007-4054 +CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...) NOT-FOR-US: PHP123 Top Sites -CVE-2007-4053 +CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA 1. ...) NOT-FOR-US: LinPHA -CVE-2007-4052 +CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in nuk ...) NOT-FOR-US: nukedit -CVE-2007-4051 +CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag 1. ...) NOT-FOR-US: UltraDefrag -CVE-2007-4050 +CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...) NOT-FOR-US: ADempiere Bazaar CVE-2007-4049 REJECTED -CVE-2007-4048 +CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2. ...) {DTSA-58-1} - phpsysinfo 2.5.1-6.1 (unimportant; bug #435935) - phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685) [etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware) - egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937) NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue -CVE-2007-4047 +CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) del ...) NOT-FOR-US: geoBlog -CVE-2007-4046 +CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery (com_pony ...) NOT-FOR-US: Pony Gallery -CVE-2007-4045 +CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other Linu ...) - cupsys 1.2 - cups 1.2 NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable CVE-2007-4044 REJECTED -CVE-2007-4043 +CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...) NOT-FOR-US: Secure Computing SecurityReporter -CVE-2007-4042 +CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 al ...) NOT-FOR-US: Netscape Navigator -CVE-2007-4041 +CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) {DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1} - iceweasel 2.0.0.6-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5-1 -CVE-2007-4040 +CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and Outlo ...) NOT-FOR-US: Micrsoft Outlook -CVE-2007-4039 +CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...) - icedove <not-affected> (Windows-specific) -CVE-2007-4038 +CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, wh ...) {DSA-1338-1} - iceweasel 2.0.0.5-1 CVE-2007-4037 @@ -6482,92 +6482,92 @@ CVE-2007-4036 NOT-FOR-US: Guidance Software CVE-2007-4035 NOT-FOR-US: Guidance Software -CVE-2007-4034 +CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Ins ...) NOT-FOR-US: Yahoo! Widgets -CVE-2007-4033 +CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/ ...) {DSA-1390-1} - t1lib 5.1.0-3 (bug #439927) NOTE: originally posted as a php vuln, actually in libt1 NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions) -CVE-2007-4032 +CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...) NOT-FOR-US: CrystalPlayer -CVE-2007-4031 +CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in Ness ...) NOT-FOR-US: Nessus ActiveX control CVE-2007-4030 RESERVED -CVE-2007-4029 +CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows cont ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 (medium; bug #437916) NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780 -CVE-2007-4028 +CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...) NOT-FOR-US: WebSPELL -CVE-2007-4027 +CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...) NOT-FOR-US: Areca -CVE-2007-4026 +CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...) NOT-FOR-US: epesi -CVE-2007-4025 +CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server ...) NOT-FOR-US: Sun Java System Application Server -CVE-2007-4024 +CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W ...) NOT-FOR-US: W1L3D4 -CVE-2007-4023 +CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in A ...) NOT-FOR-US: Aruba Mobility Controller -CVE-2007-4022 +CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/change ...) NOT-FOR-US: cPanel -CVE-2007-4021 +CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Br ...) NOT-FOR-US: Brain Book Software Secure -CVE-2007-4020 +CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Ad ...) NOT-FOR-US: AdMan CVE-2007-4019 REJECTED CVE-2007-5645 REJECTED -CVE-2007-4018 +CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows at ...) NOT-FOR-US: Citrix -CVE-2007-4017 +CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based admin ...) NOT-FOR-US: Citrix -CVE-2007-4016 +CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access Ga ...) NOT-FOR-US: Citrix CVE-2007-4015 REJECTED -CVE-2007-4014 +CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php instal ...) NOT-FOR-US: Blix themes for WordPress -CVE-2007-4013 +CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6La ...) NOT-FOR-US: Citrix -CVE-2007-4012 +CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...) NOT-FOR-US: Cisco -CVE-2007-4011 +CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...) NOT-FOR-US: Cisco -CVE-2007-4010 +CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and disa ...) - php5 <not-affected> (Windows-specific issue) -CVE-2007-4009 +CVE-2007-4009 (PHP remote file inclusion vulnerability in admin/business_inc/saveserv ...) NOT-FOR-US: SWSoft Confixx -CVE-2007-4008 +CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...) NOT-FOR-US: Entertainment CMS -CVE-2007-4007 +CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article Direct ...) NOT-FOR-US: Article Directory -CVE-2007-4006 +CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unkno ...) NOT-FOR-US: Mike Dubman Windows RSH daemon -CVE-2007-4005 +CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1 ...) NOT-FOR-US: Mike Dubman Windows RSH daemon -CVE-2007-4004 +CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...) NOT-FOR-US: IBM AIX -CVE-2007-4003 +CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...) NOT-FOR-US: IBM AIX CVE-2007-4002 RESERVED CVE-2007-4001 RESERVED -CVE-2007-4000 +CVE-2007-4000 (The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy. ...) - krb5 1.6.dfsg.1-7 (high) [etch] - krb5 <not-affected> (Vulnerable code not present) [sarge] - krb5 <not-affected> (Vulnerable code not present) -CVE-2007-3999 +CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in li ...) {DSA-1368-1 DSA-1367-1} - librpcsecgss 0.14-3 - krb5 1.6.dfsg.1-7 (high) [sarge] - krb5 <not-affected> (Vulnerable code not present) -CVE-2007-3998 +CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, d ...) {DSA-1578-1 DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 (low) - php4 <removed> (low) @@ -6577,11 +6577,11 @@ CVE-2007-3998 NOTE: so maybe this is already fixed in 5.2.3, not sure NOTE: fixed in php5/etch svn NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64 -CVE-2007-3997 +CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...) - php5 5.2.4-1 (unimportant) - php4 <removed> (unimportant) NOTE: only exploitable by malicious script -CVE-2007-3996 +CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (bug #443456; medium) - libwmf <unfixed> (unimportant) @@ -6593,178 +6593,178 @@ CVE-2007-3995 RESERVED CVE-2007-3994 RESERVED -CVE-2007-3993 +CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...) NOT-FOR-US: Kerio MailServer -CVE-2007-3992 +CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...) NOT-FOR-US: iExpress Property Pro -CVE-2007-3991 +CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp c ...) NOT-FOR-US: Asp cvmatik -CVE-2007-3990 +CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...) NOT-FOR-US: Dora Emlak -CVE-2007-3989 +CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: Dora Emlak -CVE-2007-3988 +CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System (VHCS ...) NOT-FOR-US: Virtual Hosting Control System -CVE-2007-3987 +CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, wh ...) NOT-FOR-US: ImageRacer -CVE-2007-3986 +CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...) NOT-FOR-US: Secure Computing SecurityReporter -CVE-2007-3985 +CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing Secu ...) NOT-FOR-US: Secure Computing SecurityReporter -CVE-2007-3984 +CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms cl ...) NOT-FOR-US: Zenturi ProgramChecker -CVE-2007-3983 +CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics DDActiveRep ...) NOT-FOR-US: ActiveReports -CVE-2007-3982 +CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ActiveRepor ...) NOT-FOR-US: ActiveReports -CVE-2007-3981 +CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition al ...) NOT-FOR-US: WSN Links -CVE-2007-3980 +CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameS ...) NOT-FOR-US: RCMS Pro RGameScript Pro -CVE-2007-3979 +CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...) NOT-FOR-US: BlogSite Professional -CVE-2007-3978 +CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to hi ...) NOT-FOR-US: bwired -CVE-2007-3977 +CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote attac ...) NOT-FOR-US: bwired -CVE-2007-3976 +CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote attac ...) NOT-FOR-US: bwired -CVE-2007-3975 +CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1 ...) NOT-FOR-US: Elite Forum -CVE-2007-3974 +CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...) NOT-FOR-US: JBlog -CVE-2007-3973 +CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...) NOT-FOR-US: JBlog -CVE-2007-3972 +CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...) NOT-FOR-US: ESET NOD32 Antivirus -CVE-2007-3971 +CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote a ...) NOT-FOR-US: ESET NOD32 Antivirus -CVE-2007-3970 +CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote att ...) NOT-FOR-US: ESET NOD32 Antivirus -CVE-2007-3969 +CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote attac ...) NOT-FOR-US: Panda Antivirus -CVE-2007-3968 +CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...) NOT-FOR-US: dirLIST -CVE-2007-3967 +CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...) NOT-FOR-US: dirLIST -CVE-2007-3966 +CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ex ...) NOT-FOR-US: Munch Pro -CVE-2007-3965 +CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...) NOT-FOR-US: uFMOD -CVE-2007-3964 +CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote atta ...) NOT-FOR-US: Itaka -CVE-2007-3963 +CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, an ...) NOT-FOR-US: UseBB -CVE-2007-3962 +CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...) NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package -CVE-2007-3961 +CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib b ...) NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package -CVE-2007-3960 +CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM WebSphere -CVE-2007-3959 +CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...) NOT-FOR-US: Ipswitch Collaboration Suite (ICS) -CVE-2007-3958 +CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft -CVE-2007-3957 +CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attacker ...) NOT-FOR-US: Nipun Jain xserver -CVE-2007-3956 +CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...) - teamspeak-server 2.0.23.19-1 (bug #435707) -CVE-2007-3955 +CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in Li ...) NOT-FOR-US: LinkedIn Toolbar -CVE-2007-3954 +CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) NOT-FOR-US: Microsoft -CVE-2007-3953 +CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...) NOT-FOR-US: Norman Antivirus -CVE-2007-3952 +CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...) NOT-FOR-US: Norman Antivirus -CVE-2007-3951 +CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote attack ...) NOT-FOR-US: Norman Antivirus -CVE-2007-3950 +CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #434888) -CVE-2007-3949 +CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #434888) -CVE-2007-3948 +CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...) - lighttpd 1.4.16-1 (low; bug #434888) -CVE-2007-3947 +CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #428368) [etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself) -CVE-2007-3946 +CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attacke ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #434888) -CVE-2007-3945 +CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly u ...) NOT-FOR-US: Rule Set Based Access Control (RSBAC) -CVE-2007-3944 +CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular Ex ...) NOT-FOR-US: MobileSafari -CVE-2007-3943 +CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows r ...) NOT-FOR-US: Infinite Responder CVE-2007-3942 NOT-FOR-US: Simple Machines Forum -CVE-2007-3941 +CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...) NOT-FOR-US: Jasmine CMS -CVE-2007-3940 +CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...) NOT-FOR-US: QuickerSite -CVE-2007-3939 +CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Ma ...) NOT-FOR-US: Vivvo Article Management CMS -CVE-2007-3938 +CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...) NOT-FOR-US: MAXdev MDPro (MD-Pro) -CVE-2007-3937 +CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allo ...) NOT-FOR-US: A-shop -CVE-2007-3936 +CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0 ...) NOT-FOR-US: A-shopA-shop -CVE-2007-3935 +CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the SupaNa ...) NOT-FOR-US: SupaNav -CVE-2007-3934 +CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php i ...) NOT-FOR-US: BBS E-Market -CVE-2007-3933 +CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and ...) NOT-FOR-US: QuickEStore -CVE-2007-3932 +CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component fo ...) NOT-FOR-US: Expose RC35 for Joomla -CVE-2007-3931 +CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation s ...) NOT-FOR-US: Samsung SCX-4200 Driver installation script -CVE-2007-3930 +CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and DocuWi ...) NOT-FOR-US: Microsoft -CVE-2007-3929 +CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...) NOT-FOR-US: Opera -CVE-2007-3928 +CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-3927 +CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...) NOT-FOR-US: Ipswitch IMail Server -CVE-2007-3926 +CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to c ...) NOT-FOR-US: Ipswitch IMail Server -CVE-2007-3925 +CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitc ...) NOT-FOR-US: Ipswitch IMail Server -CVE-2007-3924 +CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) NOT-FOR-US: Microsoft -CVE-2007-3923 +CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...) NOT-FOR-US: Cisco -CVE-2007-3922 +CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...) - sun-java5 1.5.0-12-2 [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-02-1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-3921 +CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files v ...) {DSA-1402-1} - gforge 4.6.99+svn6169-1 -CVE-2007-3920 +CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...) {DTSA-75-1} [etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version) [etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version) - gnome-screensaver 2.20.0-1.1 - xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium) -CVE-2007-3919 +CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local user ...) {DSA-1395-1} - xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044) - xen-3 3.1.2-1 (low) -CVE-2007-3918 +CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in GFor ...) {DSA-1383-1} - gforge 4.6.99+svn6094-1 -CVE-2007-3917 +CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before ...) {DSA-1386-1} - wesnoth 1.2.7-1 -CVE-2007-3916 +CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...) - skktools 1.2+0.20061004-3 (low) [sarge] - skktools <no-dsa> (Minor issue) [etch] - skktools <no-dsa> (Minor issue) @@ -6773,76 +6773,76 @@ CVE-2007-3915 [mondo insecure handling of temporary files] - mondo 2.24-2 (low) CVE-2007-3914 RESERVED -CVE-2007-3913 +CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote attacke ...) {DSA-1369-1 DTSA-57-1} - gforge 4.6.99+svn6086-1 -CVE-2007-3912 +CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain ...) {DSA-1527-1} - debian-goodies 0.34 (bug #440411; medium) -CVE-2007-3911 +CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka sche ...) NOT-FOR-US: BakBone NetVault Reporter -CVE-2007-3910 +CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows re ...) - bandersnatch <removed> (low; bug #435709) -CVE-2007-3909 +CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remot ...) - bandersnatch <removed> (low; bug #435709) -CVE-2007-3908 +CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Ent ...) NOT-FOR-US: HP ServiceGuard -CVE-2007-3907 +CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...) NOT-FOR-US: LedgerSMB -CVE-2007-3906 +CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point Fire ...) NOT-FOR-US: Kaspersky Anti-Virus -CVE-2007-3905 +CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...) {DSA-1389-2 DSA-1389-1} - zoph 0.7.0.2-1 (bug #435711) CVE-2007-3904 REJECTED -CVE-2007-3903 +CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3902 +CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in mshtml ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3901 +CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3900 REJECTED -CVE-2007-3899 +CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, a ...) NOT-FOR-US: Microsoft Word -CVE-2007-3898 +CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 S ...) NOT-FOR-US: Microsoft Windows -CVE-2007-3897 +CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...) NOT-FOR-US: Outlook Express -CVE-2007-3896 +CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft Wind ...) NOT-FOR-US: Windows -CVE-2007-3895 +CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 throu ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3894 REJECTED -CVE-2007-3893 +CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) NOT-FOR-US: Internet Explorer -CVE-2007-3892 +CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Internet Explorer -CVE-2007-3891 +CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows ...) NOT-FOR-US: Windows Vista -CVE-2007-3890 +CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, an ...) NOT-FOR-US: Microsoft -CVE-2007-3889 +CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...) NOT-FOR-US: Insanely Simple Blog -CVE-2007-3888 +CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...) NOT-FOR-US: Insanely Simple Blog -CVE-2007-3887 +CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...) NOT-FOR-US: ASP Ziyaretci Defteri -CVE-2007-3886 +CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...) NOT-FOR-US: Element CMS -CVE-2007-3885 +CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in hu ...) NOT-FOR-US: husrevforum -CVE-2007-3884 +CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0. ...) NOT-FOR-US: husrevforum -CVE-2007-3883 +CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earl ...) NOT-FOR-US: Data Dynamics ActiveBar ActiveX control -CVE-2007-3882 +CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows remo ...) NOT-FOR-US: Expert Advisor -CVE-2007-3881 +CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture R ...) NOT-FOR-US: Pictures Rating -CVE-2007-3880 +CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) Ne ...) NOT-FOR-US: Net Connect CVE-2007-3879 RESERVED @@ -6850,187 +6850,187 @@ CVE-2007-3878 RESERVED CVE-2007-3877 RESERVED -CVE-2007-3876 +CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows lo ...) NOT-FOR-US: SMB (Apple Mac OS X) -CVE-2007-3875 +CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...) NOT-FOR-US: CA Anti-Virus -CVE-2007-3874 +CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE s ...) NOT-FOR-US: Symantec Altiris Deployment Solution -CVE-2007-3873 +CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI En ...) NOT-FOR-US: SSAPI Engine -CVE-2007-3872 +CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service (OVT ...) NOT-FOR-US: HP OpenView -CVE-2007-3871 +CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...) NOT-FOR-US: Stampit CVE-2007-XXXX [dokuwiki XSS in spellchecker] - dokuwiki 0.0.20070626b-1 (unimportant; bug #434134) NOTE: IE browser bug are not treated as security issues in packages applications -CVE-2007-3870 +CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management c ...) NOT-FOR-US: Oracle -CVE-2007-3869 +CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship Mana ...) NOT-FOR-US: Oracle -CVE-2007-3868 +CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSo ...) NOT-FOR-US: Oracle -CVE-2007-3867 +CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle -CVE-2007-3866 +CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle -CVE-2007-3865 +CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...) NOT-FOR-US: Oracle -CVE-2007-3864 +CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10. ...) NOT-FOR-US: Oracle -CVE-2007-3863 +CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...) NOT-FOR-US: Oracle -CVE-2007-3862 +CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10. ...) NOT-FOR-US: Oracle -CVE-2007-3861 +CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application S ...) NOT-FOR-US: Oracle -CVE-2007-3860 +CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly Orac ...) NOT-FOR-US: Oracle -CVE-2007-3859 +CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component f ...) NOT-FOR-US: Oracle -CVE-2007-3858 +CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...) NOT-FOR-US: Oracle -CVE-2007-3857 +CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...) NOT-FOR-US: Oracle -CVE-2007-3856 +CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for Orac ...) NOT-FOR-US: Oracle -CVE-2007-3855 +CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...) NOT-FOR-US: Oracle -CVE-2007-3854 +CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...) NOT-FOR-US: Oracle -CVE-2007-3853 +CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...) NOT-FOR-US: Oracle -CVE-2007-3852 +CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp ...) - sysstat <not-affected> (We have our own init script not prone to this vulnerability) -CVE-2007-3851 +CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...) {DSA-1356-1} - linux-2.6 2.6.22-4 -CVE-2007-3850 +CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on Pow ...) - linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES) -CVE-2007-3849 +CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intru ...) NOT-FOR-US: RedHat Advanced Intrusion Detection Environment -CVE-2007-3848 +CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send arbi ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1} - linux-2.6 2.6.22-4 -CVE-2007-3847 +CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Ap ...) - apache2 2.2.6-1 (bug #441845; low) [etch] - apache2 2.2.3-4+etch3 (bug #441845; low) - apache <removed> (unimportant) NOTE: Apache 1.3 is non-threaded, therefore unimportant -CVE-2007-3846 +CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...) NOT-FOR-US: TortoiseSVN on Windows -CVE-2007-3845 +CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x be ...) {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1} - iceweasel 2.0.0.6-1 (medium) - xulrunner 1.8.1.6-1 (medium) - iceape 1.1.3-2 (medium) - icedove 2.0.0.6-1 (medium) NOTE: MFSA2007-27 -CVE-2007-3844 +CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...) {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1} - iceweasel 2.0.0.6-1 (medium) - xulrunner 1.8.1.6-1 (medium) - iceape 1.1.3-2 (medium) - icedove 2.0.0.6-1 (medium) NOTE: MFSA2007-26 -CVE-2007-3843 +CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable fo ...) {DSA-1363-1} - linux-2.6 2.6.23-1 (bug #446073) -CVE-2007-3842 +CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise F ...) NOT-FOR-US: 8e6 R3000 Enterprise Filter -CVE-2007-3841 +CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux al ...) NOTE: this information is based upon a vague advisory by a vulnerability NOTE: information sales organization that does not coordinate with vendors or NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is NOTE: not disclosed it would be hard to fix and track it. -CVE-2007-3840 +CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...) NOT-FOR-US: Traffic Stats -CVE-2007-3839 +CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...) NOT-FOR-US: TBDev.NET -CVE-2007-3838 +CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...) NOT-FOR-US: TBDev.NET -CVE-2007-3837 +CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC serve ...) NOT-FOR-US: HydraIRC -CVE-2007-3836 +CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote attacker ...) NOT-FOR-US: HydraIRC -CVE-2007-3835 +CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...) NOT-FOR-US: Ex Libris MetaLib -CVE-2007-3834 +CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...) NOT-FOR-US: Ex Libris ALEPH -CVE-2007-3833 +CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios T ...) NOT-FOR-US: Trillian -CVE-2007-3832 +CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...) NOT-FOR-US: Trillian -CVE-2007-3831 +CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5 ...) NOT-FOR-US: ISS Proventia Network IPS -CVE-2007-3830 +CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...) NOT-FOR-US: ISS Proventia Network IPS -CVE-2007-3829 +CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player 2.60.1 ...) NOT-FOR-US: InterActual Player -CVE-2007-3828 +CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows re ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-3827 +CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka " ...) NOTE: Unreproducible for upstream NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097 -CVE-2007-3826 +CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attacker ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3825 +CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ale ...) NOT-FOR-US: CA Alert Notification Server -CVE-2007-3824 +CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows r ...) NOT-FOR-US: MzK Blog -CVE-2007-3823 +CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows rem ...) NOT-FOR-US: IPSwitch WS_FTP -CVE-2007-3822 +CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7 ...) NOT-FOR-US: Webcit -CVE-2007-3821 +CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...) NOT-FOR-US: Webcit -CVE-2007-3819 +CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in th ...) NOT-FOR-US: Opera -CVE-2007-3818 +CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5 ...) NOT-FOR-US: LoginToboggan -CVE-2007-3817 +CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4 ...) NOT-FOR-US: LoginToboggan CVE-2007-3816 NOT-FOR-US: JWIG -CVE-2007-3815 +CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike Sloveni ...) NOT-FOR-US: Poslovni informator Republike Slovenije -CVE-2007-3814 +CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...) NOT-FOR-US: MKPortal -CVE-2007-3813 +CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the NoB ...) NOT-FOR-US: NoBoard BETA module for MKPortal -CVE-2007-3812 +CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...) NOT-FOR-US: CMScout -CVE-2007-3811 +CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote attac ...) NOT-FOR-US: eSyndiCat -CVE-2007-3810 +CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...) NOT-FOR-US: Realtor 747 -CVE-2007-3809 +CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script al ...) NOT-FOR-US: Prozilla Directory Script -CVE-2007-3808 +CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 all ...) NOT-FOR-US: paFileDB -CVE-2007-3807 +CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...) NOT-FOR-US: SiteScape Forum -CVE-2007-3806 +CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to c ...) {DSA-1578-1 DSA-1572-1 DTSA-61-1} - php5 5.2.4-1 (medium; bug #441433) - php4 <removed> [etch] - php5 <no-dsa> (requires malicious script) [etch] - php4 <no-dsa> (requires malicious script) [sarge] - php4 <no-dsa> (requires malicious script) -CVE-2007-3805 +CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80. ...) NOT-FOR-US: Clavister CorePlus -CVE-2007-3804 +CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81 ...) NOT-FOR-US: Clavister CorePlus -CVE-2007-3803 +CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does n ...) NOT-FOR-US: Clavister CorePlus CVE-2007-3802 REJECTED CVE-2007-3801 REJECTED -CVE-2007-3800 +CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...) NOT-FOR-US: Symantec -CVE-2007-3799 +CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...) {DSA-1578-1 DSA-1444-1 DTSA-61-1} NOTE: this does not affect default installs, only those who have written NOTE: custom session handlers (which isn't *that* uncommon though), and @@ -7040,178 +7040,178 @@ CVE-2007-3799 NOTE: fixed in php4/etch, php5/etch, php4/sarge svn - php4 <removed> (low) - php5 5.2.4-1 (low; bug #441433) -CVE-2007-3798 +CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...) {DSA-1353-1} - tcpdump 3.9.5-3 (bug #434030) CVE-2007-3797 RESERVED -CVE-2007-3796 +CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for M ...) NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP -CVE-2007-3795 +CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...) NOT-FOR-US: Hitachi -CVE-2007-3794 +CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit fo ...) NOT-FOR-US: Hitachi -CVE-2007-3793 +CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/N ...) NOT-FOR-US: Job Management Partner -CVE-2007-3792 +CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...) NOT-FOR-US: AzDG Dating Gold -CVE-2007-3791 +CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha a ...) {DSA-1361-1} - postfix-policyd 1.80-2.2 (bug #435735) -CVE-2007-3790 +CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ...) - php5 <not-affected> (com_print_typeinfo is a windows only func) - php4 <not-affected> (com_print_typeinfo is a windows only func) -CVE-2007-3789 +CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...) NOT-FOR-US: Inmostore -CVE-2007-3788 +CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within th ...) NOT-FOR-US: eSoft InstaGate -CVE-2007-3787 +CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old p ...) NOT-FOR-US: eSoft InstaGate CVE-2007-3786 NOT-FOR-US: eSoft InstaGate -CVE-2007-3785 +CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: EldoS SecureBlackbox -CVE-2007-3784 +CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F ...) NOT-FOR-US: Belkin -CVE-2007-3783 +CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...) NOT-FOR-US: enVivo!CMS -CVE-2007-3782 +CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.42 [sarge] - mysql-dfsg <not-affected> (Vulnerable functionality was introduced in 5.0) [sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality was introduced in 5.0) -CVE-2007-3781 +CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...) {DSA-1451-1} - mysql-dfsg-5.0 5.0.45-1 [etch] - mysql-dfsg-5.0 <no-dsa> (Minor issue, too intrusive to backport) [sarge] - mysql-dfsg <no-dsa> (Minor issue, too intrusive to backport) [sarge] - mysql-dfsg-4.1 <no-dsa> (Minor issue, too intrusive to backport) -CVE-2007-3780 +CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.44 [sarge] - mysql-dfsg <not-affected> (Introduced with SSL support in 4.1) -CVE-2007-3779 +CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PG ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail -CVE-2007-3778 +CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelma ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail -CVE-2007-3777 +CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edit ...) NOT-FOR-US: Grisoft AVG Anti-Virus -CVE-2007-3776 +CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...) NOT-FOR-US: Cisco -CVE-2007-3775 +CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...) NOT-FOR-US: Cisco -CVE-2007-3774 +CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with i ...) NOT-FOR-US: Dvbbs -CVE-2007-3773 +CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...) NOT-FOR-US: Generic YouTube Clone Script -CVE-2007-3772 +CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 allow ...) NOT-FOR-US: PsNews -CVE-2007-3771 +CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect featur ...) NOT-FOR-US: Symantec Antivirus -CVE-2007-3770 +CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce Te ...) {DSA-1393-1} - xfce4-terminal 0.2.6-3 (bug #437454) -CVE-2007-3769 +CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server manage ...) NOT-FOR-US: SurgeFTP -CVE-2007-3768 +CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FT ...) NOT-FOR-US: SurgeFTP CVE-2007-3767 RESERVED CVE-2007-3766 RESERVED -CVE-2007-3765 +CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW be ...) - asterisk 1:1.4.8~dfsg-1 (bug #433681) [sarge] - asterisk <not-affected> (1.0.x not affected) [etch] - asterisk <not-affected> (1.2.x not affected) NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-017.htm -CVE-2007-3764 +CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...) {DSA-1358-1} - asterisk 1:1.4.8~dfsg-1 NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-016.htm -CVE-2007-3763 +CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4. ...) {DSA-1358-1} - asterisk 1:1.4.8~dfsg-1 NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-015.htm -CVE-2007-3762 +CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...) {DSA-1358-1} - asterisk 1:1.4.8~dfsg-1 (high) NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-014.htm -CVE-2007-3820 +CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...) - kdebase 4:3.5.7-3 (bug #433072; low) [sarge] - kdebase <no-dsa> (Minor issue) [etch] - kdebase <no-dsa> (Minor issue) NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2 -CVE-2007-3761 +CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...) NOT-FOR-US: Safari -CVE-2007-3760 +CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...) NOT-FOR-US: Safari -CVE-2007-3759 +CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, do ...) NOT-FOR-US: Safari -CVE-2007-3758 +CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) NOT-FOR-US: Safari -CVE-2007-3757 +CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...) NOT-FOR-US: Safari -CVE-2007-3756 +CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) NOT-FOR-US: Safari -CVE-2007-3755 +CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to fo ...) NOT-FOR-US: Aplle iPhone -CVE-2007-3754 +CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user whe ...) NOT-FOR-US: Aplle iPhone -CVE-2007-3753 +CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximat ...) NOT-FOR-US: Aplle iPhone -CVE-2007-3752 +CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote at ...) NOT-FOR-US: iTunes -CVE-2007-3751 +CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime bef ...) NOT-FOR-US: Apple QuickTime -CVE-2007-3750 +CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime -CVE-2007-3749 +CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the c ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-3748 +CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...) NOT-FOR-US: iChat on Apple Mac OS X -CVE-2007-3747 +CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-3746 +CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-3745 +CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 c ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-3744 +CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device St ...) NOT-FOR-US: Apple Mac OSX -CVE-2007-3743 +CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 Bet ...) NOT-FOR-US: Apple Safari -CVE-2007-3742 +CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1 ...) NOT-FOR-US: Apple Safari -CVE-2007-3741 +CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) - gimp 2.2.17-1 (unimportant) NOTE: Only DoS by memleaks or double-frees, not treated as security problems -CVE-2007-3740 +CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix exten ...) {DSA-1504-1 DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.22 -CVE-2007-3739 +CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...) {DSA-1504-1 DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.20-1 -CVE-2007-3738 +CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...) {DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceape 1.1.3-1 (medium) - xulrunner 1.8.1.5-1 (medium) - iceweasel 2.0.0.5-1 (medium) NOTE: MFSA2007-25 -CVE-2007-3737 +CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbi ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) - iceweasel 2.0.0.5-1 (high) NOTE: MFSA2007-21 -CVE-2007-3736 +CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.5-1 (high) - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-19 -CVE-2007-3735 +CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...) {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1} - iceweasel 2.0.0.5-1 (high) - icedove 2.0.0.6-1 (low) @@ -7219,7 +7219,7 @@ CVE-2007-3735 - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-18 -CVE-2007-3734 +CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1} - iceweasel 2.0.0.5-1 (high) - icedove 2.0.0.6-1 (high; bug #444010) @@ -7232,774 +7232,774 @@ CVE-2007-3732 RESERVED - linux-2.6 2.6.23-1 NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1) -CVE-2007-3731 +CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...) {DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.23-1 -CVE-2007-3730 +CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) NOT-FOR-US: HP OpenVMS -CVE-2007-3729 +CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) NOT-FOR-US: HP OpenVMS -CVE-2007-3728 +CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and S ...) - silc-toolkit 1.1.2-1 [etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected) NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2 -CVE-2007-3727 +CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have unkno ...) NOT-FOR-US: WebMatic -CVE-2007-3726 +CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in unr ...) - unrar-nonfree 3.7.3-1.1 (low; bug #437703) [etch] - unrar-nonfree <no-dsa> (Non-free not supported) [sarge] - unrar-nonfree <no-dsa> (Non-free not supported) - rar 1:3.7b1-1 (low; bug #437704) [etch] - rar <not-affected> (Vulnerable code was fixed already) [sarge] - rar <no-dsa> (Non-free not supported) -CVE-2007-3725 +CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows u ...) {DSA-1340-1 DTSA-43-1} - clamav 0.91-1 [sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x) -CVE-2007-3724 +CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...) NOT-FOR-US: Microsoft Windows XP -CVE-2007-3723 +CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of t ...) NOT-FOR-US: Solaris -CVE-2007-3722 +CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling b ...) - kfreebsd-5 <removed> (low) [etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported) -CVE-2007-3721 +CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to "i ...) - kfreebsd-5 <removed> (low) [etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported) -CVE-2007-3720 +CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling base ...) - linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719) -CVE-2007-3719 +CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to " ...) - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) NOTE: This is the existing default behaviour of the scheduler, can be tuned NOTE: to suit individual needs -CVE-2007-3718 +CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in Appl ...) NOT-FOR-US: Apple Safari -CVE-2007-3717 +CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...) NOT-FOR-US: Sun Solaris -CVE-2007-3716 +CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 bef ...) - sun-java6 6-02-1 (medium) - openjdk-6 6b08-1 (bug #566766) -CVE-2007-3715 +CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 befo ...) NOT-FOR-US: Sun Java System Application Server and Web Server -CVE-2007-3714 +CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 a ...) NOT-FOR-US: Ada Image Server -CVE-2007-3713 +CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...) {DSA-1433-1 DTSA-55-1} - centericq 4.22.1-2.1 (bug #438511; medium) - centerim 4.22.1-2.1 (medium) -CVE-2007-3712 +CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ...) NOT-FOR-US: HiddenChest -CVE-2007-3711 +CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...) NOT-FOR-US: TippingPoint IPS -CVE-2007-3710 +CVE-2007-3710 (PHP remote file inclusion vulnerability in example/gamedemo/inc.functi ...) NOT-FOR-US: PHP Comet-Server -CVE-2007-3709 +CVE-2007-3709 (CRLF injection vulnerability in the redirect function in url_helper.ph ...) - codeigniter <itp> (bug #471583) -CVE-2007-3708 +CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 2 ...) - codeigniter <itp> (bug #471583) -CVE-2007-3707 +CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 be ...) - codeigniter <itp> (bug #471583) -CVE-2007-3706 +CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 al ...) - codeigniter <itp> (bug #471583) -CVE-2007-3705 +CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...) NOT-FOR-US: FuseTalk -CVE-2007-3704 +CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...) NOT-FOR-US: Entertainment CMS -CVE-2007-3703 +CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...) NOT-FOR-US: Zenturi ProgramChecker -CVE-2007-3702 +CVE-2007-3702 (Directory traversal vulnerability in the load function in cgi-bin/mail ...) NOT-FOR-US: Mail Machine -CVE-2007-3701 +CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a hex-encode ...) NOT-FOR-US: TippingPoint IPS -CVE-2007-3700 +CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...) NOT-FOR-US: Sun Java System Access Manager -CVE-2007-3699 +CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote a ...) NOT-FOR-US: Symantec -CVE-2007-3698 +CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...) - sun-java5 1.5.0-12-1 - sun-java6 6-02-1 [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) -CVE-2007-3697 +CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashB ...) NOT-FOR-US: FlashBB -CVE-2007-3696 +CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model Validator ...) NOT-FOR-US: CA ERwin Data Model Validator -CVE-2007-3695 +CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly A ...) NOT-FOR-US: CA ERwin -CVE-2007-3694 +CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project ...) NOT-FOR-US: Broadcast Machine -CVE-2007-3693 +CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...) NOT-FOR-US: gobi -CVE-2007-3692 +CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI Do ...) NOT-FOR-US: EZFactory KDDI Download CGI -CVE-2007-3691 +CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial ...) NOT-FOR-US: AV Tutorial -CVE-2007-3690 +CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal al ...) NOT-FOR-US: Forward module for Drupal -CVE-2007-3689 +CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allo ...) NOT-FOR-US: Print module for Drupal -CVE-2007-3688 +CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...) NOT-FOR-US: DotClear -CVE-2007-3687 +CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...) NOT-FOR-US: Inferno Technologies -CVE-2007-3686 +CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...) NOT-FOR-US: Unobtrusive Ajax Star Rating Bar -CVE-2007-3685 +CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Aja ...) NOT-FOR-US: Unobtrusive Ajax Star Rating Bar -CVE-2007-3684 +CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...) NOT-FOR-US: Unobtrusive Ajax Star Rating Bar -CVE-2007-3683 +CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earl ...) NOT-FOR-US: Aigaion -CVE-2007-3682 +CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier a ...) NOT-FOR-US: OpenLD -CVE-2007-3681 +CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in Wi ...) NOT-FOR-US: WinPcap -CVE-2007-3680 +CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm i ...) NOT-FOR-US: IBM AIX -CVE-2007-3679 +CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or ...) NOT-FOR-US: Citrix -CVE-2007-3678 +CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...) NOT-FOR-US: QuarkXPress -CVE-2007-3677 +CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow r ...) NOT-FOR-US: Maxsi eVisit Analyst -CVE-2007-3676 +CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...) NOT-FOR-US: IBM DB2 -CVE-2007-3675 +CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan A ...) NOT-FOR-US: Kaspersky Online Scanner CVE-2007-3674 RESERVED -CVE-2007-3673 +CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...) NOT-FOR-US: Symantec AntiVirus -CVE-2007-3672 +CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotCle ...) NOT-FOR-US: DotClear -CVE-2007-3671 +CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) NOT-FOR-US: Microsoft Windows -CVE-2007-3670 +CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) - iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows) - icedove <not-affected> (Only affects Firefox/Thunderbird on Windows) NOTE: MFSA2007-23 -CVE-2007-3669 +CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP Inn ...) NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control -CVE-2007-3668 +CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVD ...) NOT-FOR-US: NMSDVDXLib -CVE-2007-3667 +CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...) NOT-FOR-US: ActiveReportsExcelReport -CVE-2007-3666 +CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 all ...) NOT-FOR-US: Symantec Ghost -CVE-2007-3665 +CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Nor ...) NOT-FOR-US: Symantec Ghost -CVE-2007-3664 +CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService Act ...) NOT-FOR-US: Eltima Software -CVE-2007-3663 +CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user ...) NOT-FOR-US: guliverkli Media Player Classic -CVE-2007-3662 +CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attacke ...) NOT-FOR-US: guliverkli Media Player Classic -CVE-2007-3661 +CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DL ...) NOT-FOR-US: Eltima Software -CVE-2007-3660 +CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...) NOT-FOR-US: Nonnoi -CVE-2007-3659 +CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allo ...) NOT-FOR-US: FreeWRL -CVE-2007-3658 +CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...) NOT-FOR-US: Microsoft CVE-2007-3657 NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway -CVE-2007-3656 +CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not pe ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.5-1 (high) - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-24 -CVE-2007-3655 +CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...) - sun-java5 1.5.0-12-1 [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-02-1 -CVE-2007-3654 +CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2 ...) NOT-FOR-US: NetBSD -CVE-2007-3653 +CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (a ...) NOT-FOR-US: Farsi Script -CVE-2007-3652 +CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka FaS ...) NOT-FOR-US: Farsi Script -CVE-2007-3651 +CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...) NOT-FOR-US: Farsi Script -CVE-2007-3650 +CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive i ...) NOT-FOR-US: myWebland myBloggie -CVE-2007-3649 +CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control -CVE-2007-3648 +CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly oth ...) NOT-FOR-US: WebMatic -CVE-2007-3647 +CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...) NOT-FOR-US: phpTrafficA -CVE-2007-3646 +CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ea ...) NOT-FOR-US: FlashGameScript -CVE-2007-3645 +CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...) {DSA-1455-1} - libarchive 2.2.4-1 (bug #432924; low) -CVE-2007-3644 +CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...) {DSA-1455-1} - libarchive 2.2.4-1 (bug #432924; low) -CVE-2007-3643 +CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges whe ...) NOT-FOR-US: AV Arcade -CVE-2007-3642 +CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c i ...) {DSA-1356-1} - linux-2.6 2.6.22-2 -CVE-2007-3641 +CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) {DSA-1455-1} - libarchive 2.2.4-1 (bug #432924; low) -CVE-2007-3640 +CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent at ...) NOT-FOR-US: Adobe Apollo -CVE-2007-3639 +CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...) {DSA-1564-1} - wordpress 2.2.2-1 -CVE-2007-3638 +CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-3637 +CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...) NOT-FOR-US: MKPortal -CVE-2007-3636 +CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail -CVE-2007-3635 +CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail -CVE-2007-3634 +CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelma ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail -CVE-2007-3633 +CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...) NOT-FOR-US: Chilkat Software -CVE-2007-3632 +CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...) NOTE: Moodle contains a copy of the files, but not the string NOTE: "homedir", so it is not affected. -CVE-2007-3631 +CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 a ...) NOT-FOR-US: GameSiteScript -CVE-2007-3630 +CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require a ...) NOT-FOR-US: AV Tutorial -CVE-2007-3629 +CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allo ...) NOT-FOR-US: Levent Veysi Portal -CVE-2007-3628 +CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR St ...) NOT-FOR-US: Structures-DataGrid-DataSource-MDB2 -CVE-2007-3627 +CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...) NOT-FOR-US: PHP Lite Calender Express -CVE-2007-3626 +CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...) NOT-FOR-US: Hitachi -CVE-2007-3625 +CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients f ...) NOT-FOR-US: Citrix -CVE-2007-3624 +CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message S ...) NOT-FOR-US: SAP -CVE-2007-3623 +CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...) NOT-FOR-US: Hitachi -CVE-2007-3622 +CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon b ...) NOT-FOR-US: MDaemon -CVE-2007-3621 +CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3 ...) NOT-FOR-US: AsteriDex -CVE-2007-3620 +CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 a ...) NOT-FOR-US: Maia Mailguard -CVE-2007-3619 +CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...) NOT-FOR-US: Maia Mailguard -CVE-2007-3618 +CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service (nsre ...) NOT-FOR-US: EMC Software NetWorker -CVE-2007-3617 +CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply s ...) NOT-FOR-US: vtiger CRM -CVE-2007-3616 +CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) NOT-FOR-US: vtiger CRM -CVE-2007-3615 +CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...) NOT-FOR-US: SAP -CVE-2007-3614 +CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB We ...) NOT-FOR-US: SAP DB Web Server -CVE-2007-3613 +CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Inte ...) NOT-FOR-US: SAP -CVE-2007-3612 +CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...) NOT-FOR-US: Visual IRC -CVE-2007-3611 +CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not r ...) NOT-FOR-US: VRNews -CVE-2007-3610 +CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 all ...) NOT-FOR-US: phpVID -CVE-2007-3609 +CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating Softw ...) NOT-FOR-US: eMeeting -CVE-2007-3608 +CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...) NOT-FOR-US: SAP -CVE-2007-3607 +CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...) NOT-FOR-US: SAP -CVE-2007-3606 +CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX cont ...) NOT-FOR-US: SAP -CVE-2007-3605 +CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX cont ...) NOT-FOR-US: SAP -CVE-2007-3604 +CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...) NOT-FOR-US: vtiger CRM -CVE-2007-3603 +CVE-2007-3603 (SQL injection vulnerability in the dashboard (include/utils/SearchUtil ...) NOT-FOR-US: vtiger CRM -CVE-2007-3602 +CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that au ...) NOT-FOR-US: vtiger CRM -CVE-2007-3601 +CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...) NOT-FOR-US: vtiger CRM -CVE-2007-3600 +CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...) NOT-FOR-US: vtiger CRM -CVE-2007-3599 +CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import an ...) NOT-FOR-US: vtiger CRM -CVE-2007-3598 +CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) NOT-FOR-US: vtiger CRM -CVE-2007-3597 +CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows re ...) NOT-FOR-US: Zen Cart -CVE-2007-3596 +CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...) NOT-FOR-US: phpVideoPro CVE-2007-3595 REJECTED -CVE-2007-3594 +CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet Manag ...) NOT-FOR-US: ManageEngine OpManager -CVE-2007-3593 +CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ne ...) NOT-FOR-US: ManageEngine NetflowAnalyzer -CVE-2007-3592 +CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticat ...) NOT-FOR-US: Elite Bulletin Board -CVE-2007-3591 +CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board befor ...) NOT-FOR-US: Elite Bulletin Board -CVE-2007-3590 +CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...) NOT-FOR-US: b1gBB -CVE-2007-3589 +CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote at ...) NOT-FOR-US: b1gbb -CVE-2007-3588 +CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...) NOT-FOR-US: VBZooM -CVE-2007-3587 +CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...) NOT-FOR-US: MyCMS -CVE-2007-3586 +CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 a ...) NOT-FOR-US: MyCMS -CVE-2007-3585 +CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 an ...) NOT-FOR-US: MyCMS -CVE-2007-3584 +CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earl ...) NOT-FOR-US: PNphpBB2 -CVE-2007-3583 +CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 an ...) NOT-FOR-US: Girlserv ads -CVE-2007-3582 +CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event Calend ...) NOT-FOR-US: SuperCali PHP Event Calendar -CVE-2007-3581 +CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which m ...) NOT-FOR-US: Jedox -CVE-2007-3580 +CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as d ...) NOT-FOR-US: PHPIDS -CVE-2007-3579 +CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text prop ...) NOT-FOR-US: PHPIDS -CVE-2007-3578 +CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic express ...) NOT-FOR-US: PHPIDS -CVE-2007-3577 +CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr meth ...) NOT-FOR-US: PHPIDS CVE-2007-3576 NOT-FOR-US: Microsoft -CVE-2007-3575 +CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...) NOT-FOR-US: FreeDomain.co.nr Clone -CVE-2007-3574 +CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on th ...) NOT-FOR-US: Linksys -CVE-2007-3573 +CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote atta ...) NOT-FOR-US: AkoComment -CVE-2007-3572 +CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in th ...) NOT-FOR-US: Yoggie -CVE-2007-3571 +CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allo ...) NOT-FOR-US: Novell -CVE-2007-3570 +CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Relea ...) NOT-FOR-US: Novell -CVE-2007-3569 +CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...) NOT-FOR-US: Oliver Library Management System -CVE-2007-3568 +CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows context-depen ...) - imlib 1.9.15-3 (bug #437708; low) [sarge] - imlib <no-dsa> (Minor issue, just a crash) [etch] - imlib <no-dsa> (Minor issue, just a crash) -CVE-2007-3567 +CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...) NOT-FOR-US: MysqlDumper -CVE-2007-3566 +CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) NOT-FOR-US: Borland InterBase CVE-2007-3565 RESERVED -CVE-2007-3564 +CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does no ...) {DSA-1333-1} - curl 7.16.4-1 (low) -CVE-2007-3563 +CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1 ...) NOT-FOR-US: AV Arcade -CVE-2007-3562 +CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ear ...) NOT-FOR-US: PHP Director -CVE-2007-3561 +CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...) NOT-FOR-US: Efendy Blog -CVE-2007-3560 +CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have u ...) NOT-FOR-US: Esqlanelapse -CVE-2007-3559 +CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/s ...) NOT-FOR-US: PHP-Fusion -CVE-2007-3558 +CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1 ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-3557 +CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...) NOT-FOR-US: Wheatblog -CVE-2007-3556 +CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) NOT-FOR-US: Liesbeth -CVE-2007-3555 +CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) {DSA-1691-1} - moodle 1.8.2-1 (low; bug #432264) -CVE-2007-3554 +CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) NOT-FOR-US: HP -CVE-2007-3553 +CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server i ...) NOT-FOR-US: Oracle -CVE-2007-3552 +CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...) NOT-FOR-US: bbs100 -CVE-2007-3551 +CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...) NOT-FOR-US: bbs100 CVE-2007-3550 NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3549 +CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allo ...) NOT-FOR-US: Buddy Zone -CVE-2007-3548 +CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...) NOT-FOR-US: W3Filer -CVE-2007-3547 +CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...) NOT-FOR-US: QuickTicket -CVE-2007-3546 +CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...) NOT-FOR-US: Nessus Windows GUI -CVE-2007-3545 +CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remot ...) NOT-FOR-US: Warzone -CVE-2007-3544 +CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.p ...) - wordpress 2.2.2-1 [etch] - wordpress <not-affected> (Vulnerable code not present) -CVE-2007-3543 +CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and W ...) - wordpress 2.2.1-1 [etch] - wordpress <not-affected> (Vulnerable code not present) -CVE-2007-3542 +CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...) NOT-FOR-US: Pluxml -CVE-2007-3541 +CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...) NOT-FOR-US: Kurinton sHTTPd -CVE-2007-3540 +CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...) NOT-FOR-US: rwAuction -CVE-2007-3539 +CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:200706 ...) NOT-FOR-US: QuickTicket -CVE-2007-3538 +CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...) NOT-FOR-US: QuickTalk -CVE-2007-3537 +CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...) NOT-FOR-US: IBM OS/400 -CVE-2007-3536 +CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX cont ...) NOT-FOR-US: AMX NetLinx VNC -CVE-2007-3535 +CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...) NOT-FOR-US: GL-SH Deaf Forum -CVE-2007-3534 +CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...) NOT-FOR-US: WebChat -CVE-2007-3533 +CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attacker ...) NOT-FOR-US: 3Com -CVE-2007-3532 +CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14. ...) - nvidia-kernel-common 20051028+1-0.1 (bug #434398; low) [sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported) [etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported) -CVE-2007-3531 +CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) - nvclock 0.8b-1 (low) -CVE-2007-3530 +CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and passwor ...) NOT-FOR-US: PHPDirector -CVE-2007-3529 +CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...) NOT-FOR-US: PHPDirector -CVE-2007-3528 +CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptogra ...) - dar 2.3.3-1 (low; bug #425335) [etch] - dar <no-dsa> (Minor issue) [sarge] - dar <no-dsa> (Minor issue) -CVE-2007-3527 +CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users t ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> -CVE-2007-3526 +CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier a ...) NOT-FOR-US: Buddy Zone -CVE-2007-3525 +CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to obta ...) NOT-FOR-US: Ripe Website Manager -CVE-2007-3524 +CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website Man ...) NOT-FOR-US: Ripe Website Manager -CVE-2007-3523 +CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...) NOT-FOR-US: XCMS -CVE-2007-3522 +CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 all ...) NOT-FOR-US: sPHPell -CVE-2007-3521 +CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 a ...) NOT-FOR-US: ArcadeBuilder Game Portal Manager -CVE-2007-3520 +CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...) NOT-FOR-US: Easybe -CVE-2007-3519 +CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0. ...) NOT-FOR-US: phpEventCalendar -CVE-2007-3518 +CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...) NOT-FOR-US: HispaH YouTube Clone Script -CVE-2007-3517 +CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...) NOT-FOR-US: Claroline -CVE-2007-3516 +CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Go ...) NOT-FOR-US: Gorki Online Santrac Sitesi -CVE-2007-3515 +CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 a ...) NOT-FOR-US: TotalCalendar -CVE-2007-3514 +CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows re ...) NOT-FOR-US: Apple Safari -CVE-2007-3513 +CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kerne ...) {DSA-1356-1} - linux-2.6 2.6.22-1 NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3 NOTE: in Linus' tree. -CVE-2007-3512 +CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...) NOT-FOR-US: Lhaca -CVE-2007-3511 +CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (bug #438873; low) - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-32 -CVE-2007-3510 +CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 F ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-3509 +CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exe ...) NOT-FOR-US: Symantec CVE-2007-3508 - glibc 2.6-2 (unimportant; bug #431858) NOTE: Not security-relevant -CVE-2007-3507 +CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...) - flac123 0.0.11-1 (low; bug #432008) [etch] - flac123 <no-dsa> (Minor issue) -CVE-2007-3506 +CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...) - freetype 2.3.4 (bug #432013) [sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x) [etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x) [lenny] - freetype <not-affected> (Vulnerable code introduced in 2.3.x) -CVE-2007-3505 +CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 al ...) NOT-FOR-US: QuickTalk forum -CVE-2007-3504 +CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun Jav ...) - sun-java5 <not-affected> NOTE: Sun Alert ID 102957 says issue is Windows only -CVE-2007-3503 +CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML ...) [etch] - sun-java5 1.5.0-14-1etch1 - sun-java5 1.5.0-12-1 [etch] - sun-java6 <no-dsa> (non-free) - sun-java6 6-01-1 (bug #432006) - openjdk-6 6b08-1 (bug #566766) -CVE-2007-3502 +CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration syste ...) NOT-FOR-US: Kaspersky Anti-Spam -CVE-2007-3501 +CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...) NOT-FOR-US: DirectAdmin -CVE-2007-3500 +CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a modifie ...) NOT-FOR-US: Xeweb XEForum -CVE-2007-3499 +CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as eviden ...) NOT-FOR-US: SlackRoll -CVE-2007-3498 +CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php ...) NOT-FOR-US: HTML Purifier -CVE-2007-3497 +CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3496 +CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD ...) NOT-FOR-US: SAP Web Dynpro Java -CVE-2007-3495 +CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP Interne ...) NOT-FOR-US: SAP Internet Communication Framework -CVE-2007-3494 +CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges w ...) NOT-FOR-US: Papoo CMS -CVE-2007-3493 +CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTA ...) NOT-FOR-US: NCTAudioStudio -CVE-2007-3492 +CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a denia ...) NOT-FOR-US: Conti FtpServer -CVE-2007-3491 +CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0 ...) NOT-FOR-US: Progress Software OpenEdge -CVE-2007-3490 +CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote at ...) NOT-FOR-US: Microsoft Excel 2003 SP2 -CVE-2007-3489 +CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in th ...) NOT-FOR-US: Check Point VPN-1 Edge X -CVE-2007-3488 +CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony Netwo ...) NOT-FOR-US: Sony Network Camera SNC-P5 1.0 -CVE-2007-3487 +CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0 ...) NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control -CVE-2007-3486 +CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine al ...) NOT-FOR-US: AltaVista -CVE-2007-3485 +CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server a ...) NOT-FOR-US: Yandex.Server CVE-2007-3484 NOT-FOR-US: Google Custom Search Engine -CVE-2007-3483 +CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...) NOT-FOR-US: BlackBerry Enterprise Server -CVE-2007-3482 +CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows re ...) NOT-FOR-US: Apple Safari CVE-2007-3481 NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3480 +CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...) NOT-FOR-US: PCSoft WinDEV -CVE-2007-3479 +CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows us ...) NOT-FOR-US: PCSoft WinDEV -CVE-2007-3478 +CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in th ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: this is a crash, and does not seem to be attacker controlled. -CVE-2007-3477 +CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) - libwmf <unfixed> (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) NOTE: CPU consumption DoS -CVE-2007-3476 +CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) - libwmf <unfixed> (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable. -CVE-2007-3475 +CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted rem ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: out-of-band memory read, does not appear attacker controlled. -CVE-2007-3474 +CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD Graph ...) NOTE: appears to be prophylactic dup of CVE-2007-3476. -CVE-2007-3473 +CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) befor ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: this is only a NULL deref crash (same as CVE-2007-3472) -CVE-2007-3472 +CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: this is only a NULL deref crash. -CVE-2007-3471 +CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) Sess ...) NOT-FOR-US: Sun Solaris dtsession -CVE-2007-3470 +CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun ...) NOT-FOR-US: Sun Solaris -CVE-2007-3469 +CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...) NOT-FOR-US: Sun Solaris -CVE-2007-3468 +CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attac ...) {DSA-1332-1} - vlc 0.8.6.c.debian-1 (bug #429726) -CVE-2007-3467 +CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN V ...) {DSA-1332-1} - vlc 0.8.6.c-1 (bug #429726) CVE-2007-3466 RESERVED -CVE-2007-3465 +CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...) NOT-FOR-US: Check Point SofaWare Safe -CVE-2007-3464 +CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...) NOT-FOR-US: Check Point SofaWare Safe CVE-2007-3463 NOT-FOR-US: Microsoft Windows XP SP2 -CVE-2007-3462 +CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point SofaWar ...) NOT-FOR-US: Check Point SofaWare Safe -CVE-2007-3461 +CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...) NOT-FOR-US: elkagroup Image Gallery -CVE-2007-3460 +CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in EV ...) NOT-FOR-US: EVA-Web -CVE-2007-3459 +CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vect ...) NOT-FOR-US: Civitech Avax Vector -CVE-2007-3458 +CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...) NOT-FOR-US: Sun Solaris libsldap -CVE-2007-3457 +CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...) - flashplugin-nonfree 9.0.48.0.1 [sarge] - flashplugin-nonfree <no-dsa> (non-free not supported) [etch] - flashplugin-nonfree <no-dsa> (non-free not supported) -CVE-2007-3456 +CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allo ...) - flashplugin-nonfree 9.0.48.0.1 [sarge] - flashplugin-nonfree <no-dsa> (non-free not supported) [etch] - flashplugin-nonfree <no-dsa> (non-free not supported) -CVE-2007-3455 +CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corpora ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition -CVE-2007-3454 +CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Tre ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition -CVE-2007-3453 +CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...) NOT-FOR-US: Papoo -CVE-2007-3452 +CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...) NOT-FOR-US: eDocStore -CVE-2007-3451 +CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...) NOT-FOR-US: 6ALBlog -CVE-2007-3450 +CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...) NOT-FOR-US: 6ALBlog -CVE-2007-3449 +CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...) NOT-FOR-US: 6ALBlog -CVE-2007-3448 +CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopp ...) NOT-FOR-US: BugMall Shopping Cart -CVE-2007-3447 +CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier a ...) NOT-FOR-US: BugMall Shopping Cart -CVE-2007-3446 +CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" an ...) NOT-FOR-US: BugMall Shopping Cart -CVE-2007-3445 +CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mo ...) NOT-FOR-US: SJphone -CVE-2007-3444 +CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows r ...) NOT-FOR-US: BlackBerry 7270 -CVE-2007-3443 +CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...) NOT-FOR-US: BlackBerry 7270 -CVE-2007-3442 +CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...) NOT-FOR-US: BlackBerry 7270 -CVE-2007-3441 +CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with firmwar ...) NOT-FOR-US: Aastra 9112i SIP Phone -CVE-2007-3440 +CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) NOT-FOR-US: Snom 320 SIP Phone -CVE-2007-3439 +CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) NOT-FOR-US: Snom 320 SIP Phone -CVE-2007-3438 +CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC Clie ...) NOT-FOR-US: Nortel PC Client SIP Soft Phone -CVE-2007-3437 +CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...) NOT-FOR-US: AOL Instant Messenger -CVE-2007-3436 +CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to c ...) NOT-FOR-US: Microsoft -CVE-2007-3435 +CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain Acti ...) NOT-FOR-US: BarCodeAx.dll -CVE-2007-3434 +CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...) NOT-FOR-US: Pharmacy System -CVE-2007-3433 +CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...) NOT-FOR-US: Pharmacy System -CVE-2007-3432 +CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...) NOT-FOR-US: Pluxml -CVE-2007-3431 +CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...) NOT-FOR-US: Dagger -CVE-2007-3430 +CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...) NOT-FOR-US: Simple Invoices -CVE-2007-3429 +CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...) NOT-FOR-US: e107 -CVE-2007-3428 +CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...) NOT-FOR-US: phpTrafficA -CVE-2007-3427 +CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earl ...) NOT-FOR-US: phpTrafficA -CVE-2007-3426 +CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1 ...) NOT-FOR-US: phpTrafficA -CVE-2007-3425 +CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 an ...) NOT-FOR-US: phpTrafficA -CVE-2007-3424 +CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.or ...) NOT-FOR-US: WebAPP -CVE-2007-3423 +CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...) NOT-FOR-US: WebAPP -CVE-2007-3422 +CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP b ...) NOT-FOR-US: WebAPP -CVE-2007-3421 +CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...) NOT-FOR-US: WebAPP -CVE-2007-3420 +CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in c ...) NOT-FOR-US: WebAPP -CVE-2007-3419 +CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org We ...) NOT-FOR-US: WebAPP -CVE-2007-3418 +CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-ap ...) NOT-FOR-US: WebAPP -CVE-2007-3417 +CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib ...) NOT-FOR-US: WebAPP -CVE-2007-3416 +CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: WebAPP -CVE-2007-3415 +CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...) NOT-FOR-US: phpRaider -CVE-2007-3414 +CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...) NOT-FOR-US: access2asp -CVE-2007-3413 +CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.5 ...) NOT-FOR-US: bosDataGrid -CVE-2007-3412 +CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGal ...) NOT-FOR-US: ClickGallery Server -CVE-2007-3411 +CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server 5 ...) NOT-FOR-US: ClickGallery Server -CVE-2007-3410 +CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue ...) - helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer) -CVE-2007-3409 +CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...) {DSA-1515-1} - libnet-dns-perl 0.60-1 (low) -CVE-2007-3408 +CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspe ...) - dia <not-affected> (Windows packaging with bundled FreeType libs) -CVE-2007-3407 +CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ob ...) NOT-FOR-US: Simple HTTPD -CVE-2007-3406 +CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3405 +CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...) NOT-FOR-US: Lebisoft zdefter -CVE-2007-3404 +CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3. ...) NOT-FOR-US: SiteDepth CMS -CVE-2007-3403 +CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...) NOT-FOR-US: dreamLog -CVE-2007-3402 +CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows remot ...) NOT-FOR-US: pagetool -CVE-2007-3401 +CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...) NOT-FOR-US: B1GBB -CVE-2007-3400 +CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as d ...) NOT-FOR-US: NCTAudioEditor2 ActiveX control -CVE-2007-3399 +CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power Phlog ...) NOT-FOR-US: Power Phlogger -CVE-2007-3398 +CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service (hang ...) NOT-FOR-US: LiveWEB -CVE-2007-3397 +CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before 6.0 ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-3396 +CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...) NOT-FOR-US: KeyFocus CVE-2007-3395 REJECTED -CVE-2007-3394 +CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote a ...) NOT-FOR-US: eNdonesia -CVE-2007-3388 +CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdata ...) {DSA-1426-1} - qt-x11-free 3:3.3.7-6 - qt4-x11 <not-affected> (This problem is not present in any version of Qt 4) NOTE: http://web.archive.org/web/20080206133848/http://trolltech.com:80/company/newsroom/announcements/press.2007-07-27.7503755960 -CVE-2007-3387 +CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in x ...) {DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1} - poppler 0.5.4-6.1 (bug #435460) - gpdf <removed> @@ -8019,406 +8019,406 @@ CVE-2007-3387 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - ipe <not-affected> (Does not include the vulnerable code) - swftools 0.9.2+ds1-2 -CVE-2007-3386 +CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet f ...) {DSA-1447-1} - tomcat5.5 5.5.25-1 -CVE-2007-3385 +CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) {DSA-1453-1 DSA-1447-1} - tomcat5.5 5.5.25-1 - tomcat5 <removed> -CVE-2007-3384 +CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servle ...) NOT-FOR-US: tomcat 3.3 -CVE-2007-3383 +CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the exa ...) - tomcat4 <removed> (low) [sarge] - tomcat4 <no-dsa> (Contrib not supported) NOTE: affects example app in tomcat4-webapps -CVE-2007-3382 +CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) {DSA-1453-1 DSA-1447-1} - tomcat5.5 5.5.25-1 - tomcat5 <removed> -CVE-2007-3381 +CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x b ...) - gdm 2.18.4-1 (low) [sarge] - gdm <no-dsa> (Minor issue) [etch] - gdm <no-dsa> (Minor issue) -CVE-2007-3380 +CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ke ...) - linux-2.6 2.6.23-1 [etch] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2007-3379 +CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (R ...) - linux-2.6 <not-affected> (Red Hat-specific vulnerability) -CVE-2007-3378 +CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...) - php4 <removed> (unimportant) - php5 5.2.4-1 (unimportant) -CVE-2007-3377 +CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predic ...) {DSA-1515-1} - libnet-dns-perl 0.60-1 (low) -CVE-2007-3376 +CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-as ...) NOT-FOR-US: Apple Safari -CVE-2007-3375 +CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows ...) NOT-FOR-US: Lhaca -CVE-2007-3374 +CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluste ...) - redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file) -CVE-2007-3373 +CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...) - redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file) -CVE-2007-3389 +CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...) - wireshark 0.99.6pre1-1 [etch] - wireshark <not-affected> (Only affected 0.99.5) - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-3390 +CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain sys ...) {DSA-1322-1} - wireshark 0.99.6pre1-1 - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-3391 +CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service ...) - wireshark 0.99.6pre1-1 [etch] - wireshark <not-affected> (Only affected 0.99.5) - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-3392 +CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...) {DSA-1322-1} - wireshark 0.99.6pre1-1 - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-3393 +CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99. ...) {DSA-1322-1} - wireshark 0.99.6pre1-1 - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-3372 +CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a de ...) {DSA-1690-1} - avahi 0.6.20-2 (low) [etch] - avahi <no-dsa> (Minor issue, only affects local users) -CVE-2007-3371 +CVE-2007-3371 (PHP remote file inclusion vulnerability in plugins/widgets/htmledit/ht ...) NOT-FOR-US: Powl -CVE-2007-3370 +CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.0 ...) NOT-FOR-US: Sun Board -CVE-2007-3369 +CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootRO ...) NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone -CVE-2007-3368 +CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SI ...) NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone -CVE-2007-3367 +CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...) NOT-FOR-US: cPanel -CVE-2007-3366 +CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwr ...) NOT-FOR-US: cPanel -CVE-2007-3365 +CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase characte ...) NOT-FOR-US: MyServer -CVE-2007-3364 +CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sam ...) NOT-FOR-US: MyServer -CVE-2007-3363 +CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 al ...) NOT-FOR-US: AGEphone -CVE-2007-3362 +CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC Hy ...) NOT-FOR-US: AGEphone -CVE-2007-3361 +CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remot ...) NOT-FOR-US: Nortel PC Client SIP Soft Phone -CVE-2007-3360 +CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitr ...) - ircii-pana <removed> (medium; bug #432120) NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120 -CVE-2007-3359 +CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...) NOT-FOR-US: SerWeb -CVE-2007-3358 +CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in SerWe ...) NOT-FOR-US: SerWeb -CVE-2007-3357 +CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored ...) NOT-FOR-US: NetClassifieds Premium Edition -CVE-2007-3356 +CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain sensi ...) NOT-FOR-US: NetClassifieds Premium Edition -CVE-2007-3355 +CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds ...) NOT-FOR-US: NetClassifieds Premium Edition -CVE-2007-3354 +CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2007-3353 NOT-FOR-US: MyEvent -CVE-2007-3352 +CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in Stephe ...) NOT-FOR-US: Stephen Ostermiller Contact Form -CVE-2007-3351 +CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...) NOT-FOR-US: SJPhone SIP -CVE-2007-3350 +CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...) NOT-FOR-US: AIM -CVE-2007-3349 +CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1 ...) NOT-FOR-US: Aastra 9112i SIP Phone -CVE-2007-3348 +CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a de ...) NOT-FOR-US: D-Link DPH-540/DPH-541 phone -CVE-2007-3347 +CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are ...) NOT-FOR-US: D-Link DPH-540/DPH-541 phone -CVE-2007-3346 +CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 allo ...) NOT-FOR-US: PHPAccounts -CVE-2007-3345 +CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...) NOT-FOR-US: PHPAccounts -CVE-2007-3344 +CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01 ...) NOT-FOR-US: netjukebox -CVE-2007-3343 +CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...) NOT-FOR-US: RaidenHTTPD -CVE-2007-3342 +CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (M ...) NOT-FOR-US: Movable Type -CVE-2007-3341 +CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft Inter ...) NOT-FOR-US: Microsoft -CVE-2007-3340 +CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ca ...) NOT-FOR-US: HTTP Server 1.6.2 -CVE-2007-3339 +CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in forum/include/e ...) NOT-FOR-US: ColdFusion -CVE-2007-3338 +CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 9 ...) NOT-FOR-US: Ingres -CVE-2007-3337 +CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...) NOT-FOR-US: Ingres -CVE-2007-3336 +CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server ...) NOT-FOR-US: Ingres -CVE-2007-3335 +CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho C ...) NOT-FOR-US: PHPEcho CMS -CVE-2007-3334 +CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...) NOT-FOR-US: Ingres -CVE-2007-3333 +CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 al ...) NOT-FOR-US: IBM AIX -CVE-2007-3332 +CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for P ...) NOT-FOR-US: Satel Lite for PhpNuke -CVE-2007-3331 +CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...) NOT-FOR-US: STphp EasyNews PRO -CVE-2007-3330 +CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 all ...) NOT-FOR-US: STphp EasyNews PRO -CVE-2007-3329 +CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) get_inter_ ...) NOT-FOR-US: Xvid -CVE-2007-3328 +CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 be ...) NOT-FOR-US: Interact -CVE-2007-3327 +CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sens ...) NOT-FOR-US: HTTP Server 1.6.2 -CVE-2007-3326 +CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...) NOT-FOR-US: vBulletin -CVE-2007-3325 +CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN Man ...) NOT-FOR-US: LAN Management System -CVE-2007-3324 +CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7 ...) NOT-FOR-US: Comersus Cart -CVE-2007-3323 +CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in Comer ...) NOT-FOR-US: Comersus Shop Cart CVE-2007-4168 REJECTED -CVE-2007-3322 +CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone -CVE-2007-3321 +CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone -CVE-2007-3320 +CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone -CVE-2007-3319 +CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone -CVE-2007-3318 +CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access C ...) NOT-FOR-US: Avaya one-X Desktop Edition -CVE-2007-3317 +CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...) NOT-FOR-US: Avaya one-X Desktop Edition -CVE-2007-3316 +CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC Medi ...) {DSA-1332-1} - vlc 0.8.6.c-1 (medium; bug #429726) -CVE-2007-3315 +CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...) NOT-FOR-US: YourFreeScreamer -CVE-2007-3314 +CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant Salamande ...) NOT-FOR-US: Altap Servant Salamander -CVE-2007-3313 +CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...) NOT-FOR-US: Jasmine CMS -CVE-2007-3312 +CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in Jasmi ...) NOT-FOR-US: Jasmine CMS -CVE-2007-3311 +CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and earl ...) NOT-FOR-US: Articles -CVE-2007-3310 +CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...) NOT-FOR-US: TDizin -CVE-2007-3309 +CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...) NOT-FOR-US: Simple Machines Forum -CVE-2007-3308 +CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ins ...) NOT-FOR-US: Simple Machines Forum -CVE-2007-3307 +CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1. ...) NOT-FOR-US: Solar Empire -CVE-2007-3306 +CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...) NOT-FOR-US: MiniBill -CVE-2007-3305 +CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1 ...) NOT-FOR-US: Cerulean Studios Trillian -CVE-2007-3304 +CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, al ...) - apache <removed> (low) - apache2 2.2.4-2 (low) [etch] - apache2 2.2.3-4+etch2 [sarge] - apache2 2.0.54-5sarge2 (low) [etch] - apache 1.3.34-4.1+etch1 -CVE-2007-3303 +CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...) - apache2 <unfixed> (unimportant) NOTE: If you can execute arbitrary code, a DoS is not a problem. -CVE-2007-3302 +CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3. ...) NOT-FOR-US: CA -CVE-2007-3301 +CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in Fu ...) NOT-FOR-US: FuseTalk -CVE-2007-3300 +CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) NOT-FOR-US: F-Secure -CVE-2007-3299 +CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...) - awffull 3.7.4final-1 (unimportant) NOTE: awffull (a webalizer fork) does not have any cookie based authentication NOTE: or other sensitive data that could be leaked through this -CVE-2007-3298 +CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote attacke ...) NOT-FOR-US: Spey -CVE-2007-3297 +CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...) NOT-FOR-US: Musoo -CVE-2007-3296 +CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbo ...) NOT-FOR-US: Web Thunderbolt -CVE-2007-3295 +CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) NOT-FOR-US: YaBB -CVE-2007-3294 +CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension fo ...) - php5 <removed> (unimportant) NOTE: Only exploitable by malicious script -CVE-2007-3293 +CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlie ...) NOT-FOR-US: LiveCMS -CVE-2007-3292 +CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allo ...) NOT-FOR-US: LiveCMS -CVE-2007-3291 +CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier al ...) NOT-FOR-US: LiveCMS -CVE-2007-3290 +CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ob ...) NOT-FOR-US: LiveCMS -CVE-2007-3289 +CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...) NOT-FOR-US: WiwiMod for XOOPS -CVE-2007-3288 +CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automa ...) NOT-FOR-US: skeltoac stats plugin for WordPress CVE-2007-3287 RESERVED -CVE-2007-3286 +CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM objec ...) NOT-FOR-US: Avaya IP Softphone -CVE-2007-3285 +CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote att ...) - iceweasel <not-affected> (Affects only Firefox in Windows) NOTE: MFSA2007-22 -CVE-2007-3284 +CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...) NOT-FOR-US: Apple Safari -CVE-2007-3283 +CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root i ...) - xscreensaver <not-affected> (Not a security issue: works as documented) -CVE-2007-3282 +CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX o ...) NOT-FOR-US: Microsoft Office -CVE-2007-3281 +CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting B ...) NOT-FOR-US: Php Hosting Biller -CVE-2007-3280 +CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements functi ...) - postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) - postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) -CVE-2007-3279 +CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql ...) - postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) - postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) -CVE-2007-3278 +CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust authentic ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian) - postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian) -CVE-2007-3277 +CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for WI ...) NOT-FOR-US: localization module for WIKINDX -CVE-2007-3276 +CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ( ...) NOT-FOR-US: Site -CVE-2007-3275 +CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active Director ...) NOT-FOR-US: MailWasher Server -CVE-2007-3274 +CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...) NOT-FOR-US: Apple Safari -CVE-2007-3273 +CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...) NOT-FOR-US: FuseTalk -CVE-2007-3272 +CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...) NOT-FOR-US: MiniBB -CVE-2007-3271 +CVE-2007-3271 (PHP remote file inclusion vulnerability in templates/2blue/bodyTemplat ...) NOT-FOR-US: YourFreeScreamer -CVE-2007-3270 +CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...) NOT-FOR-US: phpMyInventory -CVE-2007-3269 +CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...) NOT-FOR-US: Papoo Light -CVE-2007-3268 +CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS Depl ...) NOT-FOR-US: IBM Tivoli Provisioning Manager -CVE-2007-3267 +CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) NOT-FOR-US: Fuzzylime Forum -CVE-2007-3266 +CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows r ...) NOT-FOR-US: WEBIF -CVE-2007-3265 +CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in I ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-3264 +CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-3263 +CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM We ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-3262 +CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM We ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-3261 +CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...) NOT-FOR-US: dKret -CVE-2007-3260 +CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...) NOT-FOR-US: HP System Management Homepage -CVE-2007-3259 +CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive in ...) NOT-FOR-US: Calendarix -CVE-2007-3258 +CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to obt ...) NOT-FOR-US: Calendarix -CVE-2007-3257 +CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...) {DSA-1325-1 DSA-1321-1} - evolution 2.12.0-1 - evolution-data-server 1.10.2-2 (bug #429876) [sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package) -CVE-2007-3256 +CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and p ...) NOT-FOR-US: Xythos Enterprise Document Manager -CVE-2007-3255 +CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos E ...) NOT-FOR-US: Xythos Enterprise Document Manager -CVE-2007-3254 +CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterpri ...) NOT-FOR-US: Xythos Enterprise Document Manager -CVE-2007-3253 +CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...) NOT-FOR-US: Astaro Security Gateway -CVE-2007-3252 +CVE-2007-3252 (PortalApp stores sensitive information under the web root with insuffi ...) NOT-FOR-US: PortalApp -CVE-2007-3251 +CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...) NOT-FOR-US: e-Vision CMS -CVE-2007-3250 +CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before 200 ...) NOT-FOR-US: Elxis CMS -CVE-2007-3249 +CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...) NOT-FOR-US: Letterman Subscriber -CVE-2007-3248 +CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...) NOT-FOR-US: Sun Solaris -CVE-2007-3247 +CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...) NOT-FOR-US: VirtueMart -CVE-2007-3246 +CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...) NOT-FOR-US: IRC Services -CVE-2007-3245 +CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote atta ...) NOT-FOR-US: IRC Services -CVE-2007-3244 +CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...) NOT-FOR-US: bbPress -CVE-2007-3243 +CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0. ...) NOT-FOR-US: bbPress -CVE-2007-3242 +CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9. ...) NOT-FOR-US: WebAPP -CVE-2007-3241 +CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the cordob ...) NOT-FOR-US: cordobo-green-park theme for WordPress -CVE-2007-3240 +CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Li ...) NOT-FOR-US: Vistered-Little theme for WordPress -CVE-2007-3239 +CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the Andy ...) NOT-FOR-US: AndyBlue theme for WordPress -CVE-2007-3238 +CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the defau ...) {DSA-1502-1} - wordpress 2.2.2-1 (low) -CVE-2007-3237 +CVE-2007-3237 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...) NOT-FOR-US: XOOPS -CVE-2007-3236 +CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...) NOT-FOR-US: XOOPS -CVE-2007-3235 +CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) NOT-FOR-US: Fuzzylime Forum -CVE-2007-3234 +CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows r ...) NOT-FOR-US: Fuzzylime Forum -CVE-2007-3233 +CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 all ...) NOT-FOR-US: TEC-IT -CVE-2007-3232 +CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password fo ...) NOT-FOR-US: IBM -CVE-2007-3231 +CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack vec ...) - mecab 0.95-1.1 (bug #429174; low) [etch] - mecab <no-dsa> (Minor issue) [sarge] - mecab <no-dsa> (Minor issue) -CVE-2007-3230 +CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer P ...) NOT-FOR-US: PHP::HTML -CVE-2007-3229 +CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain sensi ...) NOT-FOR-US: Singapore Gallery -CVE-2007-3228 +CVE-2007-3228 (PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/ ...) NOT-FOR-US: Sitellite CMS -CVE-2007-3227 +CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...) - rails 1.2.5-1 (bug #429177) -CVE-2007-3226 +CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...) NOT-FOR-US: dotProject -CVE-2007-3225 +CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...) NOT-FOR-US: Sun Java System Directory Server -CVE-2007-3224 +CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server (sla ...) NOT-FOR-US: Sun Java System Directory Server -CVE-2007-3223 +CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before 2 ...) NOT-FOR-US: Sun Solaris -CVE-2007-3222 +CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...) NOT-FOR-US: XOOPS -CVE-2007-3221 +CVE-2007-3221 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...) NOT-FOR-US: XOOPS -CVE-2007-3220 +CVE-2007-3220 (PHP remote file inclusion vulnerability in admin/editor2/spaw_control. ...) NOT-FOR-US: XOOPS -CVE-2007-3219 +CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in Invis ...) NOT-FOR-US: Invision Power Board (IPB) -CVE-2007-3218 +CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3 ...) NOT-FOR-US: PHP Live! -CVE-2007-3217 +CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...) NOT-FOR-US: Prototype of an PHP application -CVE-2007-3216 +CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer As ...) NOT-FOR-US: CA BrightStor products -CVE-2007-3215 +CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote attacker ...) {DSA-1315-1} - libphp-phpmailer 1.73-4 (high; bug #429179) - flyspray 0.9.8-12 (bug #429191; bug #429195) @@ -8439,126 +8439,126 @@ CVE-2007-3215 [etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used) - phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255) - egroupware <not-affected> (bug #504283; Vulnerable code not used) -CVE-2007-3214 +CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earl ...) NOT-FOR-US: e-Vision CMS -CVE-2007-3213 +CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...) NOT-FOR-US: Sporum Forum -CVE-2007-3212 +CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in Be ...) NOT-FOR-US: Beehive Forum -CVE-2007-3211 +CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain Technolo ...) NOT-FOR-US: Domain Technologie Control (DTC) -CVE-2007-3210 +CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Obj ...) NOT-FOR-US: Cellosoft Tokens Object -CVE-2007-3209 +CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...) - mail-notification 4.0.dfsg.1-2 (low; bug #428157) [sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x) [etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata) -CVE-2007-3208 +CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...) NOT-FOR-US: YaBB -CVE-2007-3207 +CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6 ...) NOT-FOR-US: Novell NetWare CVE-2007-3206 RESERVED -CVE-2007-3205 +CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: That's by design -CVE-2007-3204 +CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network Manage ...) NOTE: This is an jffnms ID, which has been wrongly reported by an external party, NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192 -CVE-2007-3203 +CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602P ...) NOT-FOR-US: 602Pro LAN SUITE -CVE-2007-3202 +CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in We ...) NOT-FOR-US: Webwiz -CVE-2007-3201 +CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...) NOT-FOR-US: Windows Privacy Tray (WinPT) -CVE-2007-3200 +CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ear ...) NOT-FOR-US: Novell -CVE-2007-3199 +CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form 3. ...) NOT-FOR-US: Link Request Contact Form -CVE-2007-3198 +CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...) NOT-FOR-US: Maran PHP Blog -CVE-2007-3197 +CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1 ...) NOT-FOR-US: vBulletin -CVE-2007-3196 +CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated Ti ...) NOT-FOR-US: VBulletin -CVE-2007-3195 +CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1. ...) NOT-FOR-US: ERFAN WIKI CVE-2007-3194 NOT-FOR-US: myBloggie -CVE-2007-3193 +CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configurati ...) {DSA-1371-1} - phpwiki 1.3.12p3-6.1 (low; bug #429201) -CVE-2007-3192 +CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8 ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 (medium) NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include NOTE: a note about the CVE id. -CVE-2007-3191 +CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote at ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 -CVE-2007-3190 +CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun Net ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 -CVE-2007-3189 +CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun N ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 -CVE-2007-3188 +CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...) NOT-FOR-US: Fullaspsite GeometriX Download Portal -CVE-2007-3187 +CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...) NOT-FOR-US: Apple -CVE-2007-3186 +CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...) NOT-FOR-US: Apple -CVE-2007-3185 +CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote attacker ...) NOT-FOR-US: Apple -CVE-2007-3184 +CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, all ...) NOT-FOR-US: Cisco -CVE-2007-3183 +CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, whe ...) NOT-FOR-US: Calendarix -CVE-2007-3182 +CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7. ...) NOT-FOR-US: Calendarix -CVE-2007-3181 +CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (medium) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> (medium) NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code NOTE: in the pool to check and since this version is in testing and unstable... -CVE-2007-3180 +CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...) NOT-FOR-US: HP -CVE-2007-3179 +CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle Blo ...) NOT-FOR-US: Particle Blogger -CVE-2007-3178 +CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1 ...) NOT-FOR-US: Sistemi -CVE-2007-3177 +CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to b ...) NOT-FOR-US: Ingate Firewall / SIParator -CVE-2007-3176 +CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before 4.5. ...) NOT-FOR-US: Ingate Firewall / SIParator -CVE-2007-3175 +CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow rem ...) NOT-FOR-US: W2B Online Banking -CVE-2007-3174 +CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Ban ...) NOT-FOR-US: W2B Online Banking -CVE-2007-3173 +CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an ...) NOT-FOR-US: Almnzm -CVE-2007-3172 +CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau W ...) NOT-FOR-US: UebiMiau -CVE-2007-3171 +CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: UebiMiau -CVE-2007-3170 +CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmai ...) NOT-FOR-US: Uebimiau -CVE-2007-3169 +CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office Viewe ...) NOT-FOR-US: EDraw Office Viewer Component -CVE-2007-3168 +CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component (edrawo ...) NOT-FOR-US: EDraw Office Viewer Component -CVE-2007-3167 +CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...) NOT-FOR-US: Vivotek -CVE-2007-3166 +CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remot ...) NOT-FOR-US: Qualcomm Eudora -CVE-2007-3165 +CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is ...) - tor 0.1.2.14-1 (medium) -CVE-2007-3164 +CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentic ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3163 +CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico Cal ...) - moin 1.5.8-4.1 (unimportant; bug #429205) - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204) - karrigell <removed> (unimportant; bug #429207) @@ -8566,473 +8566,473 @@ CVE-2007-3163 NOTE: Given the state of Linux' NTFS support it seems highly unlikely NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based NOTE: web server with NTFS -CVE-2007-3162 +CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX contro ...) NOT-FOR-US: Internet Download Accelerator -CVE-2007-3161 +CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote F ...) NOT-FOR-US: Ace-FTP Client -CVE-2007-3160 +CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP Rea ...) NOT-FOR-US: PHP Real Estate Classifieds Premium Plus -CVE-2007-3159 +CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...) NOT-FOR-US: MiniWeb -CVE-2007-3158 +CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to r ...) NOT-FOR-US: ASP Folder Gallery -CVE-2007-3157 +CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12 ...) NOT-FOR-US: SafeNET -CVE-2007-3156 +CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi i ...) - webmin <removed> -CVE-2007-3155 +CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown i ...) - egroupware 1.2.107-2.dfsg-1 (bug #429208) -CVE-2007-3154 +CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltip ...) NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware NOTE: of any security problem, see #429215, #429209, #429214, #429213 -CVE-2007-3153 +CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other tha ...) NOT-FOR-US: c-ares -CVE-2007-3152 +CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number gene ...) NOT-FOR-US: c-ares -CVE-2007-3151 +CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper 7 ...) NOT-FOR-US: Packeteer PacketShaper -CVE-2007-3150 +CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute arbitr ...) NOT-FOR-US: Google Desktop -CVE-2007-3149 +CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...) - sudo <not-affected> (Not linked with krb5) -CVE-2007-3148 +CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr. ...) NOT-FOR-US: Yahoo! Webcam Viewer -CVE-2007-3147 +CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl. ...) NOT-FOR-US: Yahoo! Webcam Upload -CVE-2007-3146 +CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...) NOT-FOR-US: Zen Help Desk -CVE-2007-3145 +CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote attacker ...) - galeon <removed> (unimportant; bug #429216) NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date NOTE: phishing protections anyway -CVE-2007-3144 +CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote attack ...) NOTE: Minor issue, exact details unknown to upstream -CVE-2007-3143 +CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote attac ...) - kdebase 4:3.5.7-3 (low) [sarge] - kdebase <no-dsa> (Minor issue) [etch] - kdebase <no-dsa> (Minor issue) NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3 -CVE-2007-3142 +CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...) NOT-FOR-US: Opera -CVE-2007-3141 +CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...) NOT-FOR-US: phpWebThings -CVE-2007-3140 +CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...) - wordpress 2.2.1-1 (bug #428073) [etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch) -CVE-2007-3139 +CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default userna ...) NOT-FOR-US: Quick.Cart -CVE-2007-3138 +CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution Quick. ...) NOT-FOR-US: Quick.Cart -CVE-2007-3137 +CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in W ...) NOT-FOR-US: WmsCMS -CVE-2007-3136 +CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in new ...) NOT-FOR-US: newsSync -CVE-2007-3135 +CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...) NOT-FOR-US: Atom Photoblog -CVE-2007-3134 +CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.p ...) NOT-FOR-US: Atom PhotoBlog -CVE-2007-3133 +CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 all ...) NOT-FOR-US: W1L3D4 -CVE-2007-3132 +CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ea ...) NOT-FOR-US: Symantec Ghost -CVE-2007-3131 +CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light B ...) NOT-FOR-US: Light Blog -CVE-2007-3130 +CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (fo ...) NOT-FOR-US: OpenWiki -CVE-2007-3129 +CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News P ...) NOT-FOR-US: Utopia News Pro -CVE-2007-3128 +CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when magic ...) NOT-FOR-US: WSPortal -CVE-2007-3127 +CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...) NOT-FOR-US: WSPortal -CVE-2007-3126 +CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a denia ...) - gimp 2.8.22-1 (unimportant; bug #885382) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=773233 NOTE: https://git.gnome.org/browse/gimp/commit/?id=46bcd82800e37b0f5aead76184430ef2fe802748 (master) NOTE: https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7 (gimp-2-8) CVE-2007-3125 REJECTED -CVE-2007-3124 +CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...) NOT-FOR-US: FreeVMS -CVE-2007-3123 +CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 a ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 -CVE-2007-3122 +CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 all ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 -CVE-2007-3121 +CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the z ...) - zvbi 0.2.25-1 (bug #429221; unimportant) NOTE: Only exploitable through malformed closed captions NOTE: Malicious TV networks have more subtle methods to control people... -CVE-2007-3120 +CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php i ...) NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2007-3119 +CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (a ...) NOT-FOR-US: Kartli Alisveris Sistemi -CVE-2007-3118 +CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...) NOT-FOR-US: Kravchuk letter -CVE-2007-3117 +CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...) NOT-FOR-US: ADPLAN -CVE-2007-3116 +CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...) {DSA-1319-1} - maradns 1.2.12.06-1 [sarge] - maradns <not-affected> (1.0.x branch not affected) -CVE-2007-3115 +CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...) {DSA-1319-1} - maradns 1.2.12.06-1 [sarge] - maradns <not-affected> (1.0.x branch not affected) -CVE-2007-3114 +CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...) {DSA-1319-1} - maradns 1.2.12.05-1 [sarge] - maradns <not-affected> (1.0.x branch not affected) -CVE-2007-3113 +CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...) {DSA-1954-1} - cacti 0.8.6j-1.1 (low; bug #429224) [sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication) [etch] - cacti <no-dsa> (Minor issue, would only be run within authentication) -CVE-2007-3112 +CVE-2007-3112 (graph_image.php in Cacti 0.8.6i, and possibly other versions, allows r ...) {DSA-1954-1} - cacti 0.8.6j-1.1 (low; bug #429224) [sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication) [etch] - cacti <no-dsa> (Minor issue, would only be run within authentication) -CVE-2007-3111 +CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ISSCamCont ...) NOT-FOR-US: Provideo Camimage -CVE-2007-3110 +CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...) NOT-FOR-US: Andy Frank Beatnik -CVE-2007-3109 +CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage all ...) NOT-FOR-US: Microsoft FrontPage -CVE-2007-3108 +CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9. ...) {DSA-1571-1} - openssl 0.9.8e-6 (bug #438142; low) - openssl097 <removed> (bug #438180) [sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario) [etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario) -CVE-2007-3107 +CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including 2.6.2 ...) - linux-2.6 2.6.22-1 (unimportant) NOTE: Not reproducibly reliably by an attacker, mostly a bug NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914 NOTE: in Linus' tree. -CVE-2007-3106 +CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2. ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 (medium) -CVE-2007-3105 +CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) imple ...) {DSA-1504-1 DSA-1363-1} - linux-2.6 2.6.22-4 -CVE-2007-3104 +CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...) {DSA-1428-1} - linux-2.6 2.6.22-4 (low) -CVE-2007-3103 +CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux d ...) {DSA-1342-1} - xfs 1:1.0.8-2.1 (low) NOTE: i've checked 1.0.8, and this problem is no longer present -CVE-2007-3102 +CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...) - openssh <not-affected> (This is a redhat/fedora specific issue) NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch) NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on: NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm -CVE-2007-3101 +CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF app ...) NOT-FOR-US: Apache MyFaces Tomahawk -CVE-2007-3100 +CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-8 ...) {DSA-1314-1} - open-iscsi 2.0.865-1 (low; bug #429225) -CVE-2007-3099 +CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...) {DSA-1314-1} - open-iscsi 2.0.865-1 (medium; bug #429225) -CVE-2007-3098 +CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc b ...) NOT-FOR-US: Castle Rock Computing SNMPc -CVE-2007-3097 +CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...) NOT-FOR-US: F5 Firepass 4100 SSL VPN -CVE-2007-3096 +CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16 ...) NOT-FOR-US: PBLang (PBL) -CVE-2007-3095 +CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...) NOT-FOR-US: Symantec Reporting Server -CVE-2007-3094 +CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris M ...) NOT-FOR-US: Solaris Management Console -CVE-2007-3093 +CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris Manageme ...) NOT-FOR-US: Solaris Management Console -CVE-2007-3092 +CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...) NOT-FOR-US: MSIE6 -CVE-2007-3091 +CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3090 REJECTED -CVE-2007-3089 +CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.5-1 (low; bug #427691) - iceape 1.1.3-1 (low) - xulrunner 1.8.1.5-1 (low) NOTE: MFSA2007-20 -CVE-2007-3088 +CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote a ...) NOT-FOR-US: Comicsense -CVE-2007-3087 +CVE-2007-3087 (Peercast places a cleartext password in a query string, which might al ...) NOT-FOR-US: PeerCast -CVE-2007-3086 +CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4. ...) NOT-FOR-US: Outpost Firewall PRO -CVE-2007-3085 +CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow rem ...) NOT-FOR-US: PBSite -CVE-2007-3084 +CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...) NOT-FOR-US: Comdev Web Blogger -CVE-2007-3083 +CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with insuff ...) NOT-FOR-US: Z-Blog -CVE-2007-3082 +CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...) NOT-FOR-US: Sendcard -CVE-2007-3081 +CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in Comd ...) NOT-FOR-US: Comdev eCommerce -CVE-2007-3080 +CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1 ...) NOT-FOR-US: Hunkaray Okul Portaly -CVE-2007-3079 +CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...) NOT-FOR-US: EQdkp -CVE-2007-3078 +CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...) NOT-FOR-US: Aigaion -CVE-2007-3077 +CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earl ...) NOT-FOR-US: EQdkp -CVE-2007-3076 +CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allo ...) NOT-FOR-US: Zenturi ProgramChecker -CVE-2007-3075 +CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer allow ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3074 +CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read fi ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1} - iceweasel 2.0.0.4-1 (low) - iceape 1.0.9-1 (low) - xulrunner 1.8.1.4-1 (low) -CVE-2007-3073 +CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earli ...) NOTE: Duplicate of CVE-2008-4067 -CVE-2007-3072 +CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...) - iceweasel <not-affected> (Only affects Windows versions of Firefox) -CVE-2007-3071 +CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX co ...) NOT-FOR-US: eSellerate -CVE-2007-3070 +CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...) NOT-FOR-US: BDigital Web Solutions WebStudio -CVE-2007-3069 +CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session w ...) NOT-FOR-US: Sun Solaris -CVE-2007-3068 +CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows re ...) NOT-FOR-US: DVD X Player -CVE-2007-3067 +CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key Tra ...) NOT-FOR-US: EQdkp -CVE-2007-3066 +CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2 ...) NOT-FOR-US: IBM DB2 -CVE-2007-3065 +CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...) NOT-FOR-US: Particle Gallery -CVE-2007-3064 +CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook a ...) NOT-FOR-US: My Datebook -CVE-2007-3063 +CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...) NOT-FOR-US: My Datebook -CVE-2007-3062 +CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP System Management Homepage -CVE-2007-3061 +CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web roo ...) NOT-FOR-US: Cactushop -CVE-2007-3060 +CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) NOT-FOR-US: PHP Live! -CVE-2007-3059 +CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: SendCard -CVE-2007-3058 +CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...) NOT-FOR-US: Madirish Webmail -CVE-2007-3057 +CVE-2007-3057 (PHP remote file inclusion vulnerability in include/wysiwyg/spaw_contro ...) NOT-FOR-US: XOOPS -CVE-2007-3056 +CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...) - websvn 1.61-22.3 (unimportant; bug #439337) NOTE: Websvn does not have cookie based authentication by itself. NOTE: I therefore don't think this is serious enough for a stable update. -CVE-2007-3055 +CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib Linke ...) NOT-FOR-US: Codelib Linker -CVE-2007-3054 +CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib Link ...) NOT-FOR-US: Codelib Linker -CVE-2007-3053 +CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier al ...) NOT-FOR-US: Calimero -CVE-2007-3052 +CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earl ...) NOT-FOR-US: PostNuke -CVE-2007-3051 +CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft Revok ...) NOT-FOR-US: RevokeSoft RevokeBB -CVE-2007-3050 +CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...) NOT-FOR-US: chameleon cms -CVE-2007-3049 +CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...) NOT-FOR-US: Buttercup BWFM CVE-2007-3048 - screen <not-affected> (not reproducible) -CVE-2007-3047 +CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...) NOT-FOR-US: Vonage -CVE-2007-3046 +CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library be ...) NOT-FOR-US: Advanced Software Production Line Vortex Library -CVE-2007-3045 +CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/ ...) NOT-FOR-US: Hitachi TP1 -CVE-2007-3044 +CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi X ...) NOT-FOR-US: Hitachi -CVE-2007-3043 +CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File Shari ...) NOT-FOR-US: Hitachi Collaboration -CVE-2007-3042 +CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows re ...) NOT-FOR-US: Meneame -CVE-2007-3041 +CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for Inter ...) NOT-FOR-US: Microsoft -CVE-2007-3040 +CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Ag ...) NOT-FOR-US: Windows -CVE-2007-3039 +CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) se ...) NOT-FOR-US: Windows -CVE-2007-3038 +CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...) NOT-FOR-US: Microsoft -CVE-2007-3037 +CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attack ...) NOT-FOR-US: Microsoft -CVE-2007-3036 +CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...) NOT-FOR-US: Windows Services for UNIX -CVE-2007-3035 +CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10 ...) NOT-FOR-US: Microsoft -CVE-2007-3034 +CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering En ...) NOT-FOR-US: Microsoft -CVE-2007-3033 +CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlin ...) NOT-FOR-US: Microsoft -CVE-2007-3032 +CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...) NOT-FOR-US: Microsoft CVE-2007-3031 REJECTED -CVE-2007-3030 +CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows u ...) NOT-FOR-US: Microsoft Excel -CVE-2007-3029 +CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 all ...) NOT-FOR-US: Microsoft Excel -CVE-2007-3028 +CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft -CVE-2007-3027 +CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows re ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3026 +CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...) NOT-FOR-US: Panda -CVE-2007-3025 +CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0 ...) - clamav <not-affected> (Solaris-specific bug) -CVE-2007-3024 +CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 use ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 -CVE-2007-3023 +CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not proper ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 -CVE-2007-3022 +CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...) NOT-FOR-US: Symantec -CVE-2007-3021 +CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...) NOT-FOR-US: Symantec CVE-2007-3020 RESERVED CVE-2007-3019 RESERVED -CVE-2007-3018 +CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-cr ...) NOT-FOR-US: activeWeb contentserver CMS -CVE-2007-3017 +CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.29 ...) NOT-FOR-US: activeWeb contentserver CMS CVE-2007-3016 RESERVED CVE-2007-3015 RESERVED -CVE-2007-3014 +CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb conte ...) NOT-FOR-US: activeWeb contentserver CMS -CVE-2007-3013 +CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...) NOT-FOR-US: activeWeb contentserver CMS -CVE-2007-3012 +CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch B ...) NOT-FOR-US: Fujitsu-Siemens -CVE-2007-3011 +CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens C ...) NOT-FOR-US: Fujitsu-Siemens -CVE-2007-3010 +CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterpris ...) NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server -CVE-2007-3009 +CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...) NOT-FOR-US: Mbedthis AppWeb -CVE-2007-3008 +CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...) NOT-FOR-US: Mbedthis AppWeb -CVE-2007-3007 +CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode rest ...) - php5 5.2.3-1 (unimportant) -CVE-2007-3006 +CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted r ...) NOT-FOR-US: Acoustica MP3 CD Burner CVE-2007-3005 REJECTED CVE-2007-3004 REJECTED -CVE-2007-3003 +CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...) NOT-FOR-US: myBloggie -CVE-2007-3002 +CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive info ...) NOT-FOR-US: PHP JackKnife -CVE-2007-3001 +CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ( ...) NOT-FOR-US: PHP JackKnife -CVE-2007-3000 +CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...) NOT-FOR-US: PHP JackKnife -CVE-2007-2999 +CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect fo ...) NOT-FOR-US: Microsoft -CVE-2007-2998 +CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS f ...) NOT-FOR-US: OpenVMS CVE-2007-2997 NOT-FOR-US: SalesCart Shopping Cart -CVE-2007-2996 +CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...) NOT-FOR-US: IBM AIX -CVE-2007-2995 +CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3 ...) NOT-FOR-US: IBM AIX -CVE-2007-2994 +CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...) NOT-FOR-US: DGNews -CVE-2007-2993 +CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...) NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) -CVE-2007-2992 +CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka O ...) NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) -CVE-2007-2991 +CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in E ...) NOT-FOR-US: Evenzia CMS -CVE-2007-2990 +CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 a ...) NOT-FOR-US: Sun Solaris -CVE-2007-2989 +CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic e ...) NOT-FOR-US: Sun Solaris -CVE-2007-2988 +CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...) NOT-FOR-US: Inout Meta Search Engine -CVE-2007-2987 +CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...) NOT-FOR-US: Zenturi ProgramChecker -CVE-2007-2986 +CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...) NOT-FOR-US: AdminBot -CVE-2007-2985 +CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...) NOT-FOR-US: Pheap -CVE-2007-2984 +CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group CD ...) NOT-FOR-US: Media Technology Group CDPass -CVE-2007-2982 +CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business C ...) NOT-FOR-US: British Telecommunications Business Connect -CVE-2007-2981 +CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies LEAD ...) NOT-FOR-US: LeadTools -CVE-2007-2980 +CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS L ...) NOT-FOR-US: LeadTools -CVE-2007-2979 +CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive infor ...) NOT-FOR-US: Techno Dreams Web Directory / Search Engine -CVE-2007-2978 +CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows rem ...) NOT-FOR-US: eggblog -CVE-2007-2977 +CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in th ...) NOT-FOR-US: DOMjudge -CVE-2007-2976 +CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet Service ...) NOT-FOR-US: Centrinity -CVE-2007-2975 +CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier (forme ...) NOT-FOR-US: Ignite Realtime -CVE-2007-2974 +CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...) NOT-FOR-US: Avira Antivirus -CVE-2007-2973 +CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to c ...) NOT-FOR-US: Avira Antivirus -CVE-2007-2972 +CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 a ...) NOT-FOR-US: Avira Antivirus -CVE-2007-2971 +CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earl ...) NOT-FOR-US: gCards -CVE-2007-2970 +CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi i ...) NOT-FOR-US: 8e6 R3000 Internet Filter -CVE-2007-2969 +CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in WAnewslet ...) NOT-FOR-US: WAnewsletter -CVE-2007-2968 +CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...) NOT-FOR-US: cpCommerce CVE-2007-XXXX [webpy HTTP response splitting vulnerability] - webpy 0.210-1 (bug #427715; unimportant) NOTE: This is not a vulnerability, but an additional precaution function for NOTE: a development framework. If someone wants to have this updated in Etch, this NOTE: needs to go through a point update -CVE-2007-2967 +CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) NOT-FOR-US: F-Secure -CVE-2007-2966 +CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure anti-vi ...) NOT-FOR-US: F-Secure -CVE-2007-2965 +CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in multi ...) NOT-FOR-US: F-Secure -CVE-2007-2964 +CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and e ...) NOT-FOR-US: F-Secure -CVE-2007-2963 +CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...) NOT-FOR-US: Invision Power Board -CVE-2007-2962 +CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle Gal ...) NOT-FOR-US: Particle Gallery -CVE-2007-2961 +CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 allo ...) NOT-FOR-US: FileCloset -CVE-2007-2960 +CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 a ...) NOT-FOR-US: Scallywag -CVE-2007-2959 +CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before 1 ...) NOT-FOR-US: cpCommerce -CVE-2007-2958 +CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...) - sylpheed-claws 1.0.5-5.2 (low; bug #441854) [etch] - sylpheed-claws <no-dsa> (Minor issue) [sarge] - sylpheed-claws <no-dsa> (Minor issue) @@ -9041,221 +9041,221 @@ CVE-2007-2958 [sarge] - sylpheed <no-dsa> (Minor issue) NOTE: the cvs referenced in redhat bugzilla is not available anymore however NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug -CVE-2007-2957 +CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...) NOT-FOR-US: McAfee on Solaris -CVE-2007-2956 +CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...) NOT-FOR-US: Qtpfsgui and pfstools -CVE-2007-2955 +CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in multi ...) NOT-FOR-US: Norton Antivirus/Internet Security/System Works -CVE-2007-2954 +CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...) NOT-FOR-US: Novell Client -CVE-2007-2953 +CVE-2007-2953 (Format string vulnerability in the helptags_one function in src/ex_cmd ...) {DSA-1364-2 DSA-1364-1} - vim 1:7.1-056+1 (low) -CVE-2007-2952 +CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka k9fil ...) NOT-FOR-US: Blue Coat K9 Web Protection -CVE-2007-2951 +CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3 ...) - kvirc 2:3.2.4-5 (bug #434419; medium) -CVE-2007-2950 +CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara ...) NOT-FOR-US: Centennial -CVE-2007-2949 +CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the p ...) {DSA-1335-1} - gimp 2.2.16-1 (medium) - ingimp 2.2.16.20070710-1 NOTE: http://secunia.com/secunia_research/2007-63/advisory -CVE-2007-2948 +CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlay ...) {DSA-1313-1} - mplayer 1.0~rc1-14 -CVE-2007-2947 +CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0 ...) NOT-FOR-US: OpenBASE Alpha -CVE-2007-2946 +CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster Dialo ...) NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) -CVE-2007-2945 +CVE-2007-2945 (RMForum stores sensitive information under the web root with insuffici ...) NOT-FOR-US: RMForum -CVE-2007-2944 +CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with insuff ...) NOT-FOR-US: WabCMS -CVE-2007-2943 +CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis ...) NOT-FOR-US: Webavis -CVE-2007-2942 +CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ear ...) NOT-FOR-US: My Little Forum -CVE-2007-2941 +CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in v ...) NOT-FOR-US: vBulletin Google Yahoo Site Map -CVE-2007-2940 +CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 B ...) NOT-FOR-US: FlaP -CVE-2007-2939 +CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...) NOT-FOR-US: Mazen's PHP Chat -CVE-2007-2938 +CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBas ...) NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module -CVE-2007-2937 +CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...) NOT-FOR-US: TROforum -CVE-2007-2936 +CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock ...) NOT-FOR-US: Frequency Clock -CVE-2007-2935 +CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remo ...) NOT-FOR-US: Fundanemt -CVE-2007-2934 +CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered ...) NOT-FOR-US: Vistered Little -CVE-2007-2933 +CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form (com_phila ...) NOT-FOR-US: Phil-a-Form -CVE-2007-2932 +CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...) NOT-FOR-US: BoastMachine -CVE-2007-2931 +CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7. ...) NOT-FOR-US: MSN Messenger -CVE-2007-2930 +CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...) - bind <removed> (bug #442910) [etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing) [sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing) -CVE-2007-2929 +CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...) NOT-FOR-US: IBM Lenovo Access Support -CVE-2007-2928 +CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...) NOT-FOR-US: IBM Lenovo Access Support -CVE-2007-2927 +CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter dri ...) NOT-FOR-US: Windows Atheros drivers -CVE-2007-2926 +CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...) {DSA-1341-2} - bind9 1:9.4.1-P1-1 -CVE-2007-2925 +CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ...) - bind9 1:9.4.1-P1-1 (medium) [etch] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected) [sarge] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected) -CVE-2007-2924 +CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...) NOT-FOR-US: RealNetworks GameHouse -CVE-2007-2923 +CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...) NOT-FOR-US: LocalExec ActiveX control CVE-2007-2922 RESERVED -CVE-2007-2921 +CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx Active ...) NOT-FOR-US: Corel -CVE-2007-2920 +CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX co ...) NOT-FOR-US: Zoomify Viewer -CVE-2007-2919 +CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX co ...) NOT-FOR-US: FViewerLoading -CVE-2007-2918 +CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...) NOT-FOR-US: Logitech -CVE-2007-2917 +CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...) NOT-FOR-US: Authentium -CVE-2007-2916 +CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...) NOT-FOR-US: GMTT Music Distro -CVE-2007-2915 +CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows re ...) NOT-FOR-US: RM EasyMail Plus -CVE-2007-2914 +CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0 ...) NOT-FOR-US: PsychoStats -CVE-2007-2913 +CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...) NOT-FOR-US: ClonusWiki -CVE-2007-2912 +CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unau ...) NOT-FOR-US: Jelsoft vBulletin -CVE-2007-2911 +CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...) NOT-FOR-US: Jelsoft vBulletin -CVE-2007-2910 +CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...) NOT-FOR-US: Jelsoft vBulletin -CVE-2007-2909 +CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...) NOT-FOR-US: Jelsoft vBulletin -CVE-2007-2908 +CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...) NOT-FOR-US: vBulletin -CVE-2007-2907 +CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote ...) NOT-FOR-US: SSL-Explorer -CVE-2007-2906 +CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denia ...) NOT-FOR-US: Java Embedding Plugin for Mac OS X -CVE-2007-2905 +CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...) NOT-FOR-US: 2z Project -CVE-2007-2904 +CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...) NOT-FOR-US: Sun Java System Messaging Server -CVE-2007-2903 +CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 C ...) NOT-FOR-US: Microsoft Office ActiveX control -CVE-2007-2902 +CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8 ...) NOT-FOR-US: Dokeos -CVE-2007-2901 +CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 an ...) NOT-FOR-US: Dokeos -CVE-2007-2900 +CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-0 ...) NOT-FOR-US: Scallywag -CVE-2007-2899 +CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in NavB ...) NOT-FOR-US: Navboard -CVE-2007-2898 +CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...) NOT-FOR-US: 2z Project -CVE-2007-2897 +CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote attack ...) NOT-FOR-US: Microsoft IIS -CVE-2007-2896 +CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...) NOT-FOR-US: Symantec -CVE-2007-2895 +CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...) NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) -CVE-2007-2894 +CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...) - bochs <unfixed> (unimportant) -CVE-2007-2893 +CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iode ...) {DSA-1351-1} - bochs 2.3+20070705-1 (low; bug #427144) NOTE: kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730 -CVE-2007-2892 +CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...) NOT-FOR-US: ASP-Nuke -CVE-2007-2891 +CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 a ...) NOT-FOR-US: FirmWorX -CVE-2007-2890 +CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ea ...) NOT-FOR-US: cpCommerce -CVE-2007-2889 +CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 ...) NOT-FOR-US: Dokeos -CVE-2007-2888 +CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows ...) NOT-FOR-US: UltraISO -CVE-2007-2887 +CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yo ...) NOT-FOR-US: WIYS -CVE-2007-2886 +CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in Enterp ...) NOT-FOR-US: Nortel -CVE-2007-2885 +CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in ...) NOT-FOR-US: Microsoft Visual Database Tools -CVE-2007-2884 +CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allo ...) NOT-FOR-US: Microsoft Visual Basic -CVE-2007-2883 +CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier store ...) NOT-FOR-US: Credant -CVE-2007-2882 +CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 th ...) NOT-FOR-US: Sun Solaris -CVE-2007-2881 +CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support (sock ...) NOT-FOR-US: Sun Java Web Proxy Server -CVE-2007-2880 +CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 all ...) NOT-FOR-US: Digirez -CVE-2007-2879 +CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Po ...) NOT-FOR-US: GNUTurk -CVE-2007-2878 +CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run o ...) {DSA-1479-1} - linux-2.6 2.6.21-3 -CVE-2007-2877 +CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 al ...) NOTE: Not a security issue; Windows-only anyway. -CVE-2007-2876 +CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conn ...) {DSA-1356-1} - linux-2.6 2.6.21-5 (medium) -CVE-2007-2875 +CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kerne ...) {DSA-1363-1} - linux-2.6 2.6.21-5 (medium) -CVE-2007-2874 +CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in wp ...) - wpasupplicant <not-affected> (Fedora-only issue) -CVE-2007-2873 +CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...) - spamassassin 3.2.1-1 (low) [sarge] - spamassassin <no-dsa> (Only obscure setups affected, only locally exploitable) [etch] - spamassassin 3.1.7-2etch1 NOTE: Minor issue fixed in etch r6 point update NOTE: Only obscure setups affected, only locally exploitable -CVE-2007-2872 +CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...) - php5 5.2.3-1 (unimportant) NOTE: Only triggerable by malicious script NOTE: Fix from 5.2.3 was ineffective -CVE-2007-2871 +CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-17 - iceweasel 2.0.0.4-1 (low) - iceape 1.1.2-1 (low) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) - xulrunner 1.8.1.4-1 (low) -CVE-2007-2870 +CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-16 - iceweasel 2.0.0.4-1 (medium) - iceape 1.1.2-1 (medium) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) - xulrunner 1.8.1.4-1 (medium) -CVE-2007-2869 +CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12 ...) {DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1} NOTE: MFSA2007-13 - iceweasel 2.0.0.4-1 - iceape 1.1.2-1 - mozilla <removed> - xulrunner 1.8.1.4-1 -CVE-2007-2868 +CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...) {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-12 - iceweasel 2.0.0.4-1 (high) @@ -9264,7 +9264,7 @@ CVE-2007-2868 - icedove 2.0.0.4-1 (low) - xulrunner 1.8.1.4-1 (high) [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-2867 +CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5. ...) {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-12 - iceweasel 2.0.0.4-1 (high) @@ -9273,57 +9273,57 @@ CVE-2007-2867 - icedove 2.0.0.4-1 (low) - xulrunner 1.8.1.4-1 (high) [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-2866 +CVE-2007-2866 (Multiple SQL injection vulnerabilities in modules/admin/modules/galler ...) NOT-FOR-US: PHPEcho CMS -CVE-2007-2865 +CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...) {DSA-1693-1} - phppgadmin 4.1.2-1 (low; bug #427151) [sarge] - phppgadmin <not-affected> (Vulnerable code not present) NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN -CVE-2007-2864 +CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content up ...) NOT-FOR-US: CA Anti-Virus -CVE-2007-2863 +CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content up ...) NOT-FOR-US: CA Anti-Virus -CVE-2007-2862 +CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...) NOT-FOR-US: CubeCart -CVE-2007-2861 +CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple Accessibl ...) NOT-FOR-US: SAXON -CVE-2007-2860 +CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated user ...) NOT-FOR-US: BoastMachine -CVE-2007-2859 +CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 al ...) NOT-FOR-US: SimpGB -CVE-2007-2858 +CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the IP-T ...) NOT-FOR-US: IP-Tracking Mod for phpBB -CVE-2007-2857 +CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Exc ...) NOT-FOR-US: ABC Excel Parser Pro -CVE-2007-2856 +CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression Ac ...) NOT-FOR-US: Dart Communications PowerTCP -CVE-2007-2855 +CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5. ...) NOT-FOR-US: Dart ZipLite -CVE-2007-2854 +CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in BtiTra ...) NOT-FOR-US: BtiTracker -CVE-2007-2853 +CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD ...) NOT-FOR-US: Virtual CD -CVE-2007-2852 +CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2 ...) NOT-FOR-US: ESET NOD32 Antivirus -CVE-2007-2851 +CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ( ...) NOT-FOR-US: LeadTools -CVE-2007-2850 +CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...) NOT-FOR-US: Citrix -CVE-2007-2849 +CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) befo ...) - knowledgetree <removed> (bug #432123) -CVE-2007-2848 +CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...) NOT-FOR-US: Sky Software -CVE-2007-2847 +CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...) NOT-FOR-US: HLstats -CVE-2007-2846 +CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Ma ...) NOT-FOR-US: Avast -CVE-2007-2845 +CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Ma ...) NOT-FOR-US: Avast -CVE-2007-2844 +CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...) - php5 <not-affected> (Multi-threaded operation not supported in Debian) - php4 <not-affected> (Multi-threaded operation not supported in Debian) -CVE-2007-2843 +CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attacke ...) NOT-FOR-US: Apple Safari NOTE: Does not seem to work with Konqueror. CVE-2007-2842 @@ -9335,110 +9335,110 @@ CVE-2007-2841 [lighttpd DoS] NOTE: assignment CVE-2007-2840 RESERVED -CVE-2007-2839 +CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files insecur ...) {DSA-1329-1} - gfax 0.6 (bug #431893; low) NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version -CVE-2007-2838 +CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 a ...) {DSA-1327-1} - gsambad 0.1.6-2 (bug #431331) -CVE-2007-2837 +CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in fir ...) {DSA-1326-1} - fireflier 1.1.7 -CVE-2007-2836 +CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...) {DSA-1324-1} - hiki 0.8.7-1 (bug #430691; medium) [sarge] - hiki <not-affected> (Vulnerable code not present) -CVE-2007-2835 +CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_p ...) {DSA-1328-1} - unicon 3.0.4-12 (bug #431336) -CVE-2007-2834 +CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3 ...) {DSA-1375-1} - openoffice.org 2.2.1-9 (medium) [sarge] - openoffice.org 1.1.3-9sarge8 -CVE-2007-2833 +CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ( ...) {DSA-1316-1} - emacs21 21.4a+1-5.1 (bug #408929; low) - emacs-snapshot <removed> NOTE: The bug is not present in emacs22 22.2+1-1. It was probably NOTE: fixed before the first emacs22 upload. -CVE-2007-2832 +CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application firewa ...) NOT-FOR-US: Cisco -CVE-2007-2831 +CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee ...) - madwifi 1:0.9.3-2 (high; bug #425738) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch1 -CVE-2007-2830 +CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 a ...) - madwifi 1:0.9.3-2 (medium; bug #425738) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch1 -CVE-2007-2829 +CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi befo ...) - madwifi 1:0.9.3-2 (medium; bug #425738) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch1 -CVE-2007-2828 +CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php ...) NOT-FOR-US: AdSense-Deluxe -CVE-2007-2827 +CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...) NOT-FOR-US: LeadTools -CVE-2007-2826 +CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in Madi ...) NOT-FOR-US: Madirish Webmail -CVE-2007-2825 +CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in ...) NOT-FOR-US: @Mail -CVE-2007-2824 +CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...) NOT-FOR-US: AlstraSoft E-Friends -CVE-2007-2823 +CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...) NOT-FOR-US: HT Editor -CVE-2007-2822 +CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...) NOT-FOR-US: TutorialCMS -CVE-2007-2821 +CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...) {DSA-1502-1} - wordpress 2.2-1 (high) NOTE: seems present in etch even though admin-ajax.php was not shipped yet -CVE-2007-2820 +CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX C ...) NOT-FOR-US: KSign -CVE-2007-2819 +CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3. ...) NOT-FOR-US: Track+ -CVE-2007-2818 +CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSof ...) NOT-FOR-US: Parodia -CVE-2007-2817 +CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 al ...) NOT-FOR-US: ol'bookmarks -CVE-2007-2816 +CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7 ...) NOT-FOR-US: ol'bookmarks -CVE-2007-2815 +CVE-2007-2815 (The "hit-highlighting" functionality in webhits.dll in Microsoft Inter ...) NOT-FOR-US: Microsoft IIS -CVE-2007-2814 +CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX co ...) NOT-FOR-US: Pegasus ImagN' -CVE-2007-2813 +CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL sup ...) NOT-FOR-US: Cisco -CVE-2007-2812 +CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...) NOT-FOR-US: HLstats -CVE-2007-2811 +CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and ...) NOT-FOR-US: OSK Advance-Flow -CVE-2007-2810 +CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal ...) NOT-FOR-US: Gazi Download Portal -CVE-2007-2809 +CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for Windo ...) NOT-FOR-US: Opera -CVE-2007-2808 +CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4. ...) {DSA-1486-1} - gnatsweb 4.00-1.1 (low; bug #427156) -CVE-2007-2807 +CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1. ...) {DSA-1826-1 DSA-1448-1} - eggdrop 1.6.18-1.1 (medium; bug #427157) -CVE-2007-2806 +CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ga ...) NOT-FOR-US: GaliX -CVE-2007-2805 +CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...) NOT-FOR-US: ClientExec -CVE-2007-2804 +CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodLis ...) NOT-FOR-US: CandyPress Store -CVE-2007-2803 +CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Site ...) NOT-FOR-US: Vizayn Urun Tanitim Sitesi -CVE-2007-2802 +CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in ...) NOT-FOR-US: RM EasyMail Plus -CVE-2007-2801 +CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTi ...) NOT-FOR-US: eTicket -CVE-2007-2800 +CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ob ...) NOT-FOR-US: eTicket -CVE-2007-2799 +CVE-2007-2799 (Integer overflow in the "file" program 4.20, when running on 32-bit sy ...) {DSA-1343-2 DSA-1343-1} - file 4.21-1 (medium; bug #428293) -CVE-2007-2798 +CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...) {DSA-1323-1} - krb5 1.6.dfsg.1-5 (high; bug #430785) CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7] @@ -9448,101 +9448,101 @@ CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7] CVE-2007-XXXX [NTFS driver for FUSE unspecified issue] - ntfs-3g 1:1.516-1 NOTE: local root exploit -CVE-2007-2797 +CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...) - xterm <not-affected> (Debian uses safe compile-time settings) -CVE-2007-2796 +CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Arris Cadant -CVE-2007-2795 +CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remot ...) NOT-FOR-US: Ipswitch IMail CVE-2007-2794 RESERVED -CVE-2007-2793 +CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in Gee ...) NOT-FOR-US: Geeklog -CVE-2007-2792 +CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component (a ...) NOT-FOR-US: com_yanc for Mambo NOTE: com_yanc component not in Mambo Debian package -CVE-2007-2791 +CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5 ...) NOT-FOR-US: HP Tru64 -CVE-2007-2790 +CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...) NOT-FOR-US: VP-ASP Shopping Cart -CVE-2007-2789 +CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11 ...) - sun-java5 1.5.0-11-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-01-1 (bug #422403) - openjdk-6 6b08-1 (bug #566766) -CVE-2007-2788 +CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...) - sun-java5 1.5.0-11-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-01-1 (bug #422403) - openjdk-6 6b08-1 (bug #566766) -CVE-2007-2787 +CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) lttmb ...) NOT-FOR-US: LeadTools Raster Thumbnail Object Library -CVE-2007-2786 +CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote at ...) NOT-FOR-US: ircd-ratbox -CVE-2007-2785 +CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to crea ...) NOT-FOR-US: eSyndiCat Pro -CVE-2007-2784 +CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1. ...) NOT-FOR-US: Globus Toolkit -CVE-2007-2783 +CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 an ...) NOT-FOR-US: Rational Soft Hidden Administrator -CVE-2007-2782 +CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence n ...) NOT-FOR-US: Packeteer PacketShaper -CVE-2007-2781 +CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in include/sessionRegister.ph ...) NOT-FOR-US: WikyBlog -CVE-2007-2780 +CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensi ...) NOT-FOR-US: PsychoStats -CVE-2007-2779 +CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in Libstat ...) NOT-FOR-US: Libstats -CVE-2007-2778 +CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allo ...) NOT-FOR-US: MolyX BOARD -CVE-2007-2777 +CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in A ...) NOT-FOR-US: AlstraSoft Template Seller Pro -CVE-2007-2776 +CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to th ...) NOT-FOR-US: AlstraSoft Template Seller Pro -CVE-2007-2775 +CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but d ...) NOT-FOR-US: AlstraSoft Live Support -CVE-2007-2774 +CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...) NOT-FOR-US: SunLight CMS -CVE-2007-2773 +CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...) NOT-FOR-US: Zomplog -CVE-2007-2772 +CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and r ...) NOT-FOR-US: CA BrightStor Backup -CVE-2007-2771 +CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 20 ...) NOT-FOR-US: LeadTools JPEG 2000 -CVE-2007-2770 +CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...) NOT-FOR-US: Eudora -CVE-2007-2769 +CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...) NOT-FOR-US: OPeNDAP -CVE-2007-2768 +CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...) - openssh <unfixed> (bug #436571; unimportant) [etch] - openssh <no-dsa> (Minor issue) [sarge] - openssh <no-dsa> (Minor issue) NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279 -CVE-2007-2767 +CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) be ...) NOT-FOR-US: OPeNDAP -CVE-2007-2766 +CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQ ...) - backup-manager 0.7.6-1 (low) [sarge] - backup-manager <no-dsa> (Minor issue) [etch] - backup-manager 0.7.5-5 -CVE-2007-2765 +CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemo ...) NOT-FOR-US: BlockHosts -CVE-2007-2764 +CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches bef ...) NOT-FOR-US: Sun-Brocade SilkWorm -CVE-2007-2763 +CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules subsy ...) NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control -CVE-2007-2762 +CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast (b ...) NOT-FOR-US: Build it Fast -CVE-2007-2761 +CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allo ...) NOT-FOR-US: MagicISO -CVE-2007-2760 +CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 d ...) NOT-FOR-US: Adempiere -CVE-2007-2759 +CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the V ...) NOT-FOR-US: Adempiere -CVE-2007-2758 +CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted rem ...) NOT-FOR-US: WinImage -CVE-2007-2757 +CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 al ...) NOT-FOR-US: Redoable -CVE-2007-2756 +CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted attack ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low) [etch] - libgd <no-dsa> (Minor issue) @@ -9550,529 +9550,529 @@ CVE-2007-2756 [etch] - libgd2 <no-dsa> (Minor issue) [sarge] - libgd2 <no-dsa> (Minor issue) NOTE: https://web.archive.org/web/20090212193455/http://bugs.libgd.org/?do=details&task_id=86 -CVE-2007-2755 +CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll ...) NOT-FOR-US: PrecisionID -CVE-2007-2754 +CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and e ...) {DSA-1334-1 DSA-1302-1} - freetype 2.2.1-6 (bug #425625) [sarge] - freetype 2.1.7-8 -CVE-2007-2753 +CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the we ...) NOT-FOR-US: RunawaySoft -CVE-2007-2752 +CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...) NOT-FOR-US: RunawaySoft -CVE-2007-2751 +CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 a ...) NOT-FOR-US: PHPGlossar -CVE-2007-2750 +CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and earli ...) NOT-FOR-US: SimpNews -CVE-2007-2749 +CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and e ...) NOT-FOR-US: FAQEngine -CVE-2007-2748 +CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows context-depe ...) - php4 <not-affected> (Debian shipped the correct fix from the beginning) - php5 <not-affected> (Debian shipped the correct fix from the beginning) -CVE-2007-2747 +CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...) NOT-FOR-US: rdiffWeb -CVE-2007-2746 +CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...) NOT-FOR-US: Plain Black WebGUI -CVE-2007-2745 +CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webma ...) NOT-FOR-US: vDesk Webmail -CVE-2007-2744 +CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX con ...) NOT-FOR-US: PrecisionID -CVE-2007-2743 +CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in GlossWor ...) NOT-FOR-US: GlossWord -CVE-2007-2742 +CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 B ...) NOT-FOR-US: w2box -CVE-2007-2741 +CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows re ...) - lcms 1.15-1 (medium) -CVE-2007-2740 +CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...) - php-xajax 0.2.5-1 (bug #426103; unimportant) NOTE: This issue was created because of an upstream changelog entry, which however NOTE: was meant for the XSS, which is the general issue. -CVE-2007-2739 +CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...) {DSA-1692-1} - php-xajax 0.2.5-1 (bug #426103; low) -CVE-2007-2738 +CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...) NOT-FOR-US: Glossaire for Xoops -CVE-2007-2737 +CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 modul ...) NOT-FOR-US: MyConference for Xoops -CVE-2007-2736 +CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...) NOT-FOR-US: Achievo -CVE-2007-2735 +CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 an ...) NOT-FOR-US: ResManager for Xoops -CVE-2007-2734 +CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width an ...) NOT-FOR-US: 3Com TippingPoint IPS -CVE-2007-2733 +CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote aut ...) NOT-FOR-US: Jetbox CMS -CVE-2007-2732 +CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...) NOT-FOR-US: Jetbox CMS -CVE-2007-2731 +CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might a ...) NOT-FOR-US: Jetbox CMS -CVE-2007-2730 +CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test fo ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite -CVE-2007-2729 +CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...) NOT-FOR-US: Comodo Personal Firewall -CVE-2007-2728 +CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...) - php5 5.2.3-1 (low) [etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand()) - php4 <not-affected> (no soap functions in php4) -CVE-2007-2727 +CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4 ...) [etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand()) - php5 5.2.2-1 (low) NOTE: Code not present in PHP 4. -CVE-2007-2726 +CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: BitsCast -CVE-2007-2725 +CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...) NOT-FOR-US: DeWizardX -CVE-2007-2724 +CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...) NOT-FOR-US: fotolog -CVE-2007-2723 +CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...) NOT-FOR-US: guliverkli Media Player Classic -CVE-2007-2722 +CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers t ...) NOT-FOR-US: NewzCrawler -CVE-2007-2721 +CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG- ...) {DSA-2036-1} - jasper 1.900.1-6 (medium; bug #413033; bug #528543) NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543 - ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188) - gs-gpl <removed> (medium; bug #561717) NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html -CVE-2007-2720 +CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...) NOT-FOR-US: Group-Office -CVE-2007-2719 +CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...) NOT-FOR-US: HP Systems Insight Manager -CVE-2007-2718 +CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in Stal ...) NOT-FOR-US: Stalker CommuniGate Pro -CVE-2007-2717 +CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...) NOT-FOR-US: iGeneric (iG) Shop -CVE-2007-2716 +CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c an ...) NOT-FOR-US: EQdkp -CVE-2007-2715 +CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to cha ...) NOT-FOR-US: Snaps! Gallery -CVE-2007-2714 +CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet bef ...) - wordpress 2.2-1 NOTE: See http://plugins.trac.wordpress.org/changeset/12812/akismet/trunk/akismet.php -CVE-2007-2713 +CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...) NOT-FOR-US: iFdate -CVE-2007-2712 +CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ha ...) NOT-FOR-US: MH Software Connect Daily Web Calendar -CVE-2007-2711 +CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remot ...) NOT-FOR-US: TinyIdentD -CVE-2007-2710 +CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...) NOT-FOR-US: NagiosQL -CVE-2007-2709 +CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...) NOT-FOR-US: NagiosQL -CVE-2007-2708 +CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt Com ...) NOT-FOR-US: News-Script -CVE-2007-2707 +CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php i ...) NOT-FOR-US: Linksnet Newsfeed -CVE-2007-2706 +CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...) NOT-FOR-US: Geeklog -CVE-2007-2705 +CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA WebL ...) NOT-FOR-US: BEA WebLogic Integration -CVE-2007-2704 +CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...) NOT-FOR-US: BEA WebLogic Server -CVE-2007-2703 +CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...) NOT-FOR-US: BEA WebLogic Portal -CVE-2007-2702 +CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...) NOT-FOR-US: BEA WebLogic Portal -CVE-2007-2701 +CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2700 +CVE-2007-2700 (The WLST script generated by the configToScript command in BEA WebLogi ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2699 +CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2698 +CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show plainte ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2697 +CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7 ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2696 +CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6 ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2695 +CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express an ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2694 +CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Ex ...) NOT-FOR-US: BEA WebLogic -CVE-2007-2693 +CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT p ...) - mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected) [sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected) [sarge] - mysql-dfsg <not-affected> (Only MySQL 5.1 affected) -CVE-2007-2692 +CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x be ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.42 (bug #424778) [sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality not implemented) [sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented) NOTE: http://bugs.mysql.com/bug.php?id=28499 -CVE-2007-2691 +CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830) -CVE-2007-2690 +CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...) NOT-FOR-US: ISS -CVE-2007-2689 +CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain full-wid ...) NOT-FOR-US: Check Point -CVE-2007-2688 +CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...) NOT-FOR-US: Cisco -CVE-2007-2687 +CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.E ...) NOT-FOR-US: MicroWorld -CVE-2007-2686 +CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2. ...) NOT-FOR-US: Jetbox CMS -CVE-2007-2685 +CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...) NOT-FOR-US: Jetbox CMS -CVE-2007-2684 +CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Jetbox CMS -CVE-2007-2683 +CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute arbit ...) - mutt 1.5.15+20070608-1 (low; bug #426116) [etch] - mutt <no-dsa> (Minor issue, hardly exploitable) [sarge] - mutt <no-dsa> (Minor issue, hardly exploitable) -CVE-2007-2682 +CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as u ...) NOT-FOR-US: Adobe -CVE-2007-2681 +CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution 1. ...) - b2evolution <unfixed> (unimportant) NOTE: This is a register_globals=on issue. NOTE: More than just blogs/index.php is affected (that file isn't NOTE: installed by the Debian package). -CVE-2007-2680 +CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface i ...) NOT-FOR-US: Canon -CVE-2007-2679 +CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...) NOT-FOR-US: Simple PHP Scripts -CVE-2007-2678 +CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...) NOT-FOR-US: Netsprint -CVE-2007-2677 +CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess Communi ...) NOT-FOR-US: phpChess -CVE-2007-2676 +CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open Tr ...) NOT-FOR-US: Open Translation Engine -CVE-2007-2675 +CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...) NOT-FOR-US: Pre Classifieds Listings -CVE-2007-2674 +CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 all ...) NOT-FOR-US: Pre Shopping Mall -CVE-2007-2673 +CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura 1 ...) NOT-FOR-US: Censura -CVE-2007-2672 +CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allo ...) NOT-FOR-US: PHP Coupon Script -CVE-2007-2671 +CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of s ...) - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security problems -CVE-2007-2670 +CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the install ...) NOT-FOR-US: PHPChain -CVE-2007-2669 +CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 an ...) NOT-FOR-US: PHPChain -CVE-2007-2668 +CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execut ...) NOT-FOR-US: webdesproxy -CVE-2007-2667 +CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...) NOT-FOR-US: VImpX -CVE-2007-2666 +CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...) NOT-FOR-US: notepad++ -CVE-2007-2665 +CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0 ...) NOT-FOR-US: PhpFirstPost -CVE-2007-2664 +CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...) NOT-FOR-US: Yaap -CVE-2007-2663 +CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...) NOT-FOR-US: Beacon -CVE-2007-2662 +CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attack ...) NOT-FOR-US: EfesTECH -CVE-2007-2661 +CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remot ...) NOT-FOR-US: BlogMe CVE-2007-2660 NOT-FOR-US: PhpConcept -CVE-2007-2659 +CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced Transfe ...) NOT-FOR-US: PHP Advanced Transfer Manager (phpATM) -CVE-2007-2658 +CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...) NOT-FOR-US: ID Automation -CVE-2007-2657 +CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX contr ...) NOT-FOR-US: PrecisionID -CVE-2007-2656 +CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview Active ...) NOT-FOR-US: HP -CVE-2007-2655 +CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...) NOT-FOR-US: NetWin -CVE-2007-2654 +CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure pe ...) - xfsdump 2.2.45-1 (bug #417894; low) [etch] - xfsdump <no-dsa> (Minor issue) CVE-2007-2653 REJECTED -CVE-2007-2652 +CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow rem ...) NOT-FOR-US: Free-SA -CVE-2007-2651 +CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow re ...) NOT-FOR-US: VooDoo cIRCle -CVE-2007-2650 +CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.2-1 -CVE-2007-2649 +CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for i ...) NOT-FOR-US: Speedport W 700v -CVE-2007-2648 +CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 Active ...) NOT-FOR-US: Clever Database Comparer -CVE-2007-2647 +CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php i ...) NOT-FOR-US: MonAlbum -CVE-2007-2646 +CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted re ...) NOT-FOR-US: yEnc32 -CVE-2007-2645 +CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in exif-dat ...) {DSA-1487-1} - libexif 0.6.15-1 (bug #424775) -CVE-2007-2644 +CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3. ...) NOT-FOR-US: Morovia -CVE-2007-2643 +CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...) NOT-FOR-US: maGAZIn -CVE-2007-2642 +CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 al ...) NOT-FOR-US: R2K Gallery -CVE-2007-2641 +CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0. ...) NOT-FOR-US: W1L3D4 -CVE-2007-2640 +CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid "trivial ...) NOT-FOR-US: LibTMCG -CVE-2007-2639 +CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote atta ...) NOT-FOR-US: TFTPDWIN -CVE-2007-2638 +CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...) NOT-FOR-US: eFileCabinet -CVE-2007-2637 +CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...) {DSA-1514-1} - moin 1.5.7-2 (low) -CVE-2007-2636 +CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote attack ...) NOT-FOR-US: phpTodo -CVE-2007-2635 +CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote at ...) - interchange 5.4.2-1 (low) -CVE-2007-2634 +CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in aFor ...) NOT-FOR-US: aForum -CVE-2007-2633 +CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows re ...) NOT-FOR-US: H-Sphere -CVE-2007-2632 +CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...) NOT-FOR-US: phpMUR -CVE-2007-2631 +CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8- ...) NOTE: Duplicate of CVE-2007-2589 -CVE-2007-2630 +CVE-2007-2630 (Incomplete blacklist vulnerability in filemanager/browser/default/conn ...) - moin 1.5.8-4.1 (unimportant) - karrigell <not-affected> (Vulnerable php code not present) - knowledgeroot 0.9.8.2-2 (unimportant) -CVE-2007-2629 +CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) allow ...) NOT-FOR-US: Bradford -CVE-2007-2628 +CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in Justi ...) NOT-FOR-US: PHPSecurityAdmin -CVE-2007-2627 +CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...) - wordpress 2.2.2-1 (low) [etch] - wordpress <not-affected> (Vulnerable code not present) CVE-2007-2626 NOT-FOR-US: SchoolBoard -CVE-2007-2625 +CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in shared/code/cp_authorizati ...) NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2007-2624 +CVE-2007-2624 (Dynamic variable evaluation vulnerability in shared/config/cp_config.p ...) NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2007-2623 +CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1. ...) NOT-FOR-US: Remote Display Dev kit -CVE-2007-2622 +CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier a ...) NOT-FOR-US: TaskDriver -CVE-2007-2621 +CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 al ...) NOT-FOR-US: Thyme Calendar -CVE-2007-2620 +CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...) NOT-FOR-US: Jakub Steiner (aka jimmac) original -CVE-2007-2619 +CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login creden ...) NOT-FOR-US: Symantec pcAnywhere -CVE-2007-2618 +CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows re ...) NOT-FOR-US: Drake CMS -CVE-2007-2617 +CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core p ...) NOT-FOR-US: Sun Solaris -CVE-2007-2616 +CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE servic ...) NOT-FOR-US: Novell NetMail -CVE-2007-2615 +CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLoja ...) NOT-FOR-US: PHPLojaFacil -CVE-2007-2614 +CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in php ...) NOT-FOR-US: phpHtmlLib -CVE-2007-2613 +CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared vir ...) NOT-FOR-US: WikkaWiki -CVE-2007-2612 +CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikk ...) NOT-FOR-US: WikkaWiki -CVE-2007-2611 +CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 all ...) NOT-FOR-US: CGX -CVE-2007-2610 +CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1 ...) NOT-FOR-US: OpenLD -CVE-2007-2609 +CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 all ...) NOT-FOR-US: gnuedu -CVE-2007-2608 +CVE-2007-2608 (PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.p ...) NOT-FOR-US: Miplex2 -CVE-2007-2607 +CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...) NOT-FOR-US: LaVague -CVE-2007-2606 +CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger m ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976) [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 <unfixed> (low) NOTE: Minor issue, because conffile is restricted -CVE-2007-2605 +CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ISoftomat ...) NOT-FOR-US: Brujula Toolbar -CVE-2007-2604 +CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows remo ...) NOT-FOR-US: FlexLabel -CVE-2007-2603 +CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...) NOT-FOR-US: Audio CD Ripper -CVE-2007-2602 +CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows att ...) NOT-FOR-US: Ipswitch WhatsUp -CVE-2007-2601 +CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith Playe ...) NOT-FOR-US: GDivX Zenith Player -CVE-2007-2600 +CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (ak ...) NOT-FOR-US: TutorialCMS -CVE-2007-2599 +CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop T ...) NOT-FOR-US: TutorialCMS -CVE-2007-2598 +CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL all ...) NOT-FOR-US: PHP SimpleNEWS -CVE-2007-2597 +CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1 ...) NOT-FOR-US: telltarget CMS -CVE-2007-2596 +CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum 1 ...) NOT-FOR-US: aForum -CVE-2007-2595 +CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...) NOT-FOR-US: RSAuction -CVE-2007-2594 +CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in php ...) NOT-FOR-US: phpMyPortal -CVE-2007-2593 +CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...) NOT-FOR-US: Microsoft -CVE-2007-2592 +CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisy ...) NOT-FOR-US: Nokia -CVE-2007-2591 +CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0. ...) NOT-FOR-US: Nokia -CVE-2007-2590 +CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possi ...) NOT-FOR-US: Nokia -CVE-2007-2589 +CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...) {DSA-1290-1} - squirrelmail 2:1.4.10a-1 (low) NOTE: CVE id has later been assigned to a part of this issue -CVE-2007-2588 +CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa ...) NOT-FOR-US: Office Viewer OCX ActiveX -CVE-2007-2587 +CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authen ...) NOT-FOR-US: Cisco -CVE-2007-2586 +CVE-2007-2586 (The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check ...) NOT-FOR-US: Cisco -CVE-2007-2585 +CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz A ...) NOT-FOR-US: BarCodeWiz ActiveX control -CVE-2007-2584 +CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSu ...) NOT-FOR-US: Subscription Manager ActiveX control -CVE-2007-2583 +CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.41-1 (low; bug #426353) [sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented) NOTE: [sarge] Not affected, test case doesn't crash the daemon -CVE-2007-2582 +CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) servi ...) NOT-FOR-US: IBM DB2 -CVE-2007-2581 +CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windo ...) NOT-FOR-US: Microsoft -CVE-2007-2580 +CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...) NOT-FOR-US: Safari -CVE-2007-2579 +CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...) NOT-FOR-US: ACP3 -CVE-2007-2578 +CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in AC ...) NOT-FOR-US: ACP3 -CVE-2007-2577 +CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...) NOT-FOR-US: ACP3 -CVE-2007-2576 +CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 Active ...) NOT-FOR-US: advdaudio.ocx ActiveX control -CVE-2007-2575 +CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm (ak ...) NOT-FOR-US: vm watermark 0.4.1 mod for Gallery -CVE-2007-2574 +CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog 0.9 ...) NOT-FOR-US: Archangel Weblog -CVE-2007-2573 +CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in P ...) NOT-FOR-US: PHPtree -CVE-2007-2572 +CVE-2007-2572 (PHP remote file inclusion vulnerability in modules/noevents/templates/ ...) NOT-FOR-US: NoAh (aka PHP Content Architect, phparch) -CVE-2007-2571 +CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...) NOT-FOR-US: wfquotes module for XOOPS -CVE-2007-2570 +CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in W ...) NOT-FOR-US: Wikivi5 -CVE-2007-2569 +CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 a ...) NOT-FOR-US: Friendly -CVE-2007-2568 +CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assis ...) NOT-FOR-US: VCDGear -CVE-2007-2567 +CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Cod ...) NOT-FOR-US: Taltech Tal Bar Code ActiveX control -CVE-2007-2566 +CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control a ...) NOT-FOR-US: Taltech Tal Bar Code ActiveX control -CVE-2007-2565 +CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...) NOT-FOR-US: Cdelia Software ImageProcessing -CVE-2007-2564 +CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music Ment ...) NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control -CVE-2007-2563 +CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...) NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control -CVE-2007-2562 +CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...) NOT-FOR-US: Kayako eSupport -CVE-2007-2561 +CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...) NOT-FOR-US: fipsCMS -CVE-2007-2560 +CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 an ...) NOT-FOR-US: ACGVannu -CVE-2007-2559 +CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart 3. ...) NOT-FOR-US: american cart CVE-2007-2558 NOT-FOR-US: pfa CMS -CVE-2007-2557 +CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, whic ...) NOT-FOR-US: Mambo -CVE-2007-2556 +CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attacker ...) NOT-FOR-US: Nuked-klaN -CVE-2007-2555 +CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...) NOT-FOR-US: Podium CMS -CVE-2007-2554 +CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...) NOT-FOR-US: Newspower -CVE-2007-2553 +CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2007-2552 +CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 all ...) NOT-FOR-US: WikkaWiki -CVE-2007-2551 +CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaW ...) NOT-FOR-US: WikkaWiki -CVE-2007-2550 +CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 a ...) NOT-FOR-US: CubeCart -CVE-2007-2549 +CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...) NOT-FOR-US: TurnkeyWebTools -CVE-2007-2548 +CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shop ...) NOT-FOR-US: TurnkeyWebTools -CVE-2007-2547 +CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebToo ...) NOT-FOR-US: TurnkeyWebTools -CVE-2007-2546 +CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 an ...) NOT-FOR-US: SMF -CVE-2007-2545 +CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9. ...) NOT-FOR-US: Persism -CVE-2007-2544 +CVE-2007-2544 (PHP remote file inclusion vulnerability in templates/default/tpl_messa ...) NOT-FOR-US: TopTree BBS -CVE-2007-2543 +CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...) NOT-FOR-US: XOOPS -CVE-2007-2542 +CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench sur ...) NOT-FOR-US: workbench survival guide -CVE-2007-2541 +CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php i ...) NOT-FOR-US: Versado -CVE-2007-2540 +CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and e ...) NOT-FOR-US: PMECMS -CVE-2007-2539 +CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote atta ...) NOT-FOR-US: RunCms -CVE-2007-2538 +CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms 1. ...) NOT-FOR-US: RunCms -CVE-2007-2537 +CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 an ...) NOT-FOR-US: NPDS -CVE-2007-2536 +CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...) NOT-FOR-US: Picozip -CVE-2007-2535 +CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...) NOT-FOR-US: WinAce CVE-2007-2534 NOT-FOR-US: phpHoo3 -CVE-2007-2533 +CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Sec ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-2532 +CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duo ...) NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop -CVE-2007-2531 +CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in Ber ...) NOT-FOR-US: Berylium2 -CVE-2007-2530 +CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowel ...) NOT-FOR-US: Tropicalm -CVE-2007-2529 +CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 b ...) NOT-FOR-US: Solaris 10 -CVE-2007-2528 +CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-2527 +CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD befor ...) NOT-FOR-US: DynamicPAD -CVE-2007-2526 +CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewe ...) NOT-FOR-US: VNC Viewer ActiveX control -CVE-2007-2525 +CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1} - linux-2.6 2.6.22-1 NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in NOTE: Linus' tree. -CVE-2007-2524 +CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Re ...) {DSA-1298-1} - otrs2 2.1.1-1 (bug #423524) NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix -CVE-2007-2523 +CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070 ...) NOT-FOR-US: CA Anti-Virus -CVE-2007-2522 +CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA Anti-Vi ...) NOT-FOR-US: CA Anti-Virus -CVE-2007-2521 +CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! befor ...) NOT-FOR-US: E-GADS! -CVE-2007-2520 +CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when magic_qu ...) NOT-FOR-US: MyNews -CVE-2007-2519 +CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...) - php5 5.2.3-1 (unimportant; bug #441433) - php4 <removed> (unimportant) NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't @@ -10085,174 +10085,174 @@ CVE-2007-2516 RESERVED CVE-2007-2515 RESERVED -CVE-2007-2514 +CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple product ...) NOT-FOR-US: Symantec -CVE-2007-2513 +CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 pos ...) NOT-FOR-US: Novell GroupWise -CVE-2007-2512 +CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and l ...) NOT-FOR-US: Alcatel-Lucent -CVE-2007-2511 +CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP befo ...) {DTSA-39-1} - php5 5.2.2-1 NOTE: Only triggerable by malicious script -CVE-2007-2510 +CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before 5 ...) {DSA-1295-1 DTSA-39-1} - php5 5.2.2-1 (low) -CVE-2007-2509 +CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...) {DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1} - php5 5.2.2-1 (low) - php4 4.4.7-1 (low) -CVE-2007-2508 +CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.5 ...) NOT-FOR-US: Trend Micro -CVE-2007-2507 +CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble D ...) NOT-FOR-US: Treble Designs 1024 CMS -CVE-2007-2506 +CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...) NOT-FOR-US: OpenEdge WebSpeed -CVE-2007-2505 +CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 all ...) NOT-FOR-US: MailCOPA CVE-2007-2504 NOT-FOR-US: PHP Turbulence CVE-2007-2503 NOT-FOR-US: PHP Turbulence -CVE-2007-2502 +CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with so ...) NOT-FOR-US: HP ProCurve 9300m Series switches -CVE-2007-2501 +CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before 0.9 ...) NOT-FOR-US: CodePress -CVE-2007-2500 +CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player ...) {DTSA-48-1} - gnash 0.7.2+cvs20070518.1557-1 (bug #423433) -CVE-2007-2499 +CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and e ...) NOT-FOR-US: DVDdb -CVE-2007-2498 +CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote a ...) NOT-FOR-US: Winamp -CVE-2007-2497 +CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a den ...) NOT-FOR-US: RealPlayer NOTE: helix-player not affected -CVE-2007-2496 +CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote at ...) NOT-FOR-US: WordViewer.ocx -CVE-2007-2495 +CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...) NOT-FOR-US: ExcelViewer .ocx -CVE-2007-2494 +CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX con ...) NOT-FOR-US: PowerPointViewer .ocx -CVE-2007-2493 +CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ & RU ...) NOT-FOR-US: FAQ & RULES module for mxBB -CVE-2007-2492 +CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...) NOT-FOR-US: v4bJournal module for PostNuke -CVE-2007-2491 +CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.3 ...) NOT-FOR-US: EMC VMware -CVE-2007-2490 +CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows rem ...) NOT-FOR-US: LiveData Server -CVE-2007-2489 +CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and o ...) NOT-FOR-US: LiveData Protocol Server -CVE-2007-2487 +CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ex ...) NOT-FOR-US: AtomixMP3 -CVE-2007-2486 +CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and 1 ...) NOT-FOR-US: Motobit -CVE-2007-2485 +CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the m ...) NOT-FOR-US: myflash plugin for WordPress -CVE-2007-2484 +CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in th ...) NOT-FOR-US: wp-Table plugin for WordPress -CVE-2007-2483 +CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the wp-T ...) NOT-FOR-US: wp-Table plugin for WordPress -CVE-2007-2482 +CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the wordTu ...) NOT-FOR-US: wordTube plugin for WordPress -CVE-2007-2481 +CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...) NOT-FOR-US: wordTube plugin for WordPress CVE-2007-XXXX [schroot may use outdated configuration information] - schroot <not-affected> (Upstream: "This bug was never present in a Debian release.") -CVE-2007-2488 +CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does n ...) {DSA-1358-1} - asterisk 1:1.4.5~dfsg-1 (low) NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line NOTE: could just as well hang-up NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-013.htm -CVE-2007-2480 +CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.2 ...) - linux-2.6 2.6.22-1 (medium) -CVE-2007-2479 +CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers t ...) NOT-FOR-US: Cerulean Trillian -CVE-2007-2478 +CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...) NOT-FOR-US: Cerulean Trillian CVE-2007-2477 NOT-FOR-US: phpMyChat -CVE-2007-2476 +CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0 ...) NOT-FOR-US: Novell -CVE-2007-2475 +CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogi ...) NOT-FOR-US: Novell -CVE-2007-2474 +CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...) NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart -CVE-2007-2473 +CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...) NOT-FOR-US: CMS Made Simple -CVE-2007-2472 +CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3 ...) NOT-FOR-US: Sendcard -CVE-2007-2471 +CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...) NOT-FOR-US: Sendcard -CVE-2007-2470 +CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...) NOT-FOR-US: FileRun -CVE-2007-2469 +CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier al ...) NOT-FOR-US: FileRun -CVE-2007-2468 +CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 an ...) NOT-FOR-US: HP OpenVMS -CVE-2007-2467 +CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite -CVE-2007-2466 +CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) f ...) NOT-FOR-US: Sun Java System Directory Server -CVE-2007-2465 +CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM ...) NOT-FOR-US: Sun Solaris -CVE-2007-2464 +CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...) NOT-FOR-US: Cisco -CVE-2007-2463 +CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...) NOT-FOR-US: Cisco -CVE-2007-2462 +CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...) NOT-FOR-US: Cisco -CVE-2007-2461 +CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PI ...) NOT-FOR-US: Cisco -CVE-2007-2460 +CVE-2007-2460 (PHP remote file inclusion vulnerability in modules/admin/include/confi ...) NOT-FOR-US: FireFly -CVE-2007-2459 +CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl mo ...) {DSA-1498-1} - libimager-perl 0.58-1 (bug #421582) -CVE-2007-2458 +CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...) NOT-FOR-US: Pixaria Gallery -CVE-2007-2457 +CVE-2007-2457 (PHP remote file inclusion vulnerability in resources/includes/class.Sm ...) NOT-FOR-US: Pixaria Gallery -CVE-2007-2456 +CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 a ...) NOT-FOR-US: FireFly -CVE-2007-2455 +CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual mac ...) NOT-FOR-US: Parallels -CVE-2007-2454 +CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...) NOT-FOR-US: Parallels -CVE-2007-2453 +CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2. ...) {DSA-1356-1} - linux-2.6 2.6.21-5 (low) -CVE-2007-2452 +CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in locate/ ...) - findutils 4.2.31-1 (low; bug #426862) [sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue) [etch] - findutils 4.2.28-1etch1 (low) -CVE-2007-2451 +CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES i ...) - linux-2.6 2.6.21-3 [etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20) -CVE-2007-2450 +CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...) {DSA-1468-1} - tomcat4 <removed> (low) - tomcat5 <removed> (low) - tomcat5.5 5.5.25-1 (low) [sarge] - tomcat4 <no-dsa> (Contrib not supported) -CVE-2007-2449 +CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP fil ...) - tomcat4 <removed> (unimportant) - tomcat5 <removed> (unimportant) - tomcat5.5 5.5.25-1 (unimportant) NOTE: Only present in the examples, not in production code -CVE-2007-2448 +CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial ...) - subversion 1.4.4dfsg1-1 (bug #428194; low) [etch] - subversion <no-dsa> (Minor issue) [sarge] - subversion <no-dsa> (Minor issue) -CVE-2007-2447 +CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allo ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 (high) -CVE-2007-2446 +CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in Sam ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 (high) -CVE-2007-2445 +CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) [etch] - libgd2 2.0.33-5.2etch1 (low) @@ -10260,27 +10260,27 @@ CVE-2007-2445 - libpng3 <not-affected> [etch] - libpng 1.2.15~beta5-1+etch2 NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far -CVE-2007-2444 +CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 -CVE-2007-2443 +CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in svc_a ...) {DSA-1323-1} - krb5 1.6.dfsg.1-5 (bug #430787; medium) -CVE-2007-2442 +CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...) {DSA-1323-1} - krb5 1.6.dfsg.1-5 (bug #430787; high) -CVE-2007-2441 +CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) NOT-FOR-US: Caucho Resin Professional -CVE-2007-2440 +CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 a ...) NOT-FOR-US: Caucho Resin Professional -CVE-2007-2439 +CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) NOT-FOR-US: Caucho Resin Professional -CVE-2007-2438 +CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...) {DSA-1364-2 DSA-1364-1} - vim 1:7.1-022+1 (bug #435401; low) [sarge] - vim <not-affected> (Vulnerable code not present) NOTE: Exploitable through modelines, needs to be used with care in any case -CVE-2007-2437 +CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, an ...) - xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936) NOTE: etch vulnerable (patch below applies) NOTE: git url to fix the issue @@ -10290,51 +10290,51 @@ CVE-2007-2437 NOTE: just as well provide a binary which does more harm CVE-2007-2436 REJECTED -CVE-2007-2435 +CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...) - sun-java5 1.5.0-11-1 (medium; bug #423062) [etch] - sun-java5 1.5.0-14-1etch1 -CVE-2007-2434 +CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remot ...) NOT-FOR-US: Aventail Connect -CVE-2007-2433 +CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...) NOT-FOR-US: Ariadne -CVE-2007-2432 +CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in nu ...) NOT-FOR-US: Nukedit -CVE-2007-2431 +CVE-2007-2431 (Dynamic variable evaluation vulnerability in shared/config/tce_config. ...) NOT-FOR-US: TCExam -CVE-2007-2430 +CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote at ...) NOT-FOR-US: TCExam -CVE-2007-2429 +CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to obta ...) NOT-FOR-US: ManageEngine PasswordManager Pro (PMP) -CVE-2007-2428 +CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp ...) NOT-FOR-US: Ahhp-Portal -CVE-2007-2427 +CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 modul ...) NOT-FOR-US: pnFlashGames -CVE-2007-2426 +CVE-2007-2426 (PHP remote file inclusion vulnerability in myfunctions/mygallerybrowse ...) NOT-FOR-US: myGallery -CVE-2007-2425 +CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 all ...) NOT-FOR-US: Imageview -CVE-2007-2424 +CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The Merch ...) NOT-FOR-US: The Merchant -CVE-2007-2423 +CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5. ...) {DSA-1514-1} - moin 1.5.7-3 (medium; bug #422408) CVE-2007-2422 NOT-FOR-US: Comdev One Admin -CVE-2007-2421 +CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07- ...) NOT-FOR-US: Hitachi Groupmax -CVE-2007-2420 +CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...) NOT-FOR-US: Burak Yilmaz Blog -CVE-2007-2419 +CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macro ...) NOT-FOR-US: Macrovision -CVE-2007-2418 +CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging an ...) NOT-FOR-US: Cerulean Trillian -CVE-2007-2417 +CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software Progre ...) NOT-FOR-US: Progress Software Progress and OpenEdge -CVE-2007-2416 +CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote attack ...) NOT-FOR-US: E-Annu -CVE-2007-2415 +CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...) NOT-FOR-US: Pi3Web Web Server -CVE-2007-2414 +CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: MyServer CVE-2007-2413 REJECTED @@ -10342,57 +10342,57 @@ CVE-2007-2412 NOT-FOR-US: Seir Anphin CVE-2007-2411 NOT-FOR-US: Sphider -CVE-2007-2410 +CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of cer ...) NOT-FOR-US: Mac OS X -CVE-2007-2409 +CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10. ...) NOT-FOR-US: Mac OS X -CVE-2007-2408 +CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly re ...) NOT-FOR-US: Apple Safari -CVE-2007-2407 +CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows fi ...) - samba <not-affected> (MacOS/Apple-specific vulnerability) -CVE-2007-2406 +CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certai ...) NOT-FOR-US: Mac OS X -CVE-2007-2405 +CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allow ...) NOT-FOR-US: Mac OS X -CVE-2007-2404 +CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Mac OS X -CVE-2007-2403 +CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly valid ...) NOT-FOR-US: Mac OS X -CVE-2007-2402 +CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform suff ...) NOT-FOR-US: Apple Quicktime -CVE-2007-2401 +CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4 ...) NOT-FOR-US: Apple -CVE-2007-2400 +CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Window ...) NOT-FOR-US: Apple -CVE-2007-2399 +CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1 ...) NOT-FOR-US: Apple -CVE-2007-2398 +CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...) NOT-FOR-US: Apple Safari -CVE-2007-2397 +CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly che ...) NOT-FOR-US: Apple Quicktime -CVE-2007-2396 +CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before 7. ...) NOT-FOR-US: Apple Quicktime -CVE-2007-2395 +CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime -CVE-2007-2394 +CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...) NOT-FOR-US: Apple Quicktime -CVE-2007-2393 +CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...) NOT-FOR-US: Apple Quicktime -CVE-2007-2392 +CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-a ...) NOT-FOR-US: Apple Quicktime -CVE-2007-2391 +CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 fo ...) NOT-FOR-US: Apple -CVE-2007-2390 +CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows re ...) NOT-FOR-US: Apple -CVE-2007-2389 +CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...) NOT-FOR-US: Apple -CVE-2007-2388 +CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not proper ...) NOT-FOR-US: Apple -CVE-2007-2387 +CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...) NOT-FOR-US: Apple -CVE-2007-2386 +CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 a ...) NOT-FOR-US: Apple mDNSResponder -CVE-2007-2385 +CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object Notatio ...) - yui <removed> (unimportant; bug #557745) - bcfg2 <not-affected> (present in source but not included in any binary files) - serendipity 1.5.3-1 (low; bug #557746) @@ -10404,12 +10404,12 @@ CVE-2007-2385 NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. -CVE-2007-2384 +CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object N ...) NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. -CVE-2007-2383 +CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...) {DSA-1952-1} - prototypejs <not-affected> (fixed before initial upload) - auth2db 0.2.5-2+dfsg-1 (low; bug #555217) @@ -10467,135 +10467,135 @@ CVE-2007-2383 NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. -CVE-2007-2382 +CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ( ...) NOT-FOR-US: Moo.fx framework NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. -CVE-2007-2381 +CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...) NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. -CVE-2007-2380 +CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object N ...) NOT-FOR-US: Microsoft Atlas -CVE-2007-2379 +CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ( ...) - jquery <unfixed> (unimportant) NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself. NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html -CVE-2007-2378 +CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...) - gwt <removed> (unimportant; bug #563542) NOTE: javascript security guidelines provided to developers to avoid these issues NOTE: https://developers.google.com/web-toolkit/articles/security_for_gwt_applications -CVE-2007-2377 +CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...) NOT-FOR-US: Getahead Direct Web Remoting -CVE-2007-2376 +CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation (JS ...) NOT-FOR-US: Dojo -CVE-2007-2375 +CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security Man ...) NOT-FOR-US: Symantec -CVE-2007-2374 +CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 20 ...) NOT-FOR-US: Microsoft -CVE-2007-2373 +CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1 ...) NOT-FOR-US: WF-Links (wflinks) module for XOOPS -CVE-2007-2372 +CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...) NOT-FOR-US: phpMyNewsletter -CVE-2007-2371 +CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ear ...) NOT-FOR-US: phpMyNewsletter -CVE-2007-2370 +CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 an ...) NOT-FOR-US: Jobs module for XOOPS -CVE-2007-2369 +CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 a ...) NOT-FOR-US: WebSPELL -CVE-2007-2368 +CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...) NOT-FOR-US: WebSPELL -CVE-2007-2367 +CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4. ...) NOT-FOR-US: Wserve HTTP Server (whttp) -CVE-2007-2366 +CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted rem ...) NOT-FOR-US: Corel -CVE-2007-2365 +CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0 ...) NOT-FOR-US: Adobe -CVE-2007-2364 +CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...) NOT-FOR-US: burnCMS -CVE-2007-2363 +CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted rem ...) NOT-FOR-US: IrfanView -CVE-2007-2362 +CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...) {DSA-1434-1 DTSA-36-1} - mydns 1:1.1.0-8 [sarge] - mydns <not-affected> (Vulnerable code not present) -CVE-2007-2361 +CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, ...) NOT-FOR-US: Symantec -CVE-2007-2360 +CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, ...) NOT-FOR-US: Symantec -CVE-2007-2359 +CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton G ...) NOT-FOR-US: Symantec CVE-2007-2358 - b2evolution <not-affected> (Debian's version does not contain the affected variables) -CVE-2007-2357 +CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in Si ...) NOT-FOR-US: SineCms -CVE-2007-2356 +CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in sunras. ...) {DSA-1301-1} - gimp 2.2.14-2 -CVE-2007-2355 +CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...) NOT-FOR-US: OPeNDAP -CVE-2007-2354 +CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Progress Webspeed Messenger -CVE-2007-2353 +CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ...) - axis <unfixed> (unimportant) NOTE: only path disclosure -CVE-2007-2352 +CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote at ...) NOT-FOR-US: AFFLIB -CVE-2007-2351 +CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4. ...) NOT-FOR-US: HP Power Manager Remote Agent -CVE-2007-2350 +CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows r ...) NOT-FOR-US: freePBX -CVE-2007-2349 +CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.B ...) NOT-FOR-US: Invision Power Board -CVE-2007-2348 +CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell met ...) - lftp 3.5.9-1 (unimportant) NOTE: Non-issue, also already documented as potentially risky -CVE-2007-2347 +CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...) NOT-FOR-US: OneClick CMS -CVE-2007-2346 +CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...) NOT-FOR-US: PHP-Generics -CVE-2007-2345 +CVE-2007-2345 (PHP remote file inclusion vulnerability in include/include_stream.inc. ...) NOT-FOR-US: phpBrowse -CVE-2007-2344 +CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight In ...) NOT-FOR-US: Enterasys -CVE-2007-2343 +CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys NetSig ...) NOT-FOR-US: Enterasys -CVE-2007-2342 +CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...) NOT-FOR-US: CreaScripts Creadirectory -CVE-2007-2341 +CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in phpBandM ...) NOT-FOR-US: phpBandManager -CVE-2007-2340 +CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in inc/include_all. ...) NOT-FOR-US: phporacleview -CVE-2007-2339 +CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow r ...) NOT-FOR-US: Phorum -CVE-2007-2338 +CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in include/admin/banli ...) NOT-FOR-US: Phorum -CVE-2007-2337 +CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0. ...) NOT-FOR-US: Exponent CMS -CVE-2007-2336 +CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 200 ...) NOT-FOR-US: NaviCOPA HTTP Server -CVE-2007-2335 +CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader functi ...) NOT-FOR-US: Lunascape -CVE-2007-2334 +CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...) NOT-FOR-US: Nortel -CVE-2007-2333 +CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...) NOT-FOR-US: Nortel -CVE-2007-2332 +CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_ ...) NOT-FOR-US: Nortel -CVE-2007-2331 +CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...) NOT-FOR-US: Shop-Script -CVE-2007-2330 +CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in Dyn ...) NOT-FOR-US: DynaTracker -CVE-2007-2329 +CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in Searchacti ...) NOT-FOR-US: Searchactivity -CVE-2007-2328 +CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...) NOT-FOR-US: phpMYTGP -CVE-2007-2327 +CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...) NOT-FOR-US: HTMLeditbox -CVE-2007-2326 +CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...) - smarty <removed> (unimportant; bug #488523) - moodle 1.8.2-2 (unimportant; bug #488525) - gallery2 2.2.5-2 (unimportant; bug #488527) @@ -10603,474 +10603,474 @@ CVE-2007-2326 NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory NOTE: (should be the case for embedded copies), however NOTE: additionally this relies on register_globals being switched on. -CVE-2007-2325 +CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups ...) NOT-FOR-US: MyNewsGroups -CVE-2007-2324 +CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows r ...) NOT-FOR-US: JulmaCMS -CVE-2007-2323 +CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...) NOT-FOR-US: InterVideo -CVE-2007-2322 +CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remo ...) NOT-FOR-US: Nero -CVE-2007-2321 +CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...) NOT-FOR-US: SilverStripe -CVE-2007-2320 +CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier a ...) NOT-FOR-US: Papoo -CVE-2007-2319 +CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and earli ...) NOT-FOR-US: AutoStand -CVE-2007-2318 +CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 allo ...) - filezilla 3.0.0~beta2-3 (bug #421776) NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558 -CVE-2007-2317 +CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...) NOT-FOR-US: MiniBB -CVE-2007-2316 +CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business Managem ...) NOT-FOR-US: Open Business Management -CVE-2007-2315 +CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to caus ...) NOT-FOR-US: MiniShare -CVE-2007-2314 +CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...) NOT-FOR-US: Crea-Book -CVE-2007-2313 +CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the Shotcas ...) NOT-FOR-US: Shotcast module for mxBB -CVE-2007-2312 +CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...) NOT-FOR-US: Virtual War (VWar) CVE-2007-2311 NOT-FOR-US: BlooFoxCMS -CVE-2007-2310 +CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...) NOT-FOR-US: BloofoxCMS -CVE-2007-2309 +CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...) NOT-FOR-US: FloweRS -CVE-2007-2308 +CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...) NOT-FOR-US: FloweRS -CVE-2007-2307 +CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in We ...) NOT-FOR-US: WebKalk2 -CVE-2007-2306 +CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...) NOT-FOR-US: Virtual War (VWar) -CVE-2007-2305 +CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick an ...) NOT-FOR-US: QDBlog -CVE-2007-2304 +CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ( ...) NOT-FOR-US: QDBlog -CVE-2007-2303 +CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News Manag ...) NOT-FOR-US: NMDeluxe -CVE-2007-2302 +CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...) NOT-FOR-US: Expow -CVE-2007-2301 +CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0 ...) NOT-FOR-US: audioCMS -CVE-2007-2300 +CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...) NOT-FOR-US: phpwebnews -CVE-2007-2299 +CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier a ...) NOT-FOR-US: CMS Frogss -CVE-2007-2298 +CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 a ...) NOT-FOR-US: Garennes -CVE-2007-2297 +CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...) {DSA-1358-1} - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820) [sarge] - asterisk <not-affected> (correctly logs a warning) -CVE-2007-2296 +CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quickt ...) NOT-FOR-US: Apple QuickTime -CVE-2007-2295 +CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...) NOT-FOR-US: Apple QuickTime -CVE-2007-2294 +CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...) {DSA-1358-1} - asterisk 1:1.4.3~dfsg-1 (low) NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-012.htm -CVE-2007-2293 +CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in c ...) - asterisk 1:1.4.3~dfsg-1 (high) [sarge] - asterisk <not-affected> (1.0.x not affected) [etch] - asterisk <not-affected> (1.2.x not affected) [lenny] - asterisk <not-affected> (vulnerable code not present) NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-010.htm -CVE-2007-2292 +CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (low) - xulrunner 1.8.1.9-1 - iceape 1.1.5 -CVE-2007-2291 +CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-2290 +CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and Ne ...) NOT-FOR-US: B2 Weblog NOTE: Debian's b2evolution does not contain the string "b2inc", NOTE: and does not seem to suffer from this vulnerability. -CVE-2007-2289 +CVE-2007-2289 (PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs ...) NOT-FOR-US: Download-Engine -CVE-2007-2288 +CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net do ...) NOT-FOR-US: doruk100net -CVE-2007-2287 +CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 Fin ...) NOT-FOR-US: comus -CVE-2007-2286 +CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...) NOT-FOR-US: Built2Go -CVE-2007-2285 +CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...) NOT-FOR-US: Jack Slocum Ext -CVE-2007-2284 +CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote a ...) NOT-FOR-US: ABC-View Manager -CVE-2007-2283 +CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote attacke ...) NOT-FOR-US: Fresh View -CVE-2007-2282 +CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6. ...) NOT-FOR-US: Cisco -CVE-2007-2281 +CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...) NOT-FOR-US: HP OpenView Storage Data Protector -CVE-2007-2280 +CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ser ...) NOT-FOR-US: HP OpenView Storage Data Protector -CVE-2007-2279 +CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundat ...) NOT-FOR-US: Symantec -CVE-2007-2278 +CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...) NOT-FOR-US: DCP-Portal -CVE-2007-2277 +CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to h ...) NOT-FOR-US: Plogger CVE-2007-2276 NOT-FOR-US: TippingPoint IPS -CVE-2007-2275 +CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced Edi ...) NOT-FOR-US: HP StorageWorks -CVE-2007-2274 +CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...) NOT-FOR-US: Opera -CVE-2007-2273 +CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in Ales ...) NOT-FOR-US: wavewoo -CVE-2007-2272 +CVE-2007-2272 (PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.p ...) NOT-FOR-US: Advanced Webhost Billing System -CVE-2007-2271 +CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Dist ...) NOT-FOR-US: TotaRam -CVE-2007-2270 +CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a denia ...) NOT-FOR-US: Linksys -CVE-2007-2269 +CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for Wind ...) NOT-FOR-US: Plesk -CVE-2007-2268 +CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for Windo ...) NOT-FOR-US: Plesk -CVE-2007-2267 +CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 b ...) NOT-FOR-US: Sun Cluster -CVE-2007-2266 +CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, m ...) NOT-FOR-US: Progress Webspeed Messenger -CVE-2007-2265 +CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...) NOT-FOR-US: YA Book -CVE-2007-2264 +CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...) NOT-FOR-US: RealPlayer -CVE-2007-2263 +CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and ...) NOT-FOR-US: RealPlayer -CVE-2007-2262 +CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in html/php/detail. ...) NOT-FOR-US: jmuffin -CVE-2007-2261 +CVE-2007-2261 (PHP remote file inclusion vulnerability in espaces/communiques/annotat ...) NOT-FOR-US: C-Arbre -CVE-2007-2260 +CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...) NOT-FOR-US: bibtex mase -CVE-2007-2259 +CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...) NOT-FOR-US: EsForum -CVE-2007-2258 +CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in PH ...) NOT-FOR-US: PHPMyBibli -CVE-2007-2257 +CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...) NOT-FOR-US: Fully Modded phpBB2 -CVE-2007-2256 +CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 al ...) NOT-FOR-US: TJSChat -CVE-2007-2255 +CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) NOT-FOR-US: Download-Engine -CVE-2007-2254 +CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in P ...) NOT-FOR-US: PHP Classifieds -CVE-2007-2253 +CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtai ...) NOT-FOR-US: Exponent CMS -CVE-2007-2252 +CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS 0. ...) NOT-FOR-US: Exponent CMS -CVE-2007-2251 +CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earl ...) NOT-FOR-US: Xaraya -CVE-2007-2250 +CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain th ...) NOT-FOR-US: Phorum -CVE-2007-2249 +CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...) NOT-FOR-US: Phorum -CVE-2007-2248 +CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Ph ...) NOT-FOR-US: Phorum -CVE-2007-2247 +CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...) NOT-FOR-US: phpMySpace -CVE-2007-2246 +CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running s ...) NOT-FOR-US: HP-UX -CVE-2007-2245 +CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.1-1 (low) NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 -CVE-2007-2244 +CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...) NOT-FOR-US: Adobe Photoshop -CVE-2007-2243 +CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...) - openssh <unfixed> (bug #436571; unimportant) [etch] - openssh <no-dsa> (Minor issue) [sarge] - openssh <no-dsa> (Minor issue) -CVE-2007-2242 +CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...) {DSA-1356-1} - linux-2.6 2.6.21-1 (low; bug #421595) - kfreebsd-5 <removed> (low) [etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD) NOTE: This should be off by default, tweakable by a simple knob. NOTE: (FreeBSD has it turned on for hosts, too.) -CVE-2007-2241 +CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ...) - bind9 1:9.4.1-1 (medium) [etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected) [sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected) -CVE-2007-2240 +CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...) NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control -CVE-2007-2239 +CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera C ...) NOT-FOR-US: AXIS Camera Control -CVE-2007-2238 +CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components A ...) NOT-FOR-US: Whale Client Components ActiveX control -CVE-2007-2237 +CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...) NOT-FOR-US: Microsoft -CVE-2007-2236 +CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to incl ...) NOT-FOR-US: PunBB -CVE-2007-2235 +CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 an ...) NOT-FOR-US: PunBB -CVE-2007-2234 +CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly handl ...) NOT-FOR-US: PunBB -CVE-2007-2233 +CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authen ...) NOT-FOR-US: CoSign -CVE-2007-2232 +CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...) NOT-FOR-US: CoSign -CVE-2007-2231 +CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dove ...) {DSA-1359-1} - dovecot 1.0.rc29-1 [sarge] - dovecot <not-affected> (Vulnerable code not present) -CVE-2007-2230 +CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote aut ...) NOT-FOR-US: CA Clever Path -CVE-2007-2229 +CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for unspecif ...) NOT-FOR-US: Microsoft -CVE-2007-2228 +CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, ...) NOT-FOR-US: Windows -CVE-2007-2227 +CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...) NOT-FOR-US: Microsoft CVE-2007-2226 REJECTED -CVE-2007-2225 +CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...) NOT-FOR-US: Microsoft -CVE-2007-2224 +CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft Wi ...) NOT-FOR-US: Microsoft -CVE-2007-2223 +CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote atta ...) NOT-FOR-US: Microsoft XML -CVE-2007-2222 +CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2 ...) NOT-FOR-US: Microsoft -CVE-2007-2221 +CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft W ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2220 REJECTED -CVE-2007-2219 +CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...) NOT-FOR-US: Microsoft -CVE-2007-2218 +CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...) NOT-FOR-US: Microsoft -CVE-2007-2217 +CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...) NOT-FOR-US: Kodak Image Viewer -CVE-2007-2216 +CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2215 REJECTED -CVE-2007-2214 +CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...) NOT-FOR-US: DmCMS -CVE-2007-2213 +CVE-2007-2213 (Unspecified vulnerability in the Initialize function in NetscapeFTPHan ...) NOT-FOR-US: WS_FTP -CVE-2007-2212 +CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka My ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2007-2211 +CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoa ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2007-2210 +CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...) NOT-FOR-US: Netsprint -CVE-2007-2209 +CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft Im ...) NOT-FOR-US: AccuSoft -CVE-2007-2208 +CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3 ...) NOT-FOR-US: Extreme PHPBB2 -CVE-2007-2207 +CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website Manag ...) NOT-FOR-US: Ripe Website Manager -CVE-2007-2206 +CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...) NOT-FOR-US: Ripe Website Manager -CVE-2007-2205 +CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...) NOT-FOR-US: LAN Management System -CVE-2007-2204 +CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (G ...) NOT-FOR-US: GPL PHP Board -CVE-2007-2203 +CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...) NOT-FOR-US: Big Blue Guestbook -CVE-2007-2202 +CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...) NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services -CVE-2007-2201 +CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...) NOT-FOR-US: Post Revolution -CVE-2007-2200 +CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in Pag ...) NOT-FOR-US: Pagode -CVE-2007-2199 +CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcl ...) NOT-FOR-US: Joomla! -CVE-2007-2198 +CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System (LMS ...) NOT-FOR-US: LAN Management System -CVE-2007-2197 +CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2. ...) NOT-FOR-US: NeatUpload CVE-2007-2196 NOT-FOR-US: Jambook module for Mambo and Joomla -CVE-2007-2195 +CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...) - amsn <not-affected> (Appears bogus, no such port is opened; bug #557754) -CVE-2007-2194 +CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remo ...) NOT-FOR-US: XnView -CVE-2007-2193 +CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...) NOT-FOR-US: ACDSee -CVE-2007-2192 +CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remot ...) NOT-FOR-US: Photofiltre -CVE-2007-2191 +CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x a ...) NOT-FOR-US: freePBX -CVE-2007-2190 +CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php i ...) NOT-FOR-US: Eba News -CVE-2007-2189 +CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php i ...) NOT-FOR-US: mxBB Smartor Album -CVE-2007-2188 +CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka transact ...) NOT-FOR-US: eXtremail -CVE-2007-2187 +CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remo ...) NOT-FOR-US: eXtremail -CVE-2007-2186 +CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Foxit Reader -CVE-2007-2185 +CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b a ...) NOT-FOR-US: Supasite -CVE-2007-2184 +CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...) NOT-FOR-US: jchit -CVE-2007-2183 +CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System (a ...) NOT-FOR-US: PHP-Ring Webring System -CVE-2007-2182 +CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...) NOT-FOR-US: Maran PHP Forum -CVE-2007-2181 +CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...) NOT-FOR-US: WEBInsta -CVE-2007-2180 +CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote att ...) NOT-FOR-US: Nullsoft Winamp -CVE-2007-2179 +CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in XceddZipL ...) NOT-FOR-US: RaidenFTPD -CVE-2007-2178 +CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...) NOT-FOR-US: Sharity -CVE-2007-2177 +CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...) NOT-FOR-US: Microgaming Download Helper -CVE-2007-2176 +CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers t ...) NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available -CVE-2007-2175 +CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ot ...) NOT-FOR-US: Apple QuickTime -CVE-2007-2174 +CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Eng ...) NOT-FOR-US: ZoneAlarm -CVE-2007-2173 +CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) cou ...) NOT-FOR-US: Gentoo's packaging of courier -CVE-2007-2172 +CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 cau ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1} - linux-2.6 2.6.21-1 (medium) -CVE-2007-2171 +CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in GWINTER.e ...) NOT-FOR-US: Novell GroupWise -CVE-2007-2170 +CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not c ...) NOT-FOR-US: Oracle E-Business Suite -CVE-2007-2169 +CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem 1. ...) NOT-FOR-US: Mozzers SubSystem -CVE-2007-2168 +CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...) NOT-FOR-US: AimStats -CVE-2007-2167 +CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 all ...) NOT-FOR-US: AimStats -CVE-2007-2166 +CVE-2007-2166 (PHP remote file inclusion vulnerability in administration/user/lib/gro ...) NOT-FOR-US: OpenSurveyPilot -CVE-2007-2165 +CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous au ...) - proftpd 1.3.0-24 (low) [sarge] - proftpd <no-dsa> (Minor issue) - proftpd-dfsg 1.3.0-24 (low) [etch] - proftpd-dfsg 1.3.0-19etch1 NOTE: Minor issue Fixed in 4.0r4 point release -CVE-2007-2164 +CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...) - kdelibs <unfixed> (unimportant) NOTE: Browser crashes are not treated as security problems -CVE-2007-2163 +CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service (bro ...) NOT-FOR-US: Apple Safari -CVE-2007-2162 +CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...) - iceweasel <removed> (unimportant) NOTE: Browser crashes are not treated as security problems -CVE-2007-2161 +CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-2160 +CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Data ...) NOT-FOR-US: dba module for Drupal -CVE-2007-2159 +CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database Ad ...) NOT-FOR-US: dba module for Drupal -CVE-2007-2158 +CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 a ...) NOT-FOR-US: jGallery -CVE-2007-2157 +CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in Zomp ...) NOT-FOR-US: Zomplog -CVE-2007-2156 +CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...) NOT-FOR-US: Rezervi Generic -CVE-2007-2155 +CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber TopSi ...) NOT-FOR-US: phpFaber TopSites -CVE-2007-2154 +CVE-2007-2154 (PHP remote file inclusion vulnerability in services/samples/inclusionS ...) NOT-FOR-US: Cabron Connector -CVE-2007-2153 +CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 al ...) NOT-FOR-US: @Mail -CVE-2007-2152 +CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterpris ...) NOT-FOR-US: McAfee VirusScan Enterprise -CVE-2007-2151 +CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...) NOT-FOR-US: McAfee -CVE-2007-2150 +CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allo ...) NOT-FOR-US: BlueArc -CVE-2007-2149 +CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores userna ...) NOT-FOR-US: Chatness -CVE-2007-2148 +CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in Stephe ...) NOT-FOR-US: Chatness -CVE-2007-2147 +CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...) NOT-FOR-US: Chatness -CVE-2007-2146 +CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...) NOT-FOR-US: MiniGal -CVE-2007-2145 +CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...) NOT-FOR-US: MiniGal -CVE-2007-2144 +CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...) NOT-FOR-US: JoomlaPack -CVE-2007-2143 +CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 t ...) NOT-FOR-US: Be2004-2 template for Joomla -CVE-2007-2142 +CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php all ...) NOT-FOR-US: AjPortal2Php -CVE-2007-2141 +CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...) NOT-FOR-US: ShoutPro -CVE-2007-2140 +CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...) NOT-FOR-US: Flip-search-add-on -CVE-2007-2139 +CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA (fo ...) NOT-FOR-US: CA BrightStor -CVE-2007-2137 +CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...) NOT-FOR-US: Tivoli -CVE-2007-2136 +CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol Perform ...) NOT-FOR-US: BMC Patrol PerformAgent -CVE-2007-2135 +CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...) NOT-FOR-US: Oracle -CVE-2007-2134 +CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards Ente ...) NOT-FOR-US: Oracle -CVE-2007-2133 +CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital M ...) NOT-FOR-US: Oracle -CVE-2007-2132 +CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle -CVE-2007-2131 +CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...) NOT-FOR-US: Oracle -CVE-2007-2130 +CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle Dat ...) NOT-FOR-US: Oracle -CVE-2007-2129 +CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...) NOT-FOR-US: Oracle -CVE-2007-2128 +CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle E-B ...) NOT-FOR-US: Oracle -CVE-2007-2127 +CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...) NOT-FOR-US: Oracle -CVE-2007-2126 +CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has un ...) NOT-FOR-US: Oracle -CVE-2007-2125 +CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle Collabo ...) NOT-FOR-US: Oracle -CVE-2007-2124 +CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...) NOT-FOR-US: Oracle -CVE-2007-2123 +CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...) NOT-FOR-US: Oracle -CVE-2007-2122 +CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle Applicat ...) NOT-FOR-US: Oracle -CVE-2007-2121 +CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle App ...) NOT-FOR-US: Oracle -CVE-2007-2120 +CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10 ...) NOT-FOR-US: Oracle -CVE-2007-2119 +CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...) NOT-FOR-US: Oracle -CVE-2007-2118 +CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...) NOT-FOR-US: Oracle -CVE-2007-2117 +CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...) NOT-FOR-US: Oracle -CVE-2007-2116 +CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in Ora ...) NOT-FOR-US: Oracle -CVE-2007-2115 +CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component i ...) NOT-FOR-US: Oracle -CVE-2007-2114 +CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...) NOT-FOR-US: Oracle -CVE-2007-2113 +CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_U ...) NOT-FOR-US: Oracle -CVE-2007-2112 +CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle D ...) NOT-FOR-US: Oracle -CVE-2007-2111 +CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracl ...) NOT-FOR-US: Oracle -CVE-2007-2110 +CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle Datab ...) NOT-FOR-US: Oracle -CVE-2007-2109 +CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) NOT-FOR-US: Oracle -CVE-2007-2108 +CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages] - mixmaster 3.0b2-5 (low; bug #418662) @@ -11082,571 +11082,571 @@ CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names] NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f NOTE: http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd -CVE-2007-2138 +CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...) {DSA-1311-1 DSA-1309-1} - postgresql-8.2 8.2.4-1 - postgresql-8.1 8.1.9-1 - postgresql-7.4 1:7.4.17-1 -CVE-2007-2107 +CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...) NOT-FOR-US: Rha7 Downloads -CVE-2007-2106 +CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content Manageme ...) NOT-FOR-US: Kai Content Management System -CVE-2007-2105 +CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0 ...) NOT-FOR-US: Monkey CMS -CVE-2007-2104 +CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow re ...) NOT-FOR-US: iXon CMS -CVE-2007-2103 +CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...) NOT-FOR-US: my little forum -CVE-2007-2102 +CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...) NOT-FOR-US: my little weblog -CVE-2007-2101 +CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root wit ...) NOT-FOR-US: FAC Guestbook -CVE-2007-2100 +CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...) NOT-FOR-US: FAC Guestbook -CVE-2007-2099 +CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConc ...) NOT-FOR-US: OpenConcept Back-End CMS -CVE-2007-2098 +CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...) NOT-FOR-US: Wabbit PHP Gallery CVE-2007-2097 NOT-FOR-US: OpenConcept Back-End CMS -CVE-2007-2096 +CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) NOT-FOR-US: PHPHD Download System -CVE-2007-2095 +CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 al ...) NOT-FOR-US: MySpeach -CVE-2007-2094 +CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia 0.5 ...) NOT-FOR-US: Anthologia -CVE-2007-2093 +CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft Gu ...) NOT-FOR-US: Limesoft Guestbook -CVE-2007-2092 +CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft Gu ...) NOT-FOR-US: Limesoft Guestbook -CVE-2007-2091 +CVE-2007-2091 (PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_bloc ...) NOT-FOR-US: tsdisplay4xoops -CVE-2007-2090 +CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evol ...) NOT-FOR-US: TuMusika Evolution -CVE-2007-2089 +CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx Developme ...) NOT-FOR-US: Jx Development Article component for Mambo and Joomla -CVE-2007-2088 +CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 an ...) - sitebar 3.3.8-7 (low) NOTE: this was register globals only and is fixed in Debian anyway -CVE-2007-2087 +CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, wh ...) NOT-FOR-US: CNStats -CVE-2007-2086 +CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allo ...) NOT-FOR-US: CNStats -CVE-2007-2085 +CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...) NOT-FOR-US: oe2edit CMS CVE-2007-2084 NOT-FOR-US: MobilePublisherphp -CVE-2007-2083 +CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite -CVE-2007-2082 +CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in My ...) NOT-FOR-US: MyBlog -CVE-2007-2081 +CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authenticat ...) NOT-FOR-US: MyBlog -CVE-2007-2080 +CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows all ...) NOT-FOR-US: XAMPP -CVE-2007-2079 +CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...) NOT-FOR-US: XAMPP CVE-2007-2078 NOT-FOR-US: Maian Weblog -CVE-2007-2077 +CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...) NOT-FOR-US: Maian Search -CVE-2007-2076 +CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...) NOT-FOR-US: Maian Gallery -CVE-2007-2075 +CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on m ...) NOT-FOR-US: ScramDisk -CVE-2007-2074 +CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execu ...) NOT-FOR-US: ScramDisk -CVE-2007-2073 +CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery S ...) NOT-FOR-US: Ivan Gallery Script CVE-2007-2072 NOT-FOR-US: Ivan Gallery Script -CVE-2007-2071 +CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2. ...) NOT-FOR-US: Open-gorotto -CVE-2007-2070 +CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...) NOT-FOR-US: SunShop Shopping Cart -CVE-2007-2069 +CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.1 ...) NOT-FOR-US: openMairie -CVE-2007-2068 +CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront m ...) NOT-FOR-US: StoreFront extension for Gallery -CVE-2007-2067 +CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Is ...) NOT-FOR-US: WebSlider -CVE-2007-2066 +CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: UseBB -CVE-2007-2065 +CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Lad ...) NOT-FOR-US: ActionPoll -CVE-2007-2064 +CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaett ...) NOT-FOR-US: ActionPoll -CVE-2007-2063 +CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writab ...) NOT-FOR-US: IBM zOS -CVE-2007-2062 +CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user- ...) NOT-FOR-US: VCDGear -CVE-2007-2061 +CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLo ...) NOT-FOR-US: MailBee WebMail Pro -CVE-2007-2060 +CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...) NOT-FOR-US: Wizz RSS Reader -CVE-2007-2059 +CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in eIQnet ...) NOT-FOR-US: eIQnetworks Enterprise Security Analyzer -CVE-2007-2058 +CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-a ...) NOT-FOR-US: Acubix PicoZip -CVE-2007-2057 +CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remo ...) {DSA-1280-1 DTSA-35-1} - aircrack-ng 1:0.7-3 (medium) NOTE: http://trac.aircrack-ng.org/changeset/288 CVE-2007-2056 REJECTED -CVE-2007-2055 +CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary command ...) NOT-FOR-US: AFFLIB -CVE-2007-2054 +CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow re ...) NOT-FOR-US: AFFLIB -CVE-2007-2053 +CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow rem ...) NOT-FOR-US: AFFLIB -CVE-2007-2052 +CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in Modules/_localemo ...) {DSA-1620-1 DSA-1551-1} - python2.4 2.4.4-3 (bug #416931; low) - python2.5 2.5.1-1 (bug #416934; low) - python2.3 <removed> (low) -CVE-2007-2051 +CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has unkno ...) NOT-FOR-US: bftpd -CVE-2007-2050 +CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBo ...) NOT-FOR-US: RicarGBooK -CVE-2007-2049 +CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Mod ...) NOT-FOR-US: Calendar Module for Mambo -CVE-2007-2048 +CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Consol ...) NOT-FOR-US: webMethods Glue -CVE-2007-2047 +CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (ak ...) NOT-FOR-US: Openads -CVE-2007-2046 +CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...) NOT-FOR-US: Openads -CVE-2007-2045 +CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 an ...) NOT-FOR-US: Sun Solaris -CVE-2007-2044 +CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Anto ...) NOT-FOR-US: Weather module for Mambo and Joomla -CVE-2007-2043 +CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: MOSMedia Lite -CVE-2007-2042 +CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: MOSMedia Lite -CVE-2007-2041 +CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN AC ...) NOT-FOR-US: Cisco -CVE-2007-2040 +CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points be ...) NOT-FOR-US: Cisco -CVE-2007-2039 +CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco -CVE-2007-2038 +CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco -CVE-2007-2037 +CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x befor ...) NOT-FOR-US: Cisco -CVE-2007-2036 +CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) bef ...) NOT-FOR-US: Cisco -CVE-2007-2035 +CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive i ...) NOT-FOR-US: Cisco -CVE-2007-2034 +CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...) NOT-FOR-US: Cisco -CVE-2007-2033 +CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...) NOT-FOR-US: Cisco -CVE-2007-2032 +CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded F ...) NOT-FOR-US: Cisco -CVE-2007-2031 +CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, an ...) NOT-FOR-US: 3proxy -CVE-2007-2030 +CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might a ...) - lha 1.14i-10.2 (bug #437621; low) [sarge] - lha <no-dsa> (Non-free not supported) [etch] - lha <no-dsa> (Non-free not supported) -CVE-2007-2029 +CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) all ...) {DSA-1281-1 DTSA-37-1} - clamav 0.90.2-1 (low; bug #418849) NOTE: closed report: https://bugzilla.clamav.net/show_bug.cgi?id=459 NOTE: Commit r3021 looks as if it's just a null pointer dereference. -CVE-2007-2028 +CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...) - freeradius 1.1.6-1 (low) [sarge] - freeradius <no-dsa> (Minor issue) [etch] - freeradius <no-dsa> (Minor issue) -CVE-2007-2027 +CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string func ...) - elinks 0.11.1-1.4 (bug #417789; low) [sarge] - elinks <no-dsa> (Hardly exploitable) [etch] - elinks <no-dsa> (Hardly exploitable) NOTE: Unrealistic attack vector, no evidence code injection is possible -CVE-2007-2026 +CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...) - file 4.20-6 (low) [etch] - file 4.17-5etch3 [sarge] - file <not-affected> (version too old) -CVE-2007-2025 +CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...) {DSA-1371-1} - phpwiki 1.3.12p3-6.1 (bug #441390) -CVE-2007-2024 +CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...) {DSA-1371-1} - phpwiki 1.3.12p3-6.1 (bug #441390) -CVE-2007-2023 +CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...) NOT-FOR-US: Secustick USB flash drive -CVE-2007-2022 +CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.2 ...) - flashplugin-nonfree 9.0.48.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported) [etch] - flashplugin-nonfree <no-dsa> (Non-free not supported) NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months NOTE: Some browser vendors produce updates, which fix this issue on the browser side, NOTE: but that it not of concern for Debian -CVE-2007-2021 +CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple Techno ...) NOT-FOR-US: Pineapple Technologies Lore CVE-2007-2020 NOT-FOR-US: xodagallery -CVE-2007-2019 +CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in phpGall ...) NOT-FOR-US: phpGalleryScript -CVE-2007-2018 +CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share Enter ...) NOT-FOR-US: AlstraSoft Video Share Enterprise -CVE-2007-2017 +CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not c ...) NOT-FOR-US: AlstraSoft Video Share Enterprise -CVE-2007-2016 +CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMy ...) - phpmyadmin 4:2.6.2-3 (unimportant) -CVE-2007-2015 +CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It 1.0 ...) NOT-FOR-US: Request It -CVE-2007-2014 +CVE-2007-2014 (PHP remote file inclusion vulnerability in include/blocks/week_events. ...) NOT-FOR-US: MyNews -CVE-2007-2013 +CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Ein ...) NOT-FOR-US: Passworschutz -CVE-2007-2012 +CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4. ...) NOT-FOR-US: CompreXX -CVE-2007-2011 +CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...) NOT-FOR-US: DeskPro -CVE-2007-2010 +CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote authentica ...) NOT-FOR-US: bftpd -CVE-2007-2009 +CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...) NOT-FOR-US: SimpCMS Light -CVE-2007-2008 +CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allo ...) NOT-FOR-US: pL-PHP -CVE-2007-2007 +CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authent ...) NOT-FOR-US: pL-PHP -CVE-2007-2006 +CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...) NOT-FOR-US: pL-PHP -CVE-2007-2005 +CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1 ...) NOT-FOR-US: Taskhopper component for Mambo and Joomla -CVE-2007-2004 +CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...) NOT-FOR-US: InoutMailingListManager -CVE-2007-2003 +CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect head ...) NOT-FOR-US: InoutMailingListManager -CVE-2007-2002 +CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to acc ...) NOT-FOR-US: InoutMailingListManager -CVE-2007-2001 +CVE-2007-2001 (Multiple direct static code injection vulnerabilities in admin/configu ...) NOT-FOR-US: Crea-Book -CVE-2007-2000 +CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...) NOT-FOR-US: Crea-Book -CVE-2007-1999 +CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages 1.7 ...) NOT-FOR-US: Weatimages -CVE-2007-1998 +CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) 4. ...) NOT-FOR-US: HIOX Guest Book -CVE-2007-1997 +CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract fu ...) {DSA-1281-1 DTSA-37-1} - clamav 0.90.2-1 (high) -CVE-2007-1996 +CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...) NOT-FOR-US: CodeBreak -CVE-2007-1995 +CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...) {DSA-1293-1} - quagga 0.99.6-5 (low; bug #418323) NOTE: The attributes are non-transitive, which means that they NOTE: are not propagated via BGP and therefore must originate NOTE: from a peer (which is explicitly configured). -CVE-2007-1994 +CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX ARPA transport -CVE-2007-1993 +CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...) NOT-FOR-US: HP-UX Portable File System -CVE-2007-1992 +CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...) NOT-FOR-US: com_zoom -CVE-2007-1991 +CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailSe ...) NOT-FOR-US: CmailServer WebMail -CVE-2007-1990 +CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...) NOT-FOR-US: MyBlog -CVE-2007-1989 +CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...) NOT-FOR-US: DotClear -CVE-2007-1988 +CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...) NOT-FOR-US: PHPEcho CMS CVE-2007-1987 NOT-FOR-US: PHPEcho CMS -CVE-2007-1986 +CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUN ...) NOT-FOR-US: AROUNDMe -CVE-2007-1985 +CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in phpexplorator.ph ...) NOT-FOR-US: phpexplorator -CVE-2007-1984 +CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...) NOT-FOR-US: lite-cms -CVE-2007-1983 +CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...) NOT-FOR-US: Cyboards PHP Lite -CVE-2007-1982 +CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple PH ...) NOT-FOR-US: Really Simple PHP and Ajax -CVE-2007-1981 +CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Wi ...) NOT-FOR-US: Metamod-P -CVE-2007-1980 +CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module fo ...) NOT-FOR-US: Topliste module for PHP-Fusion -CVE-2007-1979 +CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ea ...) NOT-FOR-US: PopnupBlog module for Xoops -CVE-2007-1978 +CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...) NOT-FOR-US: Arcade module for PHP-Fusion -CVE-2007-1977 +CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1 ...) NOT-FOR-US: holaCMS CVE-2007-1976 NOT-FOR-US: Virii Info module for Xoops -CVE-2007-1975 +CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allo ...) NOT-FOR-US: SLAED CMS -CVE-2007-1974 +CVE-2007-1974 (SQL injection vulnerability in the getArticle function in class/wfsart ...) NOT-FOR-US: Xoops modules -CVE-2007-1973 +CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...) NOT-FOR-US: Microsoft Windows CVE-2007-1972 NOT-FOR-US: BMC Patrol PerformAgent CVE-2007-XXXX [mydms SQL injection] - mydms 1.4.4+1-5 -CVE-2007-1971 +CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 20 ...) NOT-FOR-US: fotokategori.asp -CVE-2007-1970 +CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) - iceweasel <removed> (unimportant; bug #556267) [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) [lenny] - iceweasel <no-dsa> (Minor issue) -CVE-2007-1969 +CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Cr ...) NOT-FOR-US: MyBlog -CVE-2007-1968 +CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...) NOT-FOR-US: MyBlog CVE-2007-1967 NOT-FOR-US: stat12 -CVE-2007-1966 +CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...) NOT-FOR-US: eXV2 CMS -CVE-2007-1965 +CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4. ...) NOT-FOR-US: eXV2 CMS -CVE-2007-1964 +CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is available ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2007-1963 +CVE-2007-1963 (SQL injection vulnerability in the create_session function in class_se ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2007-1962 +CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and e ...) NOT-FOR-US: WF-Snippets module for Xoops -CVE-2007-1961 +CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...) NOT-FOR-US: Mutant portal for phpBB -CVE-2007-1960 +CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...) NOT-FOR-US: Rha7 Downloads -CVE-2007-1959 +CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in command.cp ...) - tinymux <unfixed> (unimportant) -CVE-2007-1958 +CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a deni ...) - tinymux 2.4.3.31-1 -CVE-2007-1957 +CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...) NOT-FOR-US: Portail Web Php -CVE-2007-1956 +CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6 ...) NOT-FOR-US: Groupee UBB.threads -CVE-2007-1955 +CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX Active ...) NOT-FOR-US: SKCrypAX ActiveX control -CVE-2007-1954 +CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 buil ...) NOT-FOR-US: ArchiveXpert -CVE-2007-1953 +CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...) NOT-FOR-US: onelook courts on-line -CVE-2007-1952 +CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote a ...) NOT-FOR-US: onelook onebyone CMS -CVE-2007-1951 +CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attac ...) NOT-FOR-US: onelook obo Shop -CVE-2007-1950 +CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizza ...) NOT-FOR-US: WebBlizzard CMS -CVE-2007-1949 +CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attack ...) NOT-FOR-US: WebBlizzard CMS -CVE-2007-1948 +CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers t ...) NOT-FOR-US: IrfanView -CVE-2007-1947 +CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...) NOT-FOR-US: Firebug extension for Firefox -CVE-2007-1946 +CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...) NOT-FOR-US: WIndows Explorer -CVE-2007-1945 +CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM W ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-1944 +CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server (WA ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-1943 +CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...) NOT-FOR-US: ACDSee Photo Manager -CVE-2007-1942 +CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependen ...) NOT-FOR-US: FastStone Image Viewer -CVE-2007-1941 +CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) NOT-FOR-US: Domino Web Access -CVE-2007-1940 +CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 lo ...) NOT-FOR-US: IBM Tivoli Business Service Manager -CVE-2007-1939 +CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...) NOT-FOR-US: LanguageTool -CVE-2007-1938 +CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows remo ...) NOT-FOR-US: Ichitaro -CVE-2007-1937 +CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1 ...) NOT-FOR-US: Scorp Book -CVE-2007-1936 +CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAd ...) NOT-FOR-US: ScarAdControl -CVE-2007-1935 +CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ( ...) NOT-FOR-US: ScarAdControl -CVE-2007-1934 +CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 mo ...) NOT-FOR-US: eBoard module for PHP-Nuke -CVE-2007-1933 +CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Boo ...) NOT-FOR-US: PcP-Guestbook -CVE-2007-1932 +CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2. ...) NOT-FOR-US: ScarNews -CVE-2007-1931 +CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in Smod ...) NOT-FOR-US: SmodCMS -CVE-2007-1930 +CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, a ...) NOT-FOR-US: cattaDoc -CVE-2007-1929 +CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...) NOT-FOR-US: Beryo -CVE-2007-1928 +CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...) NOT-FOR-US: witshare -CVE-2007-1927 +CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...) NOT-FOR-US: CmailServer WebMail -CVE-2007-1926 +CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...) NOT-FOR-US: JBMC Software DirectAdmin -CVE-2007-1925 +CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone Nuk ...) NOT-FOR-US: Tru-Zone Nuke ET CVE-2007-1924 NOT-FOR-US: phpContact -CVE-2007-1923 +CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...) - sql-ledger <unfixed> (unimportant; bug #409703) -CVE-2007-1922 +CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.D ...) NOT-FOR-US: Winamp -CVE-2007-1921 +CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...) NOT-FOR-US: Winamp -CVE-2007-1920 +CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...) NOT-FOR-US: aktualnosci module in SmodBIP -CVE-2007-1919 +CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...) NOT-FOR-US: Arizona Dream Livre d'or -CVE-2007-1918 +CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 a ...) NOT-FOR-US: SAP RFC Library -CVE-2007-1917 +CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...) NOT-FOR-US: SAP RFC Library -CVE-2007-1916 +CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6 ...) NOT-FOR-US: SAP RFC Library -CVE-2007-1915 +CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Libra ...) NOT-FOR-US: SAP RFC Library -CVE-2007-1914 +CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 be ...) NOT-FOR-US: SAP RFC Library -CVE-2007-1913 +CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7 ...) NOT-FOR-US: SAP RFC Library -CVE-2007-1912 +CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted r ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1911 +CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remo ...) NOT-FOR-US: Microsoft Word -CVE-2007-1910 +CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote atta ...) NOT-FOR-US: Microsoft Word -CVE-2007-1909 +CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.n ...) NOT-FOR-US: Battle.net Clan Script -CVE-2007-1908 +CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant Mes ...) NOT-FOR-US: PHP121 Instant Messenger -CVE-2007-1907 +CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...) NOT-FOR-US: Pathos CMS -CVE-2007-1906 +CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...) NOT-FOR-US: eCardMAX HotEditor -CVE-2007-1905 +CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Tech ...) NOT-FOR-US: QuizShock -CVE-2007-1904 +CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 a ...) NOT-FOR-US: AOL Instant Messenger -CVE-2007-1903 +CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...) NOT-FOR-US: SonicBB -CVE-2007-1902 +CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote att ...) NOT-FOR-US: SonicBB -CVE-2007-1901 +CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: SonicBB -CVE-2007-1900 +CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ex ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (low) -CVE-2007-1899 +CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 al ...) NOT-FOR-US: myWebland myBloggie -CVE-2007-1898 +CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitra ...) NOT-FOR-US: Jetbox CMS -CVE-2007-1897 +CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) -CVE-2007-1896 +CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...) NOT-FOR-US: Sky GUNNING MySpeach -CVE-2007-1895 +CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MyS ...) NOT-FOR-US: Sky GUNNING MySpeach -CVE-2007-1894 +CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) -CVE-2007-1893 +CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) -CVE-2007-1892 +CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager Ac ...) NOT-FOR-US: Akamai -CVE-2007-1891 +CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...) NOT-FOR-US: Akamai -CVE-2007-1890 +CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: local code execution only, possibly only on FreeBSD -CVE-2007-1889 +CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zen ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) -CVE-2007-1888 +CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c i ...) - sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328) NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself. NOTE: SQLite 3 no longer contains the affected function. -CVE-2007-1887 +CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sq ...) {DSA-1283-1 DTSA-39-1} - php4 <not-affected> (SQLite not enabled in PHP 4 packages) - php5 5.2.0-11 (medium) - php4-sqlite <removed> (medium; bug #420456) NOTE: php5 is vulnerable due to improper use of the system sqlite libs -CVE-2007-1886 +CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2. ...) NOTE: Duplicate of CVE-2007-1885 -CVE-2007-1885 +CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...) NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 -CVE-2007-1884 +CVE-2007-1884 (Multiple integer signedness errors in the printf function family in PH ...) NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 -CVE-2007-1883 +CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-depende ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script -CVE-2007-1882 +CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Qualit ...) NOT-FOR-US: HP Mercury Quality Center -CVE-2007-1881 +CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...) NOT-FOR-US: Kaspersky Anti-Virus -CVE-2007-1880 +CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in Kaspers ...) NOT-FOR-US: Kaspersky Anti-Virus -CVE-2007-1879 +CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo ...) NOT-FOR-US: KL.SysInfo ActiveX control -CVE-2007-1878 +CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...) NOT-FOR-US: Firebug extension for Firefox -CVE-2007-1877 +CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...) NOT-FOR-US: VMware -CVE-2007-1876 +CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest o ...) NOT-FOR-US: VMware CVE-2007-1875 RESERVED -CVE-2007-1874 +CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...) NOT-FOR-US: Adobe ColdFusion MX -CVE-2007-1873 +CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remo ...) NOT-FOR-US: mephisto -CVE-2007-1872 +CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows rem ...) NOT-FOR-US: toendaCMS -CVE-2007-1871 +CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows rem ...) NOT-FOR-US: chcounter -CVE-2007-1870 +CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ( ...) {DSA-1303-1} - lighttpd 1.4.15-1 (low; bug #422254) -CVE-2007-1869 +CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial o ...) {DSA-1303-1} - lighttpd 1.4.15-1 (medium; bug #422254) -CVE-2007-1868 +CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deplo ...) NOT-FOR-US: IBM Tivoli Provisioning Manager -CVE-2007-1867 +CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute a ...) NOT-FOR-US: IrfanView -CVE-2007-1866 +CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...) NOT-FOR-US: dproxy-nexgen CVE-2007-1865 NOT-FOR-US: not a bug -CVE-2007-1864 +CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...) {DSA-1331-1 DSA-1330-1} - php4 <removed> - php5 5.2.2-1 -CVE-2007-1863 +CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), wh ...) - apache2 2.2.4-1 (low) - apache <removed> (unimportant) [sarge] - apache2 2.0.54-5sarge2 [etch] - apache2 2.2.3-4+etch2 NOTE: Apache 1.3 is non-threaded, therefore unimportant -CVE-2007-1862 +CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...) - apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed) -CVE-2007-1861 +CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...) {DSA-1289-1} - linux-2.6 2.6.21-1 -CVE-2007-1860 +CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 de ...) {DSA-1312-1} - libapache-mod-jk 1:1.2.23-1 (bug #425836) -CVE-2007-1859 +CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for credentia ...) - xscreensaver 5.03-1 (low; bug #433964) [etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964) [sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964) -CVE-2007-1858 +CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4 ...) NOTE: insecure ciphers should not be (and usually are not) enabled in browsers [sarge] - tomcat4 <no-dsa> (low) [etch] - tomcat5 <no-dsa> (low; bug #423435) @@ -11655,165 +11655,165 @@ CVE-2007-1858 - tomcat4 <removed> (low) CVE-2007-1857 RESERVED -CVE-2007-1856 +CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure p ...) - cron <not-affected> (Debian uses proper permission scheme) -CVE-2007-1855 +CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_cl ...) NOT-FOR-US: Shop-Script -CVE-2007-1854 +CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container 07 ...) NOT-FOR-US: Hitachi Cosminexus Component Container -CVE-2007-1853 +CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Glob ...) NOT-FOR-US: Hitachi DeviceManager CVE-2007-1852 NOT-FOR-US: 2BGal -CVE-2007-1851 +CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...) NOT-FOR-US: Really Simple PHP and Ajax -CVE-2007-1850 +CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php i ...) NOT-FOR-US: Drake CMS -CVE-2007-1849 +CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows remot ...) NOT-FOR-US: Drake CMS -CVE-2007-1848 +CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php i ...) NOT-FOR-US: Drake CMS -CVE-2007-1847 +CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module fo ...) NOT-FOR-US: Repository module for Xoops -CVE-2007-1846 +CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and earli ...) NOT-FOR-US: MyAds -CVE-2007-1845 +CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...) NOT-FOR-US: Expanded Calendar module for PHP-Fusion -CVE-2007-1844 +CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsite ...) NOT-FOR-US: Aardvark Topsites -CVE-2007-1843 +CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in M ...) NOT-FOR-US: MapLab -CVE-2007-1842 +CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before 2.0.1 ...) NOT-FOR-US: JSBoard -CVE-2007-1841 +CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...) {DSA-1299-1 DTSA-42-1} - ipsec-tools 1:0.6.6-3.2 (medium; bug #423252) [sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge) CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable] - initramfs-tools 0.85g (low; bug #417995) -CVE-2007-1840 +CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not es ...) {DSA-1287-1} - ldap-account-manager 1.1.1-2 (medium; bug #415379) -CVE-2007-1839 +CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...) NOT-FOR-US: CodeBB -CVE-2007-1838 +CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ea ...) NOT-FOR-US: Friendfinder module for Xoops -CVE-2007-1837 +CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0. ...) NOT-FOR-US: MangoBery CMS -CVE-2007-1836 +CVE-2007-1836 (The command line administration interface in Data Domain OS before 4.0 ...) NOT-FOR-US: Data Domain OS -CVE-2007-1835 +CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: open_basedir bypasses not supported -CVE-2007-1834 +CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unifi ...) NOT-FOR-US: Cisco -CVE-2007-1833 +CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unifie ...) NOT-FOR-US: Cisco -CVE-2007-1832 +CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) NOT-FOR-US: WebAPP -CVE-2007-1831 +CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) NOT-FOR-US: WebAPP -CVE-2007-1830 +CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...) NOT-FOR-US: WebAPP -CVE-2007-1829 +CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have unknow ...) NOT-FOR-US: WebAPP -CVE-2007-1828 +CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org Web ...) NOT-FOR-US: WebAPP -CVE-2007-1827 +CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in web-a ...) NOT-FOR-US: WebAPP -CVE-2007-1826 +CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unifi ...) NOT-FOR-US: Cisco -CVE-2007-1825 +CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2. ...) NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 -CVE-2007-1824 +CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 befo ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) -CVE-2007-1823 +CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or remo ...) NOT-FOR-US: T-Mobile -CVE-2007-1822 +CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote att ...) NOT-FOR-US: Alcatel-Lucent -CVE-2007-1821 +CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to retr ...) NOT-FOR-US: Sprint Nextel -CVE-2007-1820 +CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...) NOT-FOR-US: Nortel Networks -CVE-2007-1819 +CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (S ...) NOT-FOR-US: ActiveX control in TestDirector -CVE-2007-1818 +CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...) NOT-FOR-US: Forum picture and META tags module for phpBB -CVE-2007-1817 +CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews (lykos_r ...) NOT-FOR-US: Lykos Reviews module for Xoops -CVE-2007-1816 +CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...) NOT-FOR-US: Tutorials module for Xoops -CVE-2007-1815 +CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for X ...) NOT-FOR-US: Library module for Xoops -CVE-2007-1814 +CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for Xoop ...) NOT-FOR-US: Core module for Xoops -CVE-2007-1813 +CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and earlie ...) NOT-FOR-US: eCal module for Xoops -CVE-2007-1812 +CVE-2007-1812 (PHP remote file inclusion vulnerability in utilitaires/gestion_sondage ...) NOT-FOR-US: BT-Sondage -CVE-2007-1811 +CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...) NOT-FOR-US: Tiny Event module for Xoops -CVE-2007-1810 +CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 a ...) NOT-FOR-US: Kshop module for Xoops -CVE-2007-1809 +CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company We ...) NOT-FOR-US: WebSite Builder -CVE-2007-1808 +CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and earl ...) NOT-FOR-US: Camportail module for Xoops -CVE-2007-1807 +CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the myAl ...) NOT-FOR-US: myAlbum-P module for Xoops -CVE-2007-1806 +CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmg ...) NOT-FOR-US: RM+Soft Gallery module for Xoops -CVE-2007-1805 +CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and earli ...) NOT-FOR-US: debaser module for Xoops -CVE-2007-1804 +CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...) {DTSA-44-1} - pulseaudio 0.9.6-1 (low) [etch] - pulseaudio <no-dsa> (Minor issue) -CVE-2007-1803 +CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...) NOT-FOR-US: MailDwarf -CVE-2007-1802 +CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...) NOT-FOR-US: MailDwarf -CVE-2007-1801 +CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...) NOT-FOR-US: sBLOG -CVE-2007-1800 +CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust Agen ...) NOT-FOR-US: Cisco -CVE-2007-1799 +CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...) {DSA-1373-2 DSA-1373-1} - ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007) -CVE-2007-1798 +CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows loc ...) NOT-FOR-US: IBM AIX -CVE-2007-1797 +CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...) {DSA-1903-1 DSA-1858-1} - imagemagick 7:6.2.4.5.dfsg1-1 (medium) - graphicsmagick 1.1.7-15 (medium) -CVE-2007-1796 +CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...) NOT-FOR-US: URLshrink -CVE-2007-1795 +CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PH ...) NOT-FOR-US: URLshrink -CVE-2007-1794 +CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...) NOTE: Duplicate of CVE-2006-3805 -CVE-2007-1793 +CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9. ...) NOT-FOR-US: Symantec Norton Personal Firewall -CVE-2007-1792 +CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec ...) NOT-FOR-US: Symantec Mail Security -CVE-2007-1791 +CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ea ...) NOT-FOR-US: Picture-Engine -CVE-2007-1790 +CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction So ...) NOT-FOR-US: Kaqoo Auction Software -CVE-2007-1789 +CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...) - flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway) -CVE-2007-1788 +CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low val ...) - flyspray 0.9.8-10 (medium) [sarge] - flyspray <not-affected> (Vulnerable code not present) -CVE-2007-1787 +CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.cl ...) NOT-FOR-US: Time-Assistant -CVE-2007-1786 +CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online Communit ...) NOT-FOR-US: Hitachi Collaboration -CVE-2007-1785 +CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...) NOT-FOR-US: CA BrightStor ARCserve Backup -CVE-2007-1784 +CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...) NOT-FOR-US: JNILoader ActiveX control CVE-2007-1783 REJECTED @@ -11829,49 +11829,49 @@ CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer] CVE-2007-XXXX [various crashes and infinite loops in ffmpeg] - ffmpeg 0.cvs20060823-8 (low; bug #407003) - xmovie <removed> -CVE-2007-1782 +CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access t ...) NOT-FOR-US: CruiseWorks -CVE-2007-1781 +CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...) NOT-FOR-US: Minna De Office -CVE-2007-1780 +CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...) NOT-FOR-US: Overlay Weaver -CVE-2007-1779 +CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in Advanc ...) NOT-FOR-US: Advanced Website Creator -CVE-2007-1778 +CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuk ...) NOT-FOR-US: Eve-Nuke -CVE-2007-1777 +CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php4 6:4.4.6-1 (medium) - php5 5.2.0-11 (medium) -CVE-2007-1776 +CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com D4 ...) NOT-FOR-US: D4J eZine -CVE-2007-1775 +CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...) NOT-FOR-US: JBrowser -CVE-2007-1774 +CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allo ...) NOT-FOR-US: aBitWhizzy -CVE-2007-1773 +CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow remot ...) NOT-FOR-US: aBitWhizzy -CVE-2007-1772 +CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...) NOT-FOR-US: HP JetDirect -CVE-2007-1771 +CVE-2007-1771 (PHP remote file inclusion vulnerability in manage/javascript/formjavas ...) NOT-FOR-US: Ay System Solutions Web Content System -CVE-2007-1770 +CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental System ...) NOT-FOR-US: ArcSDE CVE-2007-1769 REJECTED -CVE-2007-1768 +CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in app/helpers/application_he ...) NOT-FOR-US: Mephisto -CVE-2007-1767 +CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AO ...) NOT-FOR-US: AOL -CVE-2007-1766 +CVE-2007-1766 (PHP remote file inclusion vulnerability in login/engine/db/profiledit. ...) NOT-FOR-US: Advanced Login -CVE-2007-1765 +CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...) NOT-FOR-US: Microsoft -CVE-2007-1764 +CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user- ...) NOT-FOR-US: FastStone Image Viewer -CVE-2007-1763 +CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...) NOT-FOR-US: Microsoft -CVE-2007-1762 +CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs bef ...) - iceweasel 3.0.1-1 (unimportant; bug #445515) NOTE: I don't believe this has relevant security impact, such a black list NOTE: will register URLs found in the wild and the used adresses will be @@ -11886,139 +11886,139 @@ CVE-2007-1758 REJECTED CVE-2007-1757 REJECTED -CVE-2007-1756 +CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...) NOT-FOR-US: Microsoft Excel CVE-2007-1755 REJECTED -CVE-2007-1754 +CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...) NOT-FOR-US: Microsoft Office CVE-2007-1753 REJECTED CVE-2007-1752 REJECTED -CVE-2007-1751 +CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...) NOT-FOR-US: Microsoft -CVE-2007-1750 +CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...) NOT-FOR-US: Microsoft -CVE-2007-1749 +CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...) NOT-FOR-US: Vector Markup Language -CVE-2007-1748 +CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name Sy ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1747 +CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 200 ...) NOT-FOR-US: Microsoft Office CVE-2007-1746 RESERVED -CVE-2007-1745 +CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam An ...) {DSA-1281-1 DTSA-37-1} - clamav 0.90.2-1 (high) -CVE-2007-1744 +CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for VM ...) NOT-FOR-US: VMware -CVE-2007-1743 +CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...) - apache2 <unfixed> (unimportant) -CVE-2007-1742 +CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison f ...) - apache2 2.2.8-5 (unimportant) -CVE-2007-1741 +CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...) - apache2 2.2.8-5 (unimportant) CVE-2007-1740 REJECTED -CVE-2007-1739 +CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino befo ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-1738 +CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...) NOT-FOR-US: TrueCrypt -CVE-2007-1737 +CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HT ...) NOT-FOR-US: Opera -CVE-2007-1736 +CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...) - iceweasel <removed> (unimportant) NOTE: I don't believe this has relevant security impact, such a black list NOTE: will register URLs found in the wild and the used adresses will be NOTE: volatile anyway -CVE-2007-1735 +CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565 ...) NOT-FOR-US: Corel WordPerfect -CVE-2007-1734 +CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in net/dccp/proto. ...) - linux-2.6 2.6.20-1 (medium; bug #420875) [etch] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2007-1733 +CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remot ...) NOT-FOR-US: NaviCOPA HTTP Server CVE-2007-1732 - wordpress 2.1.3-1 (unimportant) NOTE: Administrators can post full HTML, that is a feature. Rightly disputed. -CVE-2007-1731 +CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous FT ...) NOT-FOR-US: hpaftpd -CVE-2007-1730 +CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...) - linux-2.6 2.6.21-1 (medium) [etch] - linux-2.6 <not-affected> (Vulnerable code not present) -CVE-2007-1729 +CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 1000 ...) NOT-FOR-US: Flexbb -CVE-2007-1728 +CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstati ...) NOT-FOR-US: Sony Playstation 3 -CVE-2007-1727 +CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView -CVE-2007-1726 +CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 a ...) NOT-FOR-US: IceBB -CVE-2007-1725 +CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remot ...) NOT-FOR-US: IceBB -CVE-2007-1724 +CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and atta ...) NOT-FOR-US: ReactOS -CVE-2007-1723 +CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: IronMail -CVE-2007-1722 +CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea SK ...) NOT-FOR-US: SKCommAX ActiveX control -CVE-2007-1721 +CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 a ...) NOT-FOR-US: C-Arbre -CVE-2007-1720 +CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the Addressboo ...) NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke -CVE-2007-1719 +CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...) NOT-FOR-US: mcweject -CVE-2007-1718 +CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php4 <removed> (medium) [sarge] - php4 <not-affected> (Vulnerable code not present) - php5 5.2.0-11 (medium) -CVE-2007-1717 +CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 t ...) - php4 6:4.4.6-2 (unimportant) - php5 5.2.2-1 (unimportant) NOTE: This is a regular bug, not a security problem -CVE-2007-1716 +CVE-2007-1716 (pam_console does not properly restore ownership for certain console de ...) NOT-FOR-US: pam_console -CVE-2007-1715 +CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...) NOT-FOR-US: Free Image Hosting -CVE-2007-1714 +CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...) NOT-FOR-US: CcCounter -CVE-2007-1713 +CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...) NOT-FOR-US: BASP21 -CVE-2007-1712 +CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...) NOT-FOR-US: Active Auction Pro -CVE-2007-1711 +CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 a ...) {DSA-1283-1 DSA-1282-1} - php4 6:4.4.6-2 - php5 5.2.0-9 NOTE: register_globals not supported -CVE-2007-1710 +CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-de ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: Safe mode violations not supported, insufficient measure -CVE-2007-1709 +CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...) NOT-FOR-US: PECL phpDOC -CVE-2007-1708 +CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...) NOT-FOR-US: ttCMS -CVE-2007-1707 +CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side Conte ...) NOT-FOR-US: Net-Side.net CMS -CVE-2007-1706 +CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remot ...) NOT-FOR-US: eWebQuiz -CVE-2007-1705 +CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows re ...) NOT-FOR-US: Active Trade -CVE-2007-1704 +CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager (com_resma ...) NOT-FOR-US: Joomla module Car Manager -CVE-2007-1703 +CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...) NOT-FOR-US: Joomla module RWCards -CVE-2007-1702 +CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the Fla ...) NOT-FOR-US: Flatmenu -CVE-2007-1701 +CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is e ...) - php5 5.2.0-9 (unimportant) - php4 6:4.4.4-9 (unimportant) NOTE: register_globals not supported NOTE: Dupe of CVE-2007-0910 -CVE-2007-1700 +CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, c ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-9 - php4 6:4.4.4-9 @@ -12028,331 +12028,331 @@ CVE-2007-1700 NOTE: This was fixed as a side-effect of previous security fixes, noting the NOTE: status as of DSA-1286 as fixed version. likewise the oldstable NOTE: version was fixed. -CVE-2007-1699 +CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_ ...) NOT-FOR-US: Mambo module SWmenu -CVE-2007-1698 +CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to re ...) NOT-FOR-US: Philex -CVE-2007-1697 +CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex 0. ...) NOT-FOR-US: Philex -CVE-2007-1696 +CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...) NOT-FOR-US: Active Newsletter CVE-2007-1695 - phpbb2 <not-affected> (requires register_globals to exploit) NOTE: Vulnerability is disputed, but is a non-issue anyway. CVE-2007-1694 RESERVED -CVE-2007-1693 +CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before 1 ...) - yate 1.2.0-1.dfsg-1 (low; bug #421994) [etch] - yate <no-dsa> (Minor issue, fringe application) -CVE-2007-1692 +CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy Auto ...) NOT-FOR-US: Microsoft -CVE-2007-1691 +CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...) NOT-FOR-US: Second Sight Software -CVE-2007-1690 +CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ActiveG ...) NOT-FOR-US: Second Sight Software -CVE-2007-1689 +CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...) NOT-FOR-US: Norton -CVE-2007-1688 +CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Calli ...) NOT-FOR-US: PhPInfo ActiveX control -CVE-2007-1687 +CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX Im ...) NOT-FOR-US: iPIX Image Well ActiveX control CVE-2007-1686 RESERVED -CVE-2007-1685 +CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, ...) NOT-FOR-US: BlueCoat -CVE-2007-1684 +CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in sldimd ...) NOT-FOR-US: sldimdownload ActiveX control -CVE-2007-1683 +CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the Inc ...) NOT-FOR-US: IncrediMail -CVE-2007-1682 +CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX contr ...) NOT-FOR-US: FileManager ActiveX -CVE-2007-1681 +CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java W ...) NOT-FOR-US: Sun Solaris -CVE-2007-1680 +CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...) NOT-FOR-US: AudioConf ActiveX control CVE-2007-1679 NOTE: Allegedly a duplicate of CVE-2006-4255. NOTE: The other issue needs a CSRF attack to exploit. -CVE-2007-1678 +CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension f ...) NOT-FOR-US: Fizzle 0.5 extension for Firefox -CVE-2007-1677 +CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the N ...) NOT-FOR-US: NetBSD CVE-2007-1676 RESERVED -CVE-2007-1675 +CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP s ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-1674 +CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LAN ...) NOT-FOR-US: LANDesk Management Suite -CVE-2007-1673 +CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and earli ...) [sarge] - zoo <no-dsa> (Minor issue) [etch] - zoo <no-dsa> (Minor issue) - zoo 2.10-19 (bug #424686) - unzoo 4.4-7 (bug #424690) [sarge] - unzoo <no-dsa> (Minor issue) [etch] - unzoo <no-dsa> (Minor issue) -CVE-2007-1672 +CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a den ...) NOT-FOR-US: avast -CVE-2007-1671 +CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers t ...) NOT-FOR-US: Avira -CVE-2007-1670 +CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ca ...) NOT-FOR-US: Panda -CVE-2007-1669 +CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1 ...) NOT-FOR-US: Barracuda CVE-2007-1668 RESERVED -CVE-2007-1666 +CVE-2007-1666 (The processor_request function in the debugger server for DataRescue I ...) NOT-FOR-US: IDA Pro -CVE-2007-1665 +CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1et ...) {DSA-1318-1} - ekg 1:1.7~rc2-2 (low) [sarge] - ekg <not-affected> (Vulnerable code not present) -CVE-2007-1664 +CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote att ...) {DSA-1318-1} - ekg 1:1.7~rc2-2 (low) [sarge] - ekg <not-affected> (Vulnerable code not present) -CVE-2007-1663 +CVE-2007-1663 (Memory leak in the image message functionality in ekg before 1:1.7~rc2 ...) {DSA-1318-1} - ekg 1:1.7~rc2-2 (low) [sarge] - ekg <not-affected> (Vulnerable code not present) -CVE-2007-1662 +CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads pas ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector -CVE-2007-1661 +CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 backtrack ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector -CVE-2007-1660 +CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector -CVE-2007-1659 +CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows co ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - kazehakase 0.5.2-1 - pcre3 7.3-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector -CVE-2007-1658 +CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remo ...) NOT-FOR-US: Microsoft -CVE-2007-1657 +CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...) - python2.5 <not-affected> (does not build minigzip.c) -CVE-2007-1656 +CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Au ...) NOT-FOR-US: Plyt Audio -CVE-2007-1655 +CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX bef ...) {DSA-1317-1} - tinymux 2.4.3.31-1.1 (bug #417539) -CVE-2007-1654 +CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sf ...) NOT-FOR-US: ne7ssh -CVE-2007-1653 +CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial o ...) NOT-FOR-US: GlowWorm FW -CVE-2007-1652 +CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID e ...) NOT-FOR-US: MyOpenID.com -CVE-2007-1651 +CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows remot ...) NOT-FOR-US: MyOpenID.com -CVE-2007-1650 +CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...) NOT-FOR-US: pcapsipdump -CVE-2007-1649 +CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...) - php5 5.2.2-1 [etch] - php5 <not-affected> (Only affects PHP 5.2.1) -CVE-2007-1648 +CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...) NOT-FOR-US: 0irc -CVE-2007-1647 +CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ro ...) - moodle 1.5.3-1 (low) -CVE-2007-1646 +CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 al ...) NOT-FOR-US: SubHub -CVE-2007-1645 +CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 20 ...) NOT-FOR-US: FutureSoft TFTP Server -CVE-2007-1644 +CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on Microsof ...) NOT-FOR-US: Microsoft DNS Server -CVE-2007-1643 +CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management S ...) NOT-FOR-US: LAN Management System -CVE-2007-1642 +CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows rem ...) NOT-FOR-US: ManageEngine Firewall Analyzer -CVE-2007-1641 +CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows remo ...) NOT-FOR-US: PortailPHP -CVE-2007-1640 +CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 an ...) NOT-FOR-US: ClassWeb -CVE-2007-1639 +CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_ ...) NOT-FOR-US: PHProjekt -CVE-2007-1638 +CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the chec ...) NOT-FOR-US: PHProjekt -CVE-2007-1637 +CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI ...) NOT-FOR-US: IMAILAPILib ActiveX control -CVE-2007-1636 +CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 a ...) NOT-FOR-US: RoseOnlineCMS -CVE-2007-1635 +CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net Porta ...) NOT-FOR-US: Net Portal Dynamic System -CVE-2007-1634 +CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal Dy ...) NOT-FOR-US: Net Portal Dynamic System -CVE-2007-1633 +CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio Cir ...) NOT-FOR-US: Splatt Forum -CVE-2007-1632 +CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has u ...) NOT-FOR-US: webCMS CVE-2007-1631 NOT-FOR-US: CLBOX -CVE-2007-1630 +CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...) NOT-FOR-US: Active Link Engine -CVE-2007-1629 +CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...) NOT-FOR-US: Active Photo Gallery -CVE-2007-1628 +CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner (S ...) NOT-FOR-US: Study planner CVE-2007-1627 REJECTED -CVE-2007-1626 +CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame Mo ...) NOT-FOR-US: iFrame Module for PHP-NUKE -CVE-2007-1625 +CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in realGues ...) NOT-FOR-US: realGuestbook -CVE-2007-1624 +CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow rem ...) NOT-FOR-US: realGuestbook -CVE-2007-1623 +CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5 ...) NOT-FOR-US: realGuestbook -CVE-2007-1622 +CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) -CVE-2007-1621 +CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in Activ ...) NOT-FOR-US: Active PHP Bookmark Notes -CVE-2007-1620 +CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...) NOT-FOR-US: PHP DB Designer -CVE-2007-1619 +CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo R ...) NOT-FOR-US: ScriptMagix -CVE-2007-1618 +CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2. ...) NOT-FOR-US: ScriptMagix -CVE-2007-1617 +CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 an ...) NOT-FOR-US: ScriptMagix -CVE-2007-1616 +CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...) NOT-FOR-US: ScriptMagix -CVE-2007-1615 +CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...) NOT-FOR-US: ScriptMagix -CVE-2007-1614 +CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in zzi ...) {DTSA-56-1} - zziplib 0.13.49-0 (bug #436701; low) [etch] - zziplib <no-dsa> (Minor issue) NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 NOTE: If an attacker can supply arbitrary file names, we likely suffer from NOTE: an information disclosure issue anyway. -CVE-2007-1613 +CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows r ...) NOT-FOR-US: MPM Chat -CVE-2007-1612 +CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...) NOT-FOR-US: Plyt Audio -CVE-2007-1611 +CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a certai ...) NOT-FOR-US: IKANARI JIJYOU -CVE-2007-1610 +CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Sof ...) NOT-FOR-US: NewsGlue -CVE-2007-1609 +CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Mon ...) NOT-FOR-US: Oracle Application Server -CVE-2007-1608 +CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2007-1607 +CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain po ...) NOT-FOR-US: Web-Agora -CVE-2007-1606 +CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Ag ...) NOT-FOR-US: Web-Agora -CVE-2007-1605 +CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web-Agora -CVE-2007-1604 +CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agor ...) NOT-FOR-US: Web-Agora -CVE-2007-1603 +CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attack ...) NOT-FOR-US: Weekly Drawing Contest -CVE-2007-1602 +CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing Contes ...) NOT-FOR-US: Weekly Drawing Contest CVE-2007-1601 NOT-FOR-US: Weekly Drawing Contest -CVE-2007-1600 +CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye G ...) NOT-FOR-US: Digital Eye Gallery -CVE-2007-1599 +CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect authenti ...) {DSA-1601-1} - wordpress 2.2.2-1 (bug #437085; low) -CVE-2007-1598 +CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 a ...) NOT-FOR-US: FileCOPA FTP -CVE-2007-1597 +CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the we ...) NOT-FOR-US: Unclassified NewsBoard -CVE-2007-1596 +CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...) NOT-FOR-US: NFN Address Book -CVE-2007-1595 +CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk doe ...) - asterisk 1:1.4.0~dfsg-1 (low) [etch] - asterisk <not-affected> (Only affects 1.4.x) [sarge] - asterisk <not-affected> (Only affects 1.4.x) -CVE-2007-1593 +CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...) NOT-FOR-US: Symantec -CVE-2007-1592 +CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertent ...) {DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 (medium) -CVE-2007-1591 +CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.104 ...) NOT-FOR-US: Trend Micro -CVE-2007-1590 +CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and boot ...) NOT-FOR-US: Grandstream -CVE-2007-1589 +CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows loca ...) NOT-FOR-US: Truecrypt -CVE-2007-1588 +CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling Proc ...) NOT-FOR-US: MyServer -CVE-2007-1587 +CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remo ...) NOT-FOR-US: StatsDawg -CVE-2007-1586 +CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...) NOT-FOR-US: Zyxel -CVE-2007-1585 +CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.0 ...) NOT-FOR-US: Cisco -CVE-2007-1584 +CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows context-de ...) NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 -CVE-2007-1583 +CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php5 5.2.0-11 (medium) - php4 <removed> (medium) -CVE-2007-1582 +CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: Only triggerable by malicious script -CVE-2007-1581 +CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...) - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script -CVE-2007-1580 +CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service (dae ...) NOT-FOR-US: FTPDMIN -CVE-2007-1579 +CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attac ...) NOT-FOR-US: MERCUR IMAPD -CVE-2007-1578 +CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in Atriu ...) NOT-FOR-US: MERCUR IMAPD -CVE-2007-1577 +CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows re ...) NOT-FOR-US: GeBlog -CVE-2007-1576 +CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0 ...) NOT-FOR-US: PHProjekt -CVE-2007-1575 +CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_ ...) NOT-FOR-US: PHProjekt -CVE-2007-1574 +CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain co ...) NOT-FOR-US: CARE2X -CVE-2007-1573 +CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...) NOT-FOR-US: vBulletin -CVE-2007-1572 +CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earl ...) NOT-FOR-US: JGBBS -CVE-2007-1571 +CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in Radica ...) NOT-FOR-US: Activist Mobilization Platform CVE-2007-1570 REJECTED -CVE-2007-1569 +CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attacker ...) NOT-FOR-US: NewsBin Pro -CVE-2007-1568 +CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 all ...) NOT-FOR-US: NewsReactor -CVE-2007-1567 +CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earli ...) NOT-FOR-US: WarFTPd -CVE-2007-1566 +CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...) NOT-FOR-US: NetVIOS Portal -CVE-2007-1565 +CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ( ...) - kdelibs <unfixed> (unimportant) -CVE-2007-1564 +CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote serve ...) - kdelibs 4:3.5.5a.dfsg.1-7 -CVE-2007-1563 +CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...) NOT-FOR-US: Opera -CVE-2007-1562 +CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...) - iceweasel 2.0.0.3-1 (low) -CVE-2007-1560 +CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...) - squid 2.6.5-6 (low) [sarge] - squid <not-affected> (Vulnerable code not present) -CVE-2007-1559 +CVE-2007-1559 (Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxi ...) NOT-FOR-US: Roxio -CVE-2007-1558 +CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 charact ...) {DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1} NOTE: Affects various clients, but no practical security implications NOTE: MFSA2007-15 @@ -12366,412 +12366,412 @@ CVE-2007-1558 NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846) - balsa 2.3.17-1 (unimportant) - claws-mail 2.9.1-1 (unimportant) -CVE-2007-1557 +CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security 6.0 ...) NOT-FOR-US: F-Secure -CVE-2007-1556 +CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 al ...) NOT-FOR-US: Creative Files -CVE-2007-1555 +CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 bui ...) NOT-FOR-US: Minerva module of phpBB -CVE-2007-1554 +CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...) NOT-FOR-US: Guestbara -CVE-2007-1553 +CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote att ...) NOT-FOR-US: Guestbara -CVE-2007-1552 +CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum 0.51 ...) NOT-FOR-US: MetaForum -CVE-2007-1551 +CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 all ...) NOT-FOR-US: phpx -CVE-2007-1550 +CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote att ...) NOT-FOR-US: phpx -CVE-2007-1549 +CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 a ...) NOT-FOR-US: phpx -CVE-2007-1548 +CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...) NOT-FOR-US: Web Wiz Forums -CVE-2007-1547 +CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) -CVE-2007-1546 +CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 al ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) -CVE-2007-1545 +CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio Sys ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) -CVE-2007-1544 +CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in server/dia/audi ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) -CVE-2007-1543 +CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in server ...) {DSA-1273-1} - nas 1.8-4 (medium; bug #416038) -CVE-2007-1542 +CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...) NOT-FOR-US: Cisco -CVE-2007-1541 +CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only c ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users -CVE-2007-1540 +CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 an ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users -CVE-2007-1539 +CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX Land ...) NOT-FOR-US: pragmaMX Landkarten CVE-2007-1538 NOT-FOR-US: McAfee -CVE-2007-1537 +CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 S ...) NOT-FOR-US: Microsoft -CVE-2007-1536 +CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program be ...) {DSA-1274-1} - file 4.20-1 (bug #415362; high) NOTE: Has got lots of reverse dependencies. NOTE: Some of them process remotely supplied untrusted input. -CVE-2007-1535 +CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user acti ...) NOT-FOR-US: Microsoft -CVE-2007-1534 +CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains a ...) NOT-FOR-US: Microsoft -CVE-2007-1533 +CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same non ...) NOT-FOR-US: Microsoft -CVE-2007-1532 +CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista allow ...) NOT-FOR-US: Microsoft -CVE-2007-1531 +CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included i ...) NOT-FOR-US: Microsoft -CVE-2007-1530 +CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather re ...) NOT-FOR-US: Microsoft -CVE-2007-1529 +CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...) NOT-FOR-US: Microsoft -CVE-2007-1528 +CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...) NOT-FOR-US: Microsoft -CVE-2007-1527 +CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...) NOT-FOR-US: Microsoft -CVE-2007-1526 +CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote authentic ...) NOT-FOR-US: Sun Java System Web Server -CVE-2007-1525 +CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox B ...) NOT-FOR-US: Dayfox Blog -CVE-2007-1524 +CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...) NOT-FOR-US: ZomPlog -CVE-2007-1523 +CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versio ...) NOT-FOR-US: NetBSD -CVE-2007-1522 +CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and 5. ...) {DSA-1283-1} - php5 5.2.2-1 (medium) -CVE-2007-1521 +CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php5 5.2.0-11 (medium) - php4 6:4.4.6-2 (medium) -CVE-2007-1520 +CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and e ...) NOT-FOR-US: PHP-Nuke -CVE-2007-1519 +CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8. ...) NOT-FOR-US: PHP-Nuke -CVE-2007-1518 +CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...) NOT-FOR-US: Woltlab Burning Board -CVE-2007-1517 +CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...) NOT-FOR-US: WSN Guest -CVE-2007-1561 +CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 al ...) {DSA-1358-1} - asterisk 1:1.4.2~dfsg-5 (bug #415466; medium) NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html -CVE-2007-1594 +CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 a ...) NOTE: Duplicate of CVE-2007-2297 -CVE-2007-1516 +CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in Cic ...) NOT-FOR-US: CcMail -CVE-2007-1515 +CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4. ...) - imp4 4.1.3-4 (medium; bug #415117) -CVE-2007-1514 +CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb Porta ...) NOT-FOR-US: ViperWeb Portal -CVE-2007-1513 +CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX Compan ...) NOT-FOR-US: WebSite Builder -CVE-2007-1512 +CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the M ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1511 +CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and earl ...) NOT-FOR-US: FrontBase Relational Database Server -CVE-2007-1510 +CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 thro ...) NOT-FOR-US: Particle Blogger -CVE-2007-1509 +CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder k ...) NOT-FOR-US: krypt -CVE-2007-1508 +CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...) NOT-FOR-US: DirectAdmin -CVE-2007-1507 +CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x befo ...) {DSA-1271-1} - openafs 1.4.2-6 (medium) -CVE-2007-1506 +CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_war ...) NOT-FOR-US: Oracle Portal -CVE-2007-1505 +CVE-2007-1505 (Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V1 ...) NOT-FOR-US: Fujistu FENCE-Pro -CVE-2007-1504 +CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in Fuj ...) NOT-FOR-US: Fujitsu Interstage Application Server -CVE-2007-1503 +CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...) - rhapsody <removed> (medium) -CVE-2007-1502 +CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...) - rhapsody <removed> (medium) -CVE-2007-1501 +CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remo ...) NOT-FOR-US: Avant Browse -CVE-2007-1500 +CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to overwrit ...) NOT-FOR-US: Linux Security Auditing Tool -CVE-2007-1499 +CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...) NOT-FOR-US: Internet Explorer -CVE-2007-1498 +CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 Act ...) NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control -CVE-2007-1497 +CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...) {DSA-1289-1} - linux-2.6 2.6.20-1 (medium) -CVE-2007-1496 +CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...) {DSA-1289-1} - linux-2.6 2.6.21-1 (medium) -CVE-2007-1495 +CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) NOT-FOR-US: Symantec Norton Personal Firewall -CVE-2007-1494 +CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...) NOT-FOR-US: NukeSentinel -CVE-2007-1493 +CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...) NOT-FOR-US: NukeSentinel -CVE-2007-1492 +CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote attacker ...) NOT-FOR-US: Microsoft Windows XP -CVE-2007-1491 +CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Av ...) NOT-FOR-US: Avaya S87XX -CVE-2007-1490 +CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 bef ...) NOT-FOR-US: Avaya S87XX -CVE-2007-1489 +CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal (We ...) NOT-FOR-US: WebAPP -CVE-2007-1488 +CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 be ...) NOT-FOR-US: Sun Java System Web Server -CVE-2007-1487 +CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder (ak ...) NOT-FOR-US: CyberTeddy WebLog -CVE-2007-1486 +CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in Carbo ...) NOT-FOR-US: Carbonize Lazarus Guestbook CVE-2007-1485 NOT-FOR-US: LIBFtp -CVE-2007-1484 +CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...) - php4 <removed> (unimportant) - php5 5.2.2-1 (unimportant) NOTE: local malicious scripts only -CVE-2007-1483 +CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9. ...) - webcalendar 1.0.5-1 (high) [sarge] - webcalendar 0.9.45-4sarge7 NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current NOTE: Sarge version as fixed version -CVE-2007-1482 +CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...) NOT-FOR-US: WBBlog -CVE-2007-1481 +CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote attac ...) NOT-FOR-US: WBBlog -CVE-2007-1480 +CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an administrativ ...) NOT-FOR-US: Creative Guestbook -CVE-2007-1479 +CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...) NOT-FOR-US: Creative Guestbook -CVE-2007-1478 +CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read arbitra ...) NOT-FOR-US: McGallery CVE-2007-1477 NOT-FOR-US: Point Of Sale for osCommerce -CVE-2007-1476 +CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Fire ...) NOT-FOR-US: Symantec Norton Personal Firewall -CVE-2007-1475 +CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconn ...) - php4 <removed> (unimportant) NOTE: Can only be triggered by malicious script -CVE-2007-1474 +CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde P ...) {DSA-1406-1} - horde3 3.1.3-4 (medium) -CVE-2007-1473 +CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in H ...) {DSA-1406-1} - horde3 3.1.4-1 (low; bug #434045) -CVE-2007-1472 +CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...) NOT-FOR-US: Groupit -CVE-2007-1471 +CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...) NOT-FOR-US: Orion-Blog -CVE-2007-1470 +CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote att ...) NOT-FOR-US: LIBFtp -CVE-2007-1469 +CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2 ...) NOT-FOR-US: Absolute Image Gallery -CVE-2007-1468 +CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (C ...) NOT-FOR-US: IBM Rational ClearQuest -CVE-2007-1467 +CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.h ...) NOT-FOR-US: Cisco -CVE-2007-1466 +CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function i ...) - libwpd 0.8.9-1 (medium) [etch] - libwpd 0.8.7-6 -CVE-2007-1465 +CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 all ...) NOT-FOR-US: dproxy -CVE-2007-1464 +CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in Inksc ...) - inkscape 0.45.1-1 (medium) [etch] - inkscape <not-affected> (Versions prior to 0.45 used loudmouth, which isn't affected) -CVE-2007-1463 +CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows user-assi ...) - inkscape 0.45.1-1 (low) [etch] - inkscape <no-dsa> (Minor issue) [sarge] - inkscape <no-dsa> (Minor issue) NOTE: shell code would be prominently inside the file names -CVE-2007-1462 +CVE-2007-1462 (The luci server component in conga preserves the password between page ...) NOT-FOR-US: conga -CVE-2007-1461 +CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...) - php5 5.2.2-1 (unimportant) NOTE: Safemode and open_basedir bypasses not supported -CVE-2007-1460 +CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP befor ...) - php5 5.2.2-1 (unimportant) NOTE: Safemode and open_basedir bypasses not supported -CVE-2007-1459 +CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6 ...) NOT-FOR-US: WebCreator -CVE-2007-1458 +CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...) NOT-FOR-US: CARE2X -CVE-2007-1457 +CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer Uniq ...) NOT-FOR-US: UniquE RAR File Library CVE-2007-1456 NOT-FOR-US: PHP Photo Album -CVE-2007-1455 +CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as use ...) NOT-FOR-US: Fantastico -CVE-2007-1454 +CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) -CVE-2007-1453 +CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) -CVE-2007-1452 +CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...) - php5 <not-affected> (cpdf extension not enabled in binary build) -CVE-2007-1451 +CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a dire ...) NOT-FOR-US: GuppY -CVE-2007-1450 +CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlie ...) NOT-FOR-US: PHP-Nuke -CVE-2007-1449 +CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...) NOT-FOR-US: PHP-Nuke -CVE-2007-1448 +CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...) NOT-FOR-US: BrightStor ARCserve Backup -CVE-2007-1447 +CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...) NOT-FOR-US: BrightStor ARCserve Backup -CVE-2007-1446 +CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...) NOT-FOR-US: Open Education System -CVE-2007-1445 +CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for default.as ...) NOT-FOR-US: BP Blog -CVE-2007-1444 +CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary f ...) - netperf 2.4.3-8 (bug #413658; medium) [sarge] - netperf <no-dsa> (Non-free not supported) [etch] - netperf <no-dsa> (Non-free not supported) -CVE-2007-1443 +CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Woltlab Burning Board -CVE-2007-1442 +CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the SetSe ...) NOT-FOR-US: Oracle Database -CVE-2007-1441 +CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (P ...) NOT-FOR-US: BlackBerry 8100 -CVE-2007-1440 +CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows r ...) NOT-FOR-US: JGBBS -CVE-2007-1439 +CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bi ...) NOT-FOR-US: MySQL Commander -CVE-2007-1438 +CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 all ...) NOT-FOR-US: X-Ice News System -CVE-2007-1437 +CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger bef ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users -CVE-2007-1436 +CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users -CVE-2007-1435 +CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to c ...) NOT-FOR-US: D-Link TFTP Server -CVE-2007-1434 +CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earl ...) NOT-FOR-US: Grayscale Blog -CVE-2007-1433 +CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...) NOT-FOR-US: Grayscale Blog -CVE-2007-1432 +CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote att ...) NOT-FOR-US: Grayscale Blog -CVE-2007-1431 +CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...) - pennmush 1.8.2p7-1 (low; bug #436249) [sarge] - pennmush <no-dsa> (Minor issue) [etch] - pennmush <no-dsa> (Minor issue) -CVE-2007-1430 +CVE-2007-1430 (PHP remote file inclusion vulnerability in include/adodb-connection.in ...) NOT-FOR-US: ClipShare -CVE-2007-1429 +CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 all ...) - moodle <not-affected> NOTE: Security problem with the Windows version NOTE: Debian Maintainer and Upstream state that debian is not affected NOTE: and the problem is not reproducible there -CVE-2007-1428 +CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 a ...) NOT-FOR-US: JobSitePro -CVE-2007-1427 +CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...) NOT-FOR-US: AssetMan -CVE-2007-1426 +CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attack ...) NOT-FOR-US: AstroCam -CVE-2007-1425 +CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2 ...) NOT-FOR-US: SonicMailer Pro -CVE-2007-1424 +CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media G ...) NOT-FOR-US: DataLife Engine -CVE-2007-1423 +CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system e-co ...) NOT-FOR-US: WORK system e-commerce -CVE-2007-1422 +CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti all ...) NOT-FOR-US: Duyuru Scripti -CVE-2007-1421 +CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...) NOT-FOR-US: SubDog -CVE-2007-1420 +CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of servic ...) - mysql-dfsg-5.0 5.0.32-8 (bug #414790) [etch] - mysql-dfsg-5.0 5.0.32-7etch1 -CVE-2007-1419 +CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ove ...) NOT-FOR-US: JMX RMI-IIOP -CVE-2007-1418 +CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.ph ...) NOT-FOR-US: DekiWiki -CVE-2007-1417 +CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...) NOT-FOR-US: NEWSSYSTEM -CVE-2007-1416 +CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (ak ...) NOT-FOR-US: URLshrink -CVE-2007-1415 +CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0 ...) NOT-FOR-US: PMB Services -CVE-2007-1414 +CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-1413 +CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP 5 ...) - php4 <removed> (unimportant) - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script -CVE-2007-1412 +CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 al ...) - php4 <not-affected> (cpdf extension not enabled in binary build) - php5 <not-affected> (cpdf extension not enabled in binary build) -CVE-2007-1411 +CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versio ...) - php4 <not-affected> (no mssql extension in Debian) - php5 <not-affected> (no mssql extension in Debian) -CVE-2007-1410 +CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...) NOT-FOR-US: GaziYapBoz Game Portal -CVE-2007-1409 +CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...) - wordpress <not-affected> (Path disclosure) -CVE-2007-1408 +CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outpos ...) NOT-FOR-US: Vallheru -CVE-2007-1407 +CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has un ...) NOT-FOR-US: Quick.Cart -CVE-2007-1406 +CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header s ...) [etch] - trac 0.10.3-1etch1 - trac 0.10.4-1 (bug #414134; bug #420219) NOTE: Browser bug, only exploitable on IE, still fixed in a point release -CVE-2007-1405 +CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...) [etch] - trac 0.10.3-1etch1 - trac 0.10.4-1 (bug #414134; bug #420219) NOTE: Browser bug, only exploitable on IE, still fixed in a point release -CVE-2007-1404 +CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attac ...) NOT-FOR-US: ProSysInfo TFTP Server -CVE-2007-1403 +CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in SwDir.d ...) NOT-FOR-US: ActiveX control -CVE-2007-1402 +CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows rem ...) NOT-FOR-US: Rediff Toolbar ActiveX control -CVE-2007-1401 +CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...) NOT-FOR-US: php doesn't ship with cracklib activated in debian. -CVE-2007-1400 +CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...) NOT-FOR-US: Plash -CVE-2007-1399 +CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8. ...) {DSA-1330-1} - php5 5.2.2-1 (medium) -CVE-2007-1398 +CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...) - snort <not-affected> (Vulnerable code not present) -CVE-2007-1397 +CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...) NOT-FOR-US: FiSH IRC Encryption -CVE-2007-1396 +CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...) - php5 5.2.2-1 (unimportant) NOTE: Non-issue -CVE-2007-1395 +CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 th ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.0.2-1 (medium) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2007-1394 +CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...) NOT-FOR-US: Flat Chat -CVE-2007-1393 +CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2 ...) NOT-FOR-US: Magic CMS -CVE-2007-1392 +CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...) NOT-FOR-US: netForo! -CVE-2007-1391 +CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.ph ...) NOT-FOR-US: WEBO -CVE-2007-1390 +CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 a ...) NOT-FOR-US: dynalias -CVE-2007-1389 +CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...) NOT-FOR-US: dynalias -CVE-2007-1388 +CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux k ...) - linux-2.6 2.6.18.dfsg.1-12 -CVE-2007-1387 +CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0r ...) {DSA-1536-1} - mplayer 1.0~rc1-13 (bug #414075; low) - xine-lib 1.1.2+dfsg-3 (bug #414072; low) @@ -12779,133 +12779,133 @@ CVE-2007-1387 [sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons) CVE-2007-1386 RESERVED -CVE-2007-1385 +CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to c ...) - ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium) -CVE-2007-1384 +CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...) - ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium) -CVE-2007-1383 +CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 all ...) - php4 <removed> (unimportant) NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected" -CVE-2007-1382 +CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow context-depend ...) NOT-FOR-US: Windows PHP COM extensions -CVE-2007-1381 +CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ...) - php5 <not-affected> (Affected only a php5 CVS version, not a release) -CVE-2007-1380 +CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP b ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.6-1 (low) - php5 5.2.0-11 (low) -CVE-2007-1379 +CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before 4.4 ...) - php4 <not-affected> (Ovrimus support not included in Debian's PHP packages) -CVE-2007-1378 +CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP befo ...) - php4 <not-affected> (Ovrimus support not included in Debian's PHP packages) -CVE-2007-1377 +CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, N ...) NOT-FOR-US: Adobe Reader -CVE-2007-1376 +CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ...) {DSA-1283-1 DTSA-39-1} - php4 <removed> - php5 5.2.0-11 NOTE: Only triggerable by malicious script -CVE-2007-1375 +CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and earli ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (low) NOTE: Should be fixed, could be used as a stepstone for further attacks -CVE-2007-1374 +CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz F ...) NOT-FOR-US: Snitz Forums -CVE-2007-1373 +CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...) NOT-FOR-US: Mercury Mail Transport System -CVE-2007-1372 +CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...) NOT-FOR-US: PostGuestbook -CVE-2007-1371 +CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...) - conquest 8.2b-1 (low) [sarge] - conquest <no-dsa> (Minor issue) [etch] - conquest <no-dsa> (Minor issue) -CVE-2007-1370 +CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...) NOT-FOR-US: Zend Platform -CVE-2007-1369 +CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...) NOT-FOR-US: Zend Platform -CVE-2007-1368 +CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4 ...) NOT-FOR-US: Drupal module Project -CVE-2007-1367 +CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya Co ...) NOT-FOR-US: Avaya Communications Manager -CVE-2007-1366 +CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the divis ...) {DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 -CVE-2007-1365 +CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows rem ...) NOT-FOR-US: OpenBSD Kernel -CVE-2007-1364 +CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain privi ...) NOT-FOR-US: DropAFew -CVE-2007-1363 +CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...) NOT-FOR-US: DropAFew -CVE-2007-1362 +CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-14 - iceape 1.1.2-1 (low) - iceweasel 2.0.0.4-1 (low) - xulrunner 1.8.1.4-1 (low) -CVE-2007-1361 +CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in V ...) NOT-FOR-US: VirtueMart -CVE-2007-1360 +CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x befo ...) NOT-FOR-US: Drupal module Nodefamily -CVE-2007-1359 +CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlie ...) - libapache-mod-security 2.1.2-1 -CVE-2007-1358 +CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...) - tomcat4 <removed> (low) [sarge] - tomcat4 <no-dsa> (Contrib not supported) -CVE-2007-1357 +CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...) {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 CVE-2007-1356 REJECTED -CVE-2007-1355 +CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the appdev/samp ...) - tomcat4 <removed> (unimportant) - tomcat5 <removed> (unimportant) - tomcat5.5 5.5.25-1 (unimportant) NOTE: Just an example application for documentation purposes -CVE-2007-1354 +CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX Co ...) NOT-FOR-US: JBoss Application Server -CVE-2007-1353 +CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1} - linux-2.6 2.6.22-1 (low) -CVE-2007-1352 +CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont b ...) {DSA-1294-1} - libxfont 1:1.2.2-2 (medium) -CVE-2007-1351 +CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...) {DSA-1454-1 DSA-1294-1} - libxfont 1:1.2.2-2 (medium) - freetype 2.3.5-1 (medium; bug #426771) -CVE-2007-1350 +CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 al ...) NOT-FOR-US: Novell NetMail -CVE-2007-1349 +CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mo ...) - apache <removed> (low) - libapache2-mod-perl2 2.0.2-5 (low; bug #433549) [etch] - libapache2-mod-perl2 <no-dsa> (Minor issue) [etch] - apache 1.3.34-4.1+etch1 CVE-2007-1348 REJECTED -CVE-2007-1347 +CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and p ...) NOT-FOR-US: Microsoft Windows Explorer -CVE-2007-1346 +CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...) NOT-FOR-US: Sun Fire Server -CVE-2007-1345 +CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA (Co ...) NOT-FOR-US: CA eTrust Admin -CVE-2007-1344 +CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 a ...) NOT-FOR-US: Ezstream -CVE-2007-1343 +CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...) {DSA-1267-1} - webcalendar 1.0.5-1 (high) -CVE-2007-1342 +CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelso ...) NOT-FOR-US: vBulletin -CVE-2007-1341 +CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not us ...) NOT-FOR-US: Simple Invoices -CVE-2007-1340 +CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz N ...) NOT-FOR-US: News-Letterman -CVE-2007-1339 +CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management Applicati ...) NOT-FOR-US: Links Management Application -CVE-2007-1338 +CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort Extr ...) NOT-FOR-US: Apple AirPort Extreme -CVE-2007-1337 +CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 d ...) NOT-FOR-US: VMware CVE-2007-1336 RESERVED @@ -12915,46 +12915,46 @@ CVE-2007-1334 RESERVED CVE-2007-1333 RESERVED -CVE-2007-1332 +CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Bank ...) NOT-FOR-US: TKS Banking Solutions ePortfolio -CVE-2007-1331 +CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Sol ...) NOT-FOR-US: TKS Banking Solutions ePortfolio -CVE-2007-1330 +CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.1 ...) NOT-FOR-US: Comodo Firewall Pro -CVE-2007-1329 +CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...) - sql-ledger <unfixed> (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users -CVE-2007-1328 +CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...) NOT-FOR-US: JOLY BJ Webring -CVE-2007-1327 +CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-serv ...) NOT-FOR-US: silc daemon -CVE-2007-1326 +CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows r ...) - serendipity <removed> (unimportant) NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html -CVE-2007-1325 +CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in php ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.0.2-1 [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2007-1324 +CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u ...) NOT-FOR-US: SnapGear CVE-2007-1323 REJECTED -CVE-2007-1322 +CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing t ...) {DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 -CVE-2007-1321 +CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...) {DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 -CVE-2007-1320 +CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region f ...) {DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 - xen-3 3.1.0-2 (bug #444007; medium) - xen-3.0 <removed> -CVE-2007-1319 +CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in t ...) NOT-FOR-US: DeviceXPlorer OLE CVE-2007-1318 RESERVED @@ -12966,7 +12966,7 @@ CVE-2007-1315 RESERVED CVE-2007-1314 RESERVED -CVE-2007-1313 +CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly va ...) NOT-FOR-US: NETxAutomation NETxEIB OPC Server CVE-2007-1312 RESERVED @@ -12974,64 +12974,64 @@ CVE-2007-1311 RESERVED CVE-2007-1310 RESERVED -CVE-2007-1309 +CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated u ...) NOT-FOR-US: Novell Access Management -CVE-2007-1308 +CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...) - kdelibs <unfixed> (unimportant) NOTE: Browser crashes not treated as security problems -CVE-2007-1307 +CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...) NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN -CVE-2007-1306 +CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attacker ...) {DSA-1358-1} - asterisk 1:1.2.16~dfsg-1 (medium) -CVE-2007-1305 +CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sav ...) NOT-FOR-US: Sava's Guestbook -CVE-2007-1304 +CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...) NOT-FOR-US: Sava's Guestbook -CVE-2007-1303 +CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earli ...) NOT-FOR-US: RRDBrowse -CVE-2007-1302 +CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...) NOT-FOR-US: LI-Guestbook -CVE-2007-1301 +CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable Enterpri ...) NOT-FOR-US: MailEnable Enterprise -CVE-2007-1300 +CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier v ...) NOT-FOR-US: ISPUtil -CVE-2007-1299 +CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats Rea ...) NOT-FOR-US: Mani Stats Reader -CVE-2007-1298 +CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows rem ...) NOT-FOR-US: AJ Auction -CVE-2007-1297 +CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...) NOT-FOR-US: AJ Dating -CVE-2007-1296 +CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds 1. ...) NOT-FOR-US: AJ Classifieds -CVE-2007-1295 +CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...) NOT-FOR-US: AJ Forum -CVE-2007-1294 +CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in D ...) NOT-FOR-US: DivXBrowserPlugin ActiveX control -CVE-2007-1293 +CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ma ...) NOT-FOR-US: Rigter Portal System -CVE-2007-1292 +CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin befo ...) NOT-FOR-US: vBulletin -CVE-2007-1291 +CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Track ...) NOT-FOR-US: TygerBT -CVE-2007-1290 +CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking Sy ...) NOT-FOR-US: TygerBT -CVE-2007-1289 +CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking Syst ...) NOT-FOR-US: TygerBT -CVE-2007-1288 +CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...) NOT-FOR-US: WB News CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info] - lintian 1.23.28 (low) [sarge] - lintian <not-affected> (Vulnerable code not present) -CVE-2007-1287 +CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...) - php4 <removed> (unimportant) [sarge] - php4 <not-affected> (Regression introduced in 4.4.3) NOTE: Non-issue, explicit debug feature -CVE-2007-1286 +CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php4 6:4.4.6-1 (low) - php5 5.2.0-11 (low) -CVE-2007-1285 +CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...) - php5 5.2.2-1 (unimportant) - php4 <removed> (unimportant) NOTE: Needs to be sanisited within apps, only crashes the current instance anyway @@ -13039,20 +13039,20 @@ CVE-2007-1284 RESERVED CVE-2007-1283 RESERVED -CVE-2007-1282 +CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...) {DSA-1336-1} - icedove 1.5.0.10.dfsg1-1 (medium) -CVE-2007-1281 +CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...) NOT-FOR-US: Kaspersky AntiVirus Engine -CVE-2007-1280 +CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...) NOT-FOR-US: Adobe -CVE-2007-1279 +CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 upda ...) NOT-FOR-US: Adobe -CVE-2007-1278 +CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updat ...) NOT-FOR-US: Adobe JRun and Coldfusion -CVE-2007-1277 +CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites d ...) - wordpress <not-affected> (orig.tar.gz not compromised) -CVE-2007-1276 +CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...) - webmin <removed> CVE-2007-1275 RESERVED @@ -13061,427 +13061,427 @@ CVE-2007-1274 CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3] - git-core 1:1.5.0.3-1 (bug #413629; low) [etch] - git-core 1:1.4.4.4-2 (bug #413629; low) -CVE-2007-1273 +CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before 2006 ...) NOT-FOR-US: NetBSD Kernel CVE-2007-1272 RESERVED -CVE-2007-1271 +CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attac ...) NOT-FOR-US: VMware ESX Server -CVE-2007-1270 +CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...) NOT-FOR-US: VMware ESX Server -CVE-2007-1269 +CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ...) - gnumail <unfixed> (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 -CVE-2007-1268 +CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...) - mutt <unfixed> (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 -CVE-2007-1267 +CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ...) - sylpheed <unfixed> (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 -CVE-2007-1266 +CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd argu ...) - evolution <unfixed> (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 -CVE-2007-1265 +CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...) - kdepim <unfixed> (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 -CVE-2007-1264 +CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd argu ...) - enigmail 2:0.95.0+1-1 (unimportant; bug #415225) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 -CVE-2007-1263 +CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the comm ...) {DSA-1266-1} - gnupg 1.4.6-2 (bug #413922; low) - gpgme1.0 1.1.2-3 (bug #414170; low) - gnupg2 2.0.3-1 [sarge] - gnupg2 <no-dsa> (Minor issue) [etch] - gnupg2 <no-dsa> (Minor issue) -CVE-2007-1262 +CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...) {DSA-1290-1} - squirrelmail 2:1.4.10a-1 -CVE-2007-1261 +CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before 0 ...) NOT-FOR-US: OpenBiblio -CVE-2007-1260 +CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in server.cp ...) NOT-FOR-US: WebMod -CVE-2007-1259 +CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unk ...) NOT-FOR-US: WebAPP -CVE-2007-1258 +CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...) NOT-FOR-US: Cisco -CVE-2007-1257 +CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...) NOT-FOR-US: Cisco -CVE-2007-1256 +CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address b ...) - iceweasel <removed> (unimportant) NOTE: Not exploitable -CVE-2007-1255 +CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connecti ...) NOT-FOR-US: Connectix Boards -CVE-2007-1254 +CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Board ...) NOT-FOR-US: Connectix Boards -CVE-2007-1253 +CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script f ...) - blender 2.42a-6 (medium) [sarge] - blender <not-affected> (bug was introduced in version 2.42) NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html -CVE-2007-1252 +CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 17 ...) NOT-FOR-US: Symantec Mail Security -CVE-2007-1251 +CVE-2007-1251 (Format string vulnerability in the new_warning function in ntserv/warn ...) NOT-FOR-US: Netrek Vanilla Server -CVE-2007-1250 +CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning M ...) NOT-FOR-US: Learning Management Suite -CVE-2007-1249 +CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 do ...) NOT-FOR-US: Contelligent -CVE-2007-1248 +CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News M ...) NOT-FOR-US: News Manager Blog -CVE-2007-1247 +CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNe ...) NOT-FOR-US: aWebNews -CVE-2007-1246 +CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...) {DSA-1536-1} - mplayer 1.0~rc1-13 (bug #414075; medium) - xine-lib 1.1.2+dfsg-3 (bug #414072; medium) [etch] - mplayer 1.0~rc1-12etch [sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons) NOTE: vlc checked, and is not affected. -CVE-2007-1245 +CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service (a ...) NOT-FOR-US: IrfanView -CVE-2007-1244 +CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ...) - wordpress 2.1.2-1 (medium) [etch] - wordpress 2.0.10 -CVE-2007-1243 +CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication an ...) NOT-FOR-US: Audins Audiens -CVE-2007-1242 +CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...) NOT-FOR-US: Audins Audiens -CVE-2007-1241 +CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins Audien ...) NOT-FOR-US: Audins Audiens -CVE-2007-1240 +CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0. ...) NOT-FOR-US: Docebo CMS -CVE-2007-1239 +CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...) NOT-FOR-US: Microsoft Office -CVE-2007-1238 +CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...) NOT-FOR-US: Microsoft Office -CVE-2007-1237 +CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive informat ...) NOT-FOR-US: sitex -CVE-2007-1236 +CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a re ...) NOT-FOR-US: sitex -CVE-2007-1235 +CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote attacker ...) NOT-FOR-US: sitex -CVE-2007-1234 +CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow rem ...) NOT-FOR-US: sitex -CVE-2007-1233 +CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in STWC ...) NOT-FOR-US: STWC-Counter -CVE-2007-1232 +CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...) NOT-FOR-US: SQLiteManager -CVE-2007-1231 +CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1 ...) NOT-FOR-US: SQLiteManager -CVE-2007-1230 +CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ...) - wordpress 2.1.2-1 (medium) [etch] - wordpress 2.0.10 -CVE-2007-1229 +CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServ ...) NOT-FOR-US: Nullsoft ShoutcastServer -CVE-2007-1228 +CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...) NOT-FOR-US: IBM DB2 -CVE-2007-1227 +CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 al ...) NOT-FOR-US: McAfee VirusScan -CVE-2007-1226 +CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissio ...) NOT-FOR-US: McAfee VirusScan -CVE-2007-1225 +CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy 4 ...) NOT-FOR-US: Grok Developments NetProxy -CVE-2007-1224 +CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...) NOT-FOR-US: Grok Developments NetProxy -CVE-2007-1223 +CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...) NOT-FOR-US: Hitachi OSAS/FT/W -CVE-2007-1222 +CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...) NOT-FOR-US: Parallels Desktop -CVE-2007-1221 +CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attac ...) NOT-FOR-US: Microsoft Xbox 360 -CVE-2007-1220 +CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not pro ...) NOT-FOR-US: Microsoft Xbox 360 -CVE-2007-1219 +CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin Ph ...) NOT-FOR-US: Phorum -CVE-2007-1217 +CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...) - isdnutils 1:3.9.20060704-3 (bug #408530; low) [sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network) - asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant) - linux-2.6 2.6.21-1 (bug #411294; unimportant) NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server -CVE-2007-1216 +CVE-2007-1216 (Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5un ...) {DSA-1276-1} - krb5 1.4.4-8 (high) -CVE-2007-1215 +CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...) NOT-FOR-US: Microsoft GDI -CVE-2007-1214 +CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 fo ...) NOT-FOR-US: Microsoft Excel -CVE-2007-1213 +CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows loc ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1212 +CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...) NOT-FOR-US: Microsoft GDI -CVE-2007-1211 +CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2007-1210 REJECTED -CVE-2007-1209 +CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ( ...) NOT-FOR-US: Windows Vista CVE-2007-1208 REJECTED CVE-2007-1207 REJECTED -CVE-2007-1206 +CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windo ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1205 +CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1204 +CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1203 +CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...) NOT-FOR-US: Microsoft Excel -CVE-2007-1202 +CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) NOT-FOR-US: Microsoft Word -CVE-2007-1201 +CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...) NOT-FOR-US: Microsoft Office CVE-2007-1200 RESERVED -CVE-2007-1199 +CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read arbitrar ...) NOT-FOR-US: Acrobat Reader -CVE-2007-1198 +CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 al ...) NOT-FOR-US: TaskFreak! -CVE-2007-1197 +CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unkn ...) NOT-FOR-US: Epiware -CVE-2007-1196 +CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for Win ...) NOT-FOR-US: Citrix -CVE-2007-1195 +CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow r ...) NOT-FOR-US: XM Easy Personal FTP Server -CVE-2007-1194 +CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt De ...) NOT-FOR-US: SandBox Analyzer -CVE-2007-1193 +CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM be ...) NOT-FOR-US: OrangeHRM -CVE-2007-1192 +CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive informati ...) NOT-FOR-US: HyperBook Guestbook -CVE-2007-1191 +CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes us ...) NOT-FOR-US: Quicksilver plugin Social Bookmarks -CVE-2007-1190 +CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX contro ...) NOT-FOR-US: EmbeddedWB ActiveX control -CVE-2007-1189 +CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell L ...) NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9 -CVE-2007-1188 +CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form in ...) NOT-FOR-US: WebAPP -CVE-2007-1187 +CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...) NOT-FOR-US: WebAPP -CVE-2007-1186 +CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, w ...) NOT-FOR-US: WebAPP -CVE-2007-1185 +CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...) NOT-FOR-US: WebAPP -CVE-2007-1184 +CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setti ...) NOT-FOR-US: WebAPP -CVE-2007-1183 +CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof anoth ...) NOT-FOR-US: WebAPP -CVE-2007-1182 +CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profil ...) NOT-FOR-US: WebAPP -CVE-2007-1181 +CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the usern ...) NOT-FOR-US: WebAPP -CVE-2007-1180 +CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...) NOT-FOR-US: WebAPP -CVE-2007-1179 +CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in cer ...) NOT-FOR-US: WebAPP -CVE-2007-1178 +CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts relate ...) NOT-FOR-US: WebAPP -CVE-2007-1177 +CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in c ...) NOT-FOR-US: WebAPP -CVE-2007-1176 +CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0 ...) NOT-FOR-US: WebAPP -CVE-2007-1175 +CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...) NOT-FOR-US: WebAPP -CVE-2007-1174 +CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 2 ...) NOT-FOR-US: WebAPP -CVE-2007-1173 +CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service (X ...) NOT-FOR-US: CentennialIPTransferServer -CVE-2007-1172 +CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05 ...) NOT-FOR-US: WebAPP -CVE-2007-1171 +CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2 ...) NOT-FOR-US: NukeSentinel -CVE-2007-1170 +CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0. ...) NOT-FOR-US: SimBin Racing -CVE-2007-1169 +CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-1168 +CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 2 ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-1167 +CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ear ...) NOT-FOR-US: Clanportal -CVE-2007-1166 +CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows remot ...) NOT-FOR-US: Nabopoll -CVE-2007-1165 +CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...) NOT-FOR-US: DBGuestbook -CVE-2007-1164 +CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1 ...) NOT-FOR-US: DBImageGallery -CVE-2007-1163 +CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and e ...) NOT-FOR-US: webSPELL -CVE-2007-1162 +CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ( ...) NOT-FOR-US: Common Controls ActiveX control -CVE-2007-1161 +CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call Cen ...) NOT-FOR-US: Call Center Software -CVE-2007-1218 +CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the 802.1 ...) {DSA-1272-1} - tcpdump 3.9.5-2 (bug #413430; low) -CVE-2007-1160 +CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...) NOT-FOR-US: webSPELL -CVE-2007-1159 +CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in Pyropho ...) NOT-FOR-US: Pyrophobia -CVE-2007-1158 +CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...) NOT-FOR-US: Pagesetter -CVE-2007-1157 +CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAda ...) NOT-FOR-US: JBoss -CVE-2007-1156 +CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access c ...) NOT-FOR-US: JBrowser -CVE-2007-1155 +CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote authe ...) NOT-FOR-US: webSPELL -CVE-2007-1154 +CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to exe ...) NOT-FOR-US: webSPELL -CVE-2007-1153 +CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...) NOT-FOR-US: CuteNews -CVE-2007-1152 +CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 all ...) NOT-FOR-US: Pyrophobia -CVE-2007-1151 +CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...) NOT-FOR-US: LoveCMS -CVE-2007-1150 +CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote au ...) NOT-FOR-US: LoveCMS -CVE-2007-1149 +CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remo ...) NOT-FOR-US: LoveCMS -CVE-2007-1148 +CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCM ...) NOT-FOR-US: LoveCMS -CVE-2007-1147 +CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remo ...) NOT-FOR-US: hbm -CVE-2007-1146 +CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost al ...) NOT-FOR-US: arabhost -CVE-2007-1145 +CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...) NOT-FOR-US: Kayako SupportSuite -CVE-2007-1144 +CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Nav ...) NOT-FOR-US: J-Web Pics Navigator -CVE-2007-1143 +CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigat ...) NOT-FOR-US: J-Web Pics Navigator -CVE-2007-1142 +CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allo ...) NOT-FOR-US: Magic News Plus -CVE-2007-1141 +CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News P ...) NOT-FOR-US: Magic News Plus -CVE-2007-1140 +CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote a ...) NOT-FOR-US: pheap -CVE-2007-1139 +CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla P ...) NOT-FOR-US: Simple Plantilla PHP -CVE-2007-1138 +CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromos ...) NOT-FOR-US: Simple Plantilla PHP -CVE-2007-1137 +CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...) NOT-FOR-US: Putmail -CVE-2007-1136 +CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...) NOT-FOR-US: WebMplayer -CVE-2007-1135 +CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alph ...) NOT-FOR-US: WebMplayer -CVE-2007-1134 +CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown i ...) NOT-FOR-US: Watchtower -CVE-2007-1133 +CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 al ...) NOT-FOR-US: FCRing -CVE-2007-1132 +CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us ...) NOT-FOR-US: MTCMS -CVE-2007-1131 +CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis Foru ...) NOT-FOR-US: Sinapis Forum -CVE-2007-1130 +CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gaste ...) NOT-FOR-US: Sinapis Gastebuch -CVE-2007-1129 +CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow r ...) NOT-FOR-US: MTCMS -CVE-2007-1128 +CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: shopkitplus -CVE-2007-1127 +CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus a ...) NOT-FOR-US: shopkitplus -CVE-2007-1126 +CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows re ...) NOT-FOR-US: xtcommerce -CVE-2007-1125 +CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Sim ...) NOT-FOR-US: XeroXer Simple -CVE-2007-1124 +CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple one ...) NOT-FOR-US: XeroXer Simple -CVE-2007-1123 +CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...) NOT-FOR-US: ZPanel -CVE-2007-1122 +CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...) NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued -CVE-2007-1121 +CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...) NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued -CVE-2007-1120 +CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...) NOT-FOR-US: TeeChart Pro ActiveX control -CVE-2007-1119 +CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management Supp ...) NOT-FOR-US: Novell ZENworks -CVE-2007-1118 +CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 a ...) NOT-FOR-US: eFiction -CVE-2007-1117 +CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 a ...) NOT-FOR-US: Microsoft Office -CVE-2007-1116 +CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.4-1 (low) - iceape 1.1.2-1 (low) - xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low) NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/, NOTE: older mozillas are not vulnerable -CVE-2007-1115 +CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset fr ...) NOT-FOR-US: Opera -CVE-2007-1114 +CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...) NOT-FOR-US: Microsoft IE CVE-2007-1113 RESERVED -CVE-2007-1112 +CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe meth ...) NOT-FOR-US: Kaspersky Anti-Virus -CVE-2007-1111 +CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...) NOT-FOR-US: ActiveCalendar -CVE-2007-1110 +CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ActiveCalend ...) NOT-FOR-US: ActiveCalendar -CVE-2007-1109 +CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1 ...) NOT-FOR-US: Phpwebgallery -CVE-2007-1108 +CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schn ...) NOT-FOR-US: CS-Gallery -CVE-2007-1107 +CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo Gall ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-1106 +CVE-2007-1106 (PHP remote file inclusion vulnerability in includes/functions_nomoketo ...) NOT-FOR-US: NoMoKeTos Rules -CVE-2007-1105 +CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ph ...) NOT-FOR-US: phpBB Extreme -CVE-2007-1104 +CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module Imple ...) NOT-FOR-US: PHP Module Implementation -CVE-2007-1103 +CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, whic ...) - tor <unfixed> (unimportant) NOTE: Minor issue, just puts more noise on the node -CVE-2007-1102 +CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Photostand -CVE-2007-1101 +CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2. ...) NOT-FOR-US: Photostand -CVE-2007-1100 +CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan Pickl ...) NOT-FOR-US: Pickle -CVE-2007-1099 +CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...) - dropbear 0.49-1 (unimportant; bug #412899) [etch] - dropbear 0.48.1-2 (unimportant) NOTE: That's a lack of a security feature (strict hostkey checking in openssh NOTE: termininoloy) and an awkward interface, but not a vulnerability per se NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation -CVE-2007-1098 +CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unk ...) NOT-FOR-US: ScryMUD -CVE-2007-1097 +CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function i ...) NOT-FOR-US: Wiclear -CVE-2007-1096 +CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...) NOT-FOR-US: VirtueMart -CVE-2007-1095 +CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (low; bug #445514) - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-30 -CVE-2007-1094 +CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft IE -CVE-2007-1093 +CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ( ...) NOT-FOR-US: Network Node Manager -CVE-2007-1092 +CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...) - iceweasel 2.0.0.2+dfsg-1 (low) -CVE-2007-1091 +CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...) NOT-FOR-US: Microsoft IE -CVE-2007-1090 +CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote user-a ...) NOT-FOR-US: Microsoft Windows -CVE-2007-1089 +CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local u ...) NOT-FOR-US: IBM DB2 -CVE-2007-1088 +CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9. ...) NOT-FOR-US: IBM DB2 -CVE-2007-1087 +CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not pr ...) NOT-FOR-US: IBM DB2 -CVE-2007-1086 +CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 befor ...) NOT-FOR-US: IBM DB2 -CVE-2007-1085 +CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows remo ...) NOT-FOR-US: Google Desktop -CVE-2007-1084 +CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...) - iceweasel <removed> (unimportant; bug #556268) - iceape <removed> (unimportant) - epiphany-browser <unfixed> (unimportant; bug #556272) @@ -13491,96 +13491,96 @@ CVE-2007-1084 [lenny] - kazehakase 0.5.4-2lenny1 - conkeror <not-affected> (doesn't support bookmarks) - webkit <not-affected> (doesn't support javascript embedded in bookmarks) -CVE-2007-1083 +CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX contr ...) NOT-FOR-US: ConfigChk ActiveX control -CVE-2007-1082 +CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allo ...) NOT-FOR-US: FTP Explorer -CVE-2007-1081 +CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...) - typo3-src 4.0.5+debian-1 [etch] - typo3-src 4.0.2+debian-3 -CVE-2007-1080 +CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...) NOT-FOR-US: TurboFTP -CVE-2007-1079 +CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0 ...) NOT-FOR-US: FTP Voyager -CVE-2007-1078 +CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScrip ...) NOT-FOR-US: FlashGameScript -CVE-2007-1077 +CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2. ...) NOT-FOR-US: UserPages2 -CVE-2007-1076 +CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...) NOT-FOR-US: phpTrafficA -CVE-2007-1075 +CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ser ...) NOT-FOR-US: TurboFTP -CVE-2007-1074 +CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allo ...) NOT-FOR-US: NewsBin Pro -CVE-2007-1073 +CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows r ...) NOT-FOR-US: mcRefer -CVE-2007-1072 +CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911 ...) NOT-FOR-US: Cisco -CVE-2007-1071 +CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple Ma ...) NOT-FOR-US: Apple ImageIO -CVE-2007-1069 +CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attack ...) NOT-FOR-US: VMware -CVE-2007-1068 +CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ( ...) NOT-FOR-US: Cisco -CVE-2007-1067 +CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco -CVE-2007-1066 +CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco -CVE-2007-1065 +CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco -CVE-2007-1064 +CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco -CVE-2007-1063 +CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7 ...) NOT-FOR-US: Cisco -CVE-2007-1062 +CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...) NOT-FOR-US: Cisco -CVE-2007-1061 +CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8 ...) NOT-FOR-US: PHP-Nuke -CVE-2007-1060 +CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendS ...) NOT-FOR-US: SendStudio -CVE-2007-1059 +CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fu ...) NOT-FOR-US: Ultimate Fun Book -CVE-2007-1058 +CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Build ...) NOT-FOR-US: Online Web Building -CVE-2007-1057 +CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application Swi ...) NOT-FOR-US: Nortel Application Switch -CVE-2007-1056 +CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user restric ...) NOT-FOR-US: VMware -CVE-2007-1055 +CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...) - mediawiki 1.7.1-9 (bug #406238; medium) -CVE-2007-1054 +CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...) - mediawiki 1.7.1-9 (bug #406238; medium) CVE-2007-1053 NOT-FOR-US: phpXmms CVE-2007-1052 NOT-FOR-US: PBLang -CVE-2007-1051 +CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...) NOT-FOR-US: Comodo Firewall Pro -CVE-2007-1050 +CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ab ...) NOT-FOR-US: MyCalendar -CVE-2007-1048 +CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...) NOT-FOR-US: phpbb_wordsearch -CVE-2007-1047 +CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...) - dcc <removed> (medium; bug #439718) -CVE-2007-1046 +CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a direc ...) NOT-FOR-US: Dem_trac -CVE-2007-1045 +CVE-2007-1045 (mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrat ...) NOT-FOR-US: mAlbum -CVE-2007-1044 +CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list th ...) NOT-FOR-US: PowerSchool -CVE-2007-1043 +CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass auth ...) NOT-FOR-US: Ezboo -CVE-2007-1042 +CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News (X-New ...) NOT-FOR-US: Xpression News -CVE-2007-1041 +CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News ...) NOT-FOR-US: News Rover -CVE-2007-1040 +CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News (X ...) NOT-FOR-US: Xpression News -CVE-2007-1039 +CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 an ...) NOT-FOR-US: Peanut Knowledge Base -CVE-2007-1038 +CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...) NOT-FOR-US: Grabit -CVE-2007-1037 +CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier a ...) NOT-FOR-US: News File Grabber CVE-2007-XXXX [vserver patch allows renice of processes in different context] - linux-2.6 2.6.18.dfsg.1-12 (bug #412143) @@ -13595,109 +13595,109 @@ CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security suppor - amavisd-new 1:2.5.2-1 (unimportant; bug #410588) NOTE: Doesn't affect a standard Debian installation, only users, which install NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability -CVE-2007-1049 +CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce funct ...) {DTSA-34-1} - wordpress 2.1.1-1 (low) -CVE-2007-1070 +CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-1036 +CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...) NOT-FOR-US: JBoss -CVE-2007-1035 +CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 1 ...) NOT-FOR-US: Mediafield and Audio modules for Drupal NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3 -CVE-2007-1034 +CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...) NOT-FOR-US: Emporium for PHP-Nuke -CVE-2007-1033 +CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x ...) NOT-FOR-US: Secure site for Drupal -CVE-2007-1032 +CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register ...) NOT-FOR-US: phpMyFAQ -CVE-2007-1031 +CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...) NOT-FOR-US: Vivvo Article Management CMS -CVE-2007-1030 +CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...) - libevent <not-affected> (vulnerable version 1.2 was never uploaded) -CVE-2007-1029 +CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 compone ...) NOT-FOR-US: Quiksoft EasyMail Objects -CVE-2007-1028 +CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pag ...) NOT-FOR-US: Image Pager -CVE-2007-1027 +CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux a ...) NOT-FOR-US: IBM DB2 -CVE-2007-1026 +CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier al ...) NOT-FOR-US: XLAtunes -CVE-2007-1025 +CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in VS ...) NOT-FOR-US: VS-Link-Partner -CVE-2007-1024 +CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...) NOT-FOR-US: Meganoide's news -CVE-2007-1023 +CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3. ...) NOT-FOR-US: Snitz Forums 2000 -CVE-2007-1022 +CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allo ...) NOT-FOR-US: Turuncu Portal -CVE-2007-1021 +CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...) NOT-FOR-US: CodeAvalanche News -CVE-2007-1020 +CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...) NOT-FOR-US: CedStat -CVE-2007-1019 +CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when regi ...) NOT-FOR-US: webSPELL -CVE-2007-1018 +CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in VirtualSy ...) NOT-FOR-US: VS-News-System -CVE-2007-1017 +CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in Virtua ...) NOT-FOR-US: VS-News-System -CVE-2007-1016 +CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remo ...) NOT-FOR-US: Aktueldownload Haber -CVE-2007-1015 +CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...) NOT-FOR-US: Aktueldownload Haber -CVE-2007-1014 +CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote attack ...) NOT-FOR-US: VicFTPS -CVE-2007-1013 +CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in VirtualSyst ...) NOT-FOR-US: VirtualSystem Htaccess Password Generator -CVE-2007-1012 +CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 a ...) NOT-FOR-US: DeskPRO -CVE-2007-1011 +CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in VS-Gas ...) NOT-FOR-US: VS-Gastebuch -CVE-2007-1010 +CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...) NOT-FOR-US: ZebraFeeds -CVE-2007-1009 +CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallSc ...) NOT-FOR-US: InstallAnywhere -CVE-2007-1008 +CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a de ...) NOT-FOR-US: Apple iTunes -CVE-2007-1007 +CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows r ...) {DSA-1262-1} - gnomemeeting <removed> (high) -CVE-2007-1006 +CVE-2007-1006 (Multiple format string vulnerabilities in the gm_main_window_flash_mes ...) - ekiga 2.0.3-2.1 (bug #411944; high) -CVE-2007-1005 +CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...) NOT-FOR-US: eTrust Intrusion Detection -CVE-2007-1004 +CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and p ...) - iceweasel 2.0.0.4-1 (low) - iceape 1.0.9-1 (low) - xulrunner 1.8.0.4-1 (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555 -CVE-2007-1003 +CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList functio ...) {DSA-1294-1} - xorg-server 2:1.1.1-21 (medium) -CVE-2007-1002 +CVE-2007-1002 (Format string vulnerability in the write_html function in calendar/gui ...) {DSA-1325-1} - evolution 2.10.2-1 [sarge] - evolution <not-affected> (Vulnerable code not present) -CVE-2007-1001 +CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp func ...) - libgd2 2.0.33-1 (medium) NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2. -CVE-2007-1000 +CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...) - linux-2.6 2.6.18.dfsg.1-12 (medium) -CVE-2007-0999 +CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other version ...) - ekiga 2.0.3-5 (bug #414069; high) -CVE-2007-0998 +CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly oth ...) - xen-3.0 <removed> (bug #436250; medium) [etch] - xen-3.0 <unfixed> NOTE: Fedora disabled the VNC access to the Qemu monitor NOTE: An adjusted patch has been sent to the debian bugreport -CVE-2007-0997 +CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel 2. ...) - linux-2.6 2.6.18-1 -CVE-2007-0996 +CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0 ...) {DSA-1336-1} NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (low) - xulrunner 1.8.0.10-1 (low) -CVE-2007-0995 +CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...) {DSA-1336-1} NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (low) @@ -13706,7 +13706,7 @@ CVE-2007-0995 [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0994 +CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x befor ...) {DSA-1336-1} - iceweasel 2.0.0.2+dfsg-2 (medium) CVE-2007-0993 @@ -13719,25 +13719,25 @@ CVE-2007-0990 REJECTED CVE-2007-0989 REJECTED -CVE-2007-0988 +CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4 ...) {DSA-1264-1} [etch] - php4 6:4.4.4-8+etch1 [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 - php5 5.2.0-9 -CVE-2007-0987 +CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 al ...) NOT-FOR-US: Jupiter CMS -CVE-2007-0986 +CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1. ...) NOT-FOR-US: Jupiter CMS -CVE-2007-0985 +CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earl ...) NOT-FOR-US: phpCC -CVE-2007-0984 +CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...) NOT-FOR-US: PollMentor -CVE-2007-0983 +CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Conten ...) NOT-FOR-US: AT Contenator -CVE-2007-0982 +CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0. ...) NOT-FOR-US: TaskFreak! -CVE-2007-0981 +CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x befo ...) {DSA-1336-1} NOTE: MFSA-2007-07 - iceweasel 2.0.0.1+dfsg-3 (bug #411192; high) @@ -13745,284 +13745,284 @@ CVE-2007-0981 - iceape 1.0.8-1 (high) [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0980 +CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for S ...) NOT-FOR-US: HP Serviceguard -CVE-2007-0979 +CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2 ...) NOT-FOR-US: LifeType -CVE-2007-0978 +CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain pr ...) NOT-FOR-US: IBM AIX -CVE-2007-0977 +CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-0976 +CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx ...) NOT-FOR-US: ActSoft DVD-Tools ActiveX control -CVE-2007-0975 +CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...) NOT-FOR-US: Apache Stats -CVE-2007-0974 +CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0. ...) NOT-FOR-US: DropBox -CVE-2007-0973 +CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ju ...) NOT-FOR-US: Jupiter CMS -CVE-2007-0972 +CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in Jup ...) NOT-FOR-US: Jupiter CMS -CVE-2007-0971 +CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remo ...) NOT-FOR-US: Jupiter CMS -CVE-2007-0970 +CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and e ...) NOT-FOR-US: WebTester -CVE-2007-0969 +CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.2 ...) NOT-FOR-US: WebTester -CVE-2007-0968 +CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) bef ...) NOT-FOR-US: Cisco -CVE-2007-0967 +CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remot ...) NOT-FOR-US: Cisco -CVE-2007-0966 +CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the H ...) NOT-FOR-US: Cisco -CVE-2007-0965 +CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to u ...) NOT-FOR-US: Cisco -CVE-2007-0964 +CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...) NOT-FOR-US: Cisco -CVE-2007-0963 +CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...) NOT-FOR-US: Cisco -CVE-2007-0962 +CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4 ...) NOT-FOR-US: Cisco -CVE-2007-0961 +CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5 ...) NOT-FOR-US: Cisco -CVE-2007-0960 +CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Securit ...) NOT-FOR-US: Cisco -CVE-2007-0959 +CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when conf ...) NOT-FOR-US: Cisco -CVE-2007-0958 +CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...) {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 -CVE-2007-0957 +CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ka ...) {DSA-1276-1} - krb5 1.4.4-8 (high) -CVE-2007-0956 +CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote att ...) {DSA-1276-1} - krb5 1.4.4-8 (high) -CVE-2007-0955 +CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professiona ...) NOT-FOR-US: Mail Enable Professional -CVE-2007-0954 +CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...) NOT-FOR-US: MOHA Chat -CVE-2007-0953 +CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 an ...) NOT-FOR-US: @Mail -CVE-2007-0952 +CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net V ...) NOT-FOR-US: Virtual Calendar -CVE-2007-0951 +CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...) NOT-FOR-US: Fullaspsite ASP Hosting Site -CVE-2007-0950 +CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsit ...) NOT-FOR-US: Fullaspsite ASP Hosting Site -CVE-2007-0949 +CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.0 ...) NOT-FOR-US: iTinySoft -CVE-2007-0948 +CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...) NOT-FOR-US: Microsoft Virtual PC -CVE-2007-0947 +CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windo ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-0946 +CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-0945 +CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Wind ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-0944 +CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-0943 +CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows r ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-0942 +CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Win ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0941 REJECTED -CVE-2007-0940 +CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object Mo ...) NOT-FOR-US: Microsoft CAPICOM -CVE-2007-0939 +CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content Manageme ...) NOT-FOR-US: Microsoft Content Management Server -CVE-2007-0938 +CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...) NOT-FOR-US: Microsoft Content Management Server CVE-2007-0937 REJECTED -CVE-2007-0936 +CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow rem ...) NOT-FOR-US: Microsoft CVE-2007-0935 REJECTED -CVE-2007-0934 +CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote user-a ...) NOT-FOR-US: Microsoft -CVE-2007-0933 +CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ( ...) NOT-FOR-US: D-Link -CVE-2007-0932 +CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Al ...) NOT-FOR-US: Aruba Mobility Controller -CVE-2007-0931 +CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba M ...) NOT-FOR-US: Aruba Mobility Controller -CVE-2007-0930 +CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...) NOT-FOR-US: Apache Stats -CVE-2007-0929 +CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 allo ...) NOT-FOR-US: prb (php rrd browser) -CVE-2007-0928 +CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...) NOT-FOR-US: Virtual Calendar -CVE-2007-0927 +CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...) NOT-FOR-US: uTorrent -CVE-2007-0926 +CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows r ...) NOT-FOR-US: KvGuestbook -CVE-2007-0925 +CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...) NOT-FOR-US: Community Server -CVE-2007-0924 +CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentic ...) NOT-FOR-US: phpPolls -CVE-2007-0923 +CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obta ...) NOT-FOR-US: Portal Search -CVE-2007-0922 +CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in P ...) NOT-FOR-US: Portal Search -CVE-2007-0921 +CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrar ...) NOT-FOR-US: Portal Search -CVE-2007-0920 +CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 a ...) NOT-FOR-US: Philboard -CVE-2007-0919 +CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ser ...) NOT-FOR-US: MiniWebsvr -CVE-2007-0918 +CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System (IP ...) NOT-FOR-US: Cisco -CVE-2007-0917 +CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...) NOT-FOR-US: Cisco -CVE-2007-0916 +CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX -CVE-2007-0915 +CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...) NOT-FOR-US: HP-UX -CVE-2007-0914 +CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote attac ...) NOT-FOR-US: Sun Solaris -CVE-2007-0913 +CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote user-a ...) NOT-FOR-US: Microsoft -CVE-2007-0912 +CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...) NOT-FOR-US: JPortal -CVE-2007-0911 +CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...) - php5 5.2.2-1 (bug #410561; bug #410995; medium) [etch] - php5 <not-affected> (A regression only affecting 5.2.1) -CVE-2007-0910 +CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...) {DSA-1264-1} - php5 5.2.0-9 (bug #410561; bug #410995; medium) [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 [etch] - php4 6:4.4.4-8+etch1 -CVE-2007-0909 +CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...) {DSA-1264-1} - php5 5.2.0-9 (bug #410561; bug #410995; medium) [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 [etch] - php4 6:4.4.4-8+etch1 -CVE-2007-0908 +CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...) {DSA-1264-1} - php5 5.2.0-9 [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 NOTE: this extension is not enabled by default in the php packages -CVE-2007-0907 +CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a denia ...) {DSA-1264-1} - php5 5.2.0-9 (bug #410561; bug #410995; medium) [etch] - php5 5.2.0-8+etch1 -CVE-2007-0906 +CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...) {DSA-1264-1} NOTE: (4) is a non-issue, as we don't use the bundled sqlite - php5 5.2.0-9 (bug #410561; bug #410995; medium) - php4 6:4.4.4-9 [etch] - php4 6:4.4.4-8+etch1 [etch] - php5 5.2.0-8+etch1 -CVE-2007-0905 +CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...) - php5 5.2.0-9 (bug #410561; bug #410995; unimportant) NOTE: we normally don't spend much time on safe_mode and open_basedir NOTE: issues, but the because the attack vectors are "unspecified", it NOTE: might be harder for us to try and sort out the fixes for this NOTE: from the session fixes in CVE-2007-0906 (see there for more info) -CVE-2007-0904 +CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...) NOT-FOR-US: LightRO CMS -CVE-2007-0903 +CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd be ...) - ejabberd 1.1.2-5 -CVE-2007-0902 +CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature ...) - moin <unfixed> (unimportant) NOTE: this is a version information disclosure. -CVE-2007-0901 +CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in M ...) - moin 1.5 (bug #411084; medium) NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code -CVE-2007-0900 +CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...) NOT-FOR-US: TagIt! Tagboard CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c] RESERVED {DSA-1263-1} - clamav 0.90-1 [etch] - clamav 0.88.7-2 -CVE-2007-0898 +CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV be ...) {DSA-1263-1} - clamav 0.90-1 (bug #411117) [etch] - clamav 0.88.7-2 -CVE-2007-0897 +CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors ...) {DSA-1263-1} - clamav 0.90-1 (bug #411118) [etch] - clamav 0.88.7-2 -CVE-2007-0896 +CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10 ...) - firefox-sage 1.3.10-1 [etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch) NOTE: http://secunia.com/advisories/24086/ NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer -CVE-2007-0451 +CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a de ...) - spamassassin 3.1.7-2 (bug #410843) NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318 -CVE-2007-0895 +CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...) NOT-FOR-US: Sun Solaris -CVE-2007-0894 +CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ...) - mediawiki <removed> (unimportant) NOTE: Only path disclosure -CVE-2007-0893 +CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows re ...) NOT-FOR-US: phpMyVisites -CVE-2007-0892 +CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...) NOT-FOR-US: phpMyVisites -CVE-2007-0891 +CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...) NOT-FOR-US: phpMyVisites -CVE-2007-0890 +CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPa ...) NOT-FOR-US: cPanel -CVE-2007-0889 +CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible enco ...) NOT-FOR-US: Kiwi CatTools -CVE-2007-0888 +CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...) NOT-FOR-US: Kiwi CatTools -CVE-2007-0887 +CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials ...) NOT-FOR-US: Axigen -CVE-2007-0886 +CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows rem ...) NOT-FOR-US: Axigen -CVE-2007-0885 +CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject. ...) NOT-FOR-US: Rainbow.Zen -CVE-2007-0884 +CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows rem ...) - mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable) -CVE-2007-0883 +CVE-2007-0883 (Directory traversal vulnerability in portalgroups/portalgroups/getfile ...) NOT-FOR-US: IP3 NetAccess -CVE-2007-0882 +CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...) NOT-FOR-US: Sun Solaris -CVE-2007-0881 +CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...) NOT-FOR-US: OPENi-CMS -CVE-2007-0880 +CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...) NOT-FOR-US: Capital Request Forms -CVE-2007-0879 +CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows u ...) NOT-FOR-US: PEBrowse -CVE-2007-0878 +CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows Mo ...) NOT-FOR-US: Microsoft -CVE-2007-0877 +CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...) NOT-FOR-US: March Networks DVR -CVE-2007-0876 +CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image Galler ...) NOT-FOR-US: Quick Digital Image Gallery CVE-2007-0875 NOT-FOR-US: mcRefer -CVE-2007-0874 +CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Allons_voter -CVE-2007-0873 +CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ac ...) NOT-FOR-US: nabopoll -CVE-2007-0872 +CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) add ...) NOT-FOR-US: Plain Old Webserver -CVE-2007-0871 +CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File Host ...) NOT-FOR-US: eXtreme File Hosting CVE-2007-XXXX [dokuwiki conf directory accessible by web users] - dokuwiki 0.0.20061106-3 (bug #410557) -CVE-2007-0870 +CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attacke ...) NOT-FOR-US: Microsoft -CVE-2007-0869 +CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager (ad ...) NOT-FOR-US: vBulletin -CVE-2007-0868 +CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! Mes ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-0867 +CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in Site-As ...) NOT-FOR-US: Site-Assistant -CVE-2007-0866 +CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on HP- ...) NOT-FOR-US: HP OpenView -CVE-2007-0865 +CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and earl ...) NOT-FOR-US: LushiWarPlaner -CVE-2007-0864 +CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allo ...) NOT-FOR-US: LushiWarPlaner CVE-2007-0863 NOT-FOR-US: Trevorchan @@ -14032,18 +14032,18 @@ CVE-2007-0861 NOT-FOR-US: phpCOIN CVE-2007-0860 NOT-FOR-US: local Calendar System -CVE-2007-0859 +CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the sys ...) NOT-FOR-US: Palm OS Treo CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki] - ikiwiki 1.42 (low) [etch] - ikiwiki 1.33.1 CVE-2007-0858 RESERVED -CVE-2007-0857 +CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...) - moin 1.5.3-1.2 (bug #410338; medium; bug #410552) -CVE-2007-0856 +CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (R ...) NOT-FOR-US: Trend Micro Anti-Rootkit Common Module -CVE-2007-0855 +CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR an ...) - rar 1:3.7b1-1 (high; bug #410582) [sarge] - rar <no-dsa> (Non-free) [etch] - rar <no-dsa> (Non-free) @@ -14054,160 +14054,160 @@ CVE-2007-0855 NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration NOTE: unrar-free and clamav (which embeds unrar-free code) not affected -CVE-2007-0854 +CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel Web ...) NOT-FOR-US: cPanel WebHost Manager -CVE-2007-0853 +CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...) NOT-FOR-US: DevTrack -CVE-2007-0852 +CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...) NOT-FOR-US: DevTrack -CVE-2007-0851 +CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...) NOT-FOR-US: Trend Micro Scan Engine -CVE-2007-0850 +CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and execut ...) NOT-FOR-US: SysCP -CVE-2007-0849 +CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly q ...) NOT-FOR-US: SysCP -CVE-2007-0848 +CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...) NOT-FOR-US: Maian Recipe -CVE-2007-0847 +CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server C ...) NOT-FOR-US: Open Tibia Server CMS -CVE-2007-0846 +CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Se ...) NOT-FOR-US: Open Tibia Server CMS -CVE-2007-0845 +CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...) NOT-FOR-US: Advanced Poll -CVE-2007-0843 +CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...) NOT-FOR-US: Microsoft Windows -CVE-2007-0842 +CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVC ...) NOT-FOR-US: Microsoft -CVE-2007-0841 +CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have u ...) NOT-FOR-US: vbDrupal -CVE-2007-0840 +CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...) NOT-FOR-US: HLstats -CVE-2007-0839 +CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in index/index_albu ...) NOT-FOR-US: WebMatic -CVE-2007-0838 +CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a den ...) NOT-FOR-US: FreeProxy -CVE-2007-0837 +CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...) NOT-FOR-US: AgerMenu -CVE-2007-0836 +CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-0835 +CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-0834 +CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows rem ...) NOT-FOR-US: FlashChat -CVE-2007-0833 +CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...) NOT-FOR-US: VMware -CVE-2007-0832 +CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the availab ...) NOT-FOR-US: VMware -CVE-2007-0831 +CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in A ...) NOT-FOR-US: Atsphp CVE-2007-0830 NOT-FOR-US: vBulletin -CVE-2007-0829 +CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a c ...) NOT-FOR-US: avast! -CVE-2007-0828 +CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in MyS ...) NOT-FOR-US: MySQLNewsEngine -CVE-2007-0827 +CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...) NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control -CVE-2007-0826 +CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows r ...) NOT-FOR-US: Kisisel Site -CVE-2007-0825 +CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of s ...) NOT-FOR-US: FlashFXP -CVE-2007-0824 +CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1 ...) NOT-FOR-US: LightRO CMS -CVE-2007-0823 +CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been display ...) - xterm <not-affected> (Not a security problem) -CVE-2007-0822 +CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux 1 ...) - util-linux <not-affected> (Not a security problem) -CVE-2007-0821 +CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailP ...) NOT-FOR-US: PortailPhp -CVE-2007-0820 +CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE Po ...) NOT-FOR-US: PortailPhp -CVE-2007-0819 +CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assi ...) NOT-FOR-US: HP Network Node Manager CVE-2007-0818 REJECTED -CVE-2007-0817 +CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web serve ...) NOT-FOR-US: Adobe ColdFusion web server -CVE-2007-0816 +CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associat ...) NOT-FOR-US: (CA) BrightStor -CVE-2007-0815 +CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapp ...) NOT-FOR-US: Uphotogallery -CVE-2007-0814 +CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...) NOT-FOR-US: ASP Chat -CVE-2007-0813 +CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production MySearchEn ...) NOT-FOR-US: MySearchEngine -CVE-2007-0812 +CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...) NOT-FOR-US: Woltlab Burning Board -CVE-2007-0811 +CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Wi ...) NOT-FOR-US: Microsoft -CVE-2007-0810 +CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in Gee ...) NOT-FOR-US: GeekLog -CVE-2007-0809 +CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...) NOT-FOR-US: Categories Hierarchy -CVE-2007-0808 +CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows re ...) NOT-FOR-US: Mina Ajans Script -CVE-2007-0807 +CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7. ...) NOT-FOR-US: flashChat -CVE-2007-0806 +CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: Les News -CVE-2007-0805 +CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local us ...) NOT-FOR-US: HP Tru64 UNIX -CVE-2007-0804 +CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...) NOT-FOR-US: GGCMS -CVE-2007-0803 +CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote attacke ...) - stlport5 5.0.3-1 (bug #410864; low) [etch] - stlport5 5.0.2-12 [sarge] - stlport5 <not-affected> (Vulnerable code not compiled in) -CVE-2007-0802 +CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...) - iceweasel 2.0.0.16-1 (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538 -CVE-2007-0801 +CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ...) - iceweasel 2.0.0.2+dfsg-1 (low) - firefox 45.0-1 (low) - firefox-esr 45.0esr-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) -CVE-2007-0800 +CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...) NOTE: MFSA-2007-05 - iceweasel 2.0.0.2+dfsg-1 (medium) - iceape 1.0.8-1 (medium) - xulrunner 1.8.0.10-1 (medium) [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0799 +CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allow ...) NOT-FOR-US: Ublog Reload -CVE-2007-0798 +CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1. ...) NOT-FOR-US: Ublog Reload -CVE-2007-0797 +CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in bluev ...) NOT-FOR-US: SMA-DB -CVE-2007-0796 +CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, all ...) NOT-FOR-US: WinProxy -CVE-2007-0795 +CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal Serve ...) NOT-FOR-US: Wap Portal Server CVE-2007-0794 NOT-FOR-US: GlobalMegaCorp dvddb -CVE-2007-0793 +CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in GlobalMeg ...) NOT-FOR-US: GlobalMegaCorp dvddb -CVE-2007-0792 +CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...) - bugzilla <not-affected> (Only development version 2.23.3 is affected) -CVE-2007-0791 +CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.2 ...) - bugzilla 2.22.1-2.1 (bug #409824; low) [etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor impact) [sarge] - bugzilla <not-affected> (Vulnerable code not present) -CVE-2007-0790 +CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP serv ...) NOT-FOR-US: SmartFTP -CVE-2007-0789 +CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote attack ...) - mambo 4.6.1-1 (medium) NOTE: only the 4.5.x tree was vulnerable -CVE-2007-0788 +CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9 ...) - mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2) -CVE-2007-0787 +CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple In ...) NOT-FOR-US: Simple Invoices -CVE-2007-0786 +CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...) NOT-FOR-US: Noname Media Photo Galerie Standard -CVE-2007-0785 +CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in Flipsou ...) NOT-FOR-US: Flipsource Flip -CVE-2007-0784 +CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...) NOT-FOR-US: RBL ASP tPassword CVE-2007-0783 RESERVED @@ -14215,21 +14215,21 @@ CVE-2007-0782 RESERVED CVE-2007-0781 RESERVED -CVE-2007-0780 +CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0 ...) NOTE: MFSA-2007-05 - iceweasel 2.0.0.2+dfsg-1 (medium) - iceape 1.0.8-1 (medium) - xulrunner 1.8.0.10-1 (medium) [sarge] - mozilla-firefox <not-affected> (Vulnerable code not present) [sarge] - mozilla <not-affected> (Vulnerable code not present) -CVE-2007-0779 +CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...) NOTE: MFSA-2007-04 - iceweasel 2.0.0.2+dfsg-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <not-affected> (introduced in firefox 1.5) -CVE-2007-0778 +CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x befo ...) {DSA-1336-1} NOTE: MFSA-2007-03 - iceweasel 2.0.0.2+dfsg-1 (low) @@ -14237,7 +14237,7 @@ CVE-2007-0778 - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0777 +CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x befor ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - iceape 1.0.8-1 (high) @@ -14246,7 +14246,7 @@ CVE-2007-0777 [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0776 +CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - iceape 1.0.8-1 (high) @@ -14255,7 +14255,7 @@ CVE-2007-0776 [sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al) [sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al) [sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al) -CVE-2007-0775 +CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...) {DSA-1336-1} NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) @@ -14266,22 +14266,22 @@ CVE-2007-0775 [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) NOTE: Only one of the crashes can be triggered in Sarge, 326864 -CVE-2007-0774 +CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function (native/ ...) - libapache-mod-jk 1:1.2.21-1 (medium) [sarge] - libapache-mod-jk <not-affected> [etch] - libapache-mod-jk <not-affected> NOTE: affects only 1.2.19 and 1.2.20 -CVE-2007-0773 +CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...) - linux-2.6 2.6.12-1 -CVE-2007-0772 +CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remo ...) - linux-2.6 2.6.18.dfsg.1-11 -CVE-2007-0771 +CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...) - linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree) -CVE-2007-0770 +CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...) {DSA-1260} - graphicsmagick 1.1.7-12 - imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435) -CVE-2007-1667 +CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c i ...) {DSA-1903-1 DSA-1858-1 DSA-1294-1} - xfree86 <removed> (bug #414046; medium) - libx11 2:1.0.3-7 (bug #414045; medium) @@ -14290,651 +14290,651 @@ CVE-2007-1667 NOTE: Discovered through CVE-2007-0770. NOTE: With certain mail user agents, this issue is likely exploitable NOTE: without much user interaction. -CVE-2007-0844 +CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when th ...) - libpam-ssh 1.91.0-9.2 (bug #410236; low) [etch] - libpam-ssh <no-dsa> (Minor issue) [sarge] - libpam-ssh <no-dsa> (Minor issue) CVE-2007-0769 NOT-FOR-US: Phorum -CVE-2007-0768 +CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact Det ...) NOT-FOR-US: Yahoo! Messenger -CVE-2007-0767 +CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...) NOT-FOR-US: Phorum -CVE-2007-0766 +CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows u ...) NOT-FOR-US: .NET Explorer -CVE-2007-0765 +CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...) NOT-FOR-US: Curium CMS -CVE-2007-0764 +CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier allow ...) NOT-FOR-US: F3Site -CVE-2007-0763 +CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment functiona ...) NOT-FOR-US: F3Site -CVE-2007-0762 +CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in p ...) NOT-FOR-US: phpBB++ -CVE-2007-0761 +CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...) NOT-FOR-US: phpBB ezBoard converter -CVE-2007-0760 +CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by verif ...) NOT-FOR-US: EQdkp -CVE-2007-0759 +CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remot ...) NOT-FOR-US: EasyMoblog -CVE-2007-0758 +CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...) NOT-FOR-US: PHPProbid -CVE-2007-0757 +CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes C ...) NOT-FOR-US: CoD2 DreamStats -CVE-2007-0756 +CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denia ...) NOT-FOR-US: Chicken of the VNC CVE-2007-0755 RESERVED -CVE-2007-0754 +CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0753 +CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...) NOT-FOR-US: Apple -CVE-2007-0752 +CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...) NOT-FOR-US: Apple -CVE-2007-0751 +CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...) NOT-FOR-US: Apple -CVE-2007-0750 +CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 a ...) NOT-FOR-US: Apple -CVE-2007-0749 +CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in pr ...) NOT-FOR-US: Apple Darwin Streaming Server -CVE-2007-0748 +CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...) NOT-FOR-US: Apple Darwin Streaming Server -CVE-2007-0747 +CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0746 +CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple M ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0745 +CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration fil ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0744 +CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean th ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0743 +CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username a ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0742 +CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allow ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0741 +CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 throu ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0740 +CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display fil ...) NOT-FOR-US: Apple -CVE-2007-0739 +CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the so ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0738 +CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not displa ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0737 +CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not prop ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0736 +CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3. ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0735 +CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 throu ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0734 +CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...) NOT-FOR-US: AirPort Extreme Base Station -CVE-2007-0733 +CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...) NOT-FOR-US: Apple Mac ImageIO -CVE-2007-0732 +CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0731 +CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB Fi ...) NOT-FOR-US: Apple Mac -CVE-2007-0730 +CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac Server Manager -CVE-2007-0729 +CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0728 +CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10 ...) NOT-FOR-US: Apple Mac CVE-2007-0727 REJECTED -CVE-2007-0726 +CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Apple OpenSSH -CVE-2007-0725 +CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0724 +CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4 ...) NOT-FOR-US: Apple Mac -CVE-2007-0723 +CVE-2007-0723 (Unspecified vulnerability in the authentication feature for DirectoryS ...) NOT-FOR-US: Mac OS X -CVE-2007-0722 +CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allo ...) NOT-FOR-US: Apple Mac -CVE-2007-0721 +CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3. ...) NOT-FOR-US: Apple Mac -CVE-2007-0720 +CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to caus ...) - cups 1.2.7-1 (bug #434734; low) - cupsys 1.2.7-1 (bug #434734; low) [sarge] - cupsys <no-dsa> (Minor, conceptual design problem) [etch] - cupsys <no-dsa> (Minor, conceptual design problem) -CVE-2007-0719 +CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac -CVE-2007-0718 +CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0717 +CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0716 +CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows rem ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0715 +CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0714 +CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0713 +CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0712 +CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0711 +CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Wi ...) NOT-FOR-US: Apple QuickTime -CVE-2007-0710 +CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows rem ...) NOT-FOR-US: Apple iChat -CVE-2007-0709 +CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) NOT-FOR-US: Comodo Firewall Pro -CVE-2007-0708 +CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) NOT-FOR-US: Comodo Firewall Pro -CVE-2007-0707 +CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assi ...) NOT-FOR-US: GOM Player -CVE-2007-0706 +CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Exp ...) NOT-FOR-US: Darksky RSS -CVE-2007-0705 +CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and P ...) NOT-FOR-US: Sleipnir -CVE-2007-0704 +CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...) NOT-FOR-US: Somery -CVE-2007-0703 +CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...) NOT-FOR-US: WebBuilder -CVE-2007-0702 +CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0. ...) NOT-FOR-US: phpEventMan -CVE-2007-0701 +CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epist ...) NOT-FOR-US: Epistemon -CVE-2007-0700 +CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain Por ...) NOT-FOR-US: Portail Web -CVE-2007-0699 +CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in Gu ...) NOT-FOR-US: Portail Web -CVE-2007-0698 +CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier all ...) NOT-FOR-US: ACGVannu -CVE-2007-0697 +CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to chan ...) NOT-FOR-US: ACGVannu -CVE-2007-0696 +CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...) NOT-FOR-US: Free LAN Intranet Portal -CVE-2007-0695 +CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Port ...) NOT-FOR-US: Free LAN Intranet Portal -CVE-2007-0694 +CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 a ...) NOT-FOR-US: DGNews -CVE-2007-0693 +CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...) NOT-FOR-US: DGNews -CVE-2007-0692 +CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: DGNews CVE-2007-0691 REJECTED -CVE-2007-0690 +CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: myEvent -CVE-2007-0689 +CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-XXXX [remctl ACL bypass vulnerability] - remctl 2.2-2 [sarge] - remctl <not-affected> (Vulnerable code not present) -CVE-2007-0688 +CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allo ...) NOT-FOR-US: Hunkaray Duyuru Scripti -CVE-2007-0687 +CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...) NOT-FOR-US: L2J Dropcalc -CVE-2007-0686 +CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...) NOT-FOR-US: Intel 2200BG Cards drive. -CVE-2007-0685 +CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 20 ...) NOT-FOR-US: Internet Explorer -CVE-2007-0684 +CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Port ...) NOT-FOR-US: Cerulean Portal System -CVE-2007-0683 +CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in O ...) NOT-FOR-US: Omegaboard -CVE-2007-0682 +CVE-2007-0682 (PHP remote file inclusion vulnerability in theme/include_mode/template ...) NOT-FOR-US: JV2 Folder Gallery -CVE-2007-0681 +CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ch ...) NOT-FOR-US: ExtCalendar -CVE-2007-0680 +CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in P ...) NOT-FOR-US: Phpbb Tweaked it is a module to phpbb -CVE-2007-0679 +CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nico ...) NOT-FOR-US: PHPMyRing -CVE-2007-0678 +CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...) NOT-FOR-US: Fullaspsite Asp Hosting Sites -CVE-2007-0677 +CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Brows ...) NOT-FOR-US: Cadre PHP Framework -CVE-2007-0676 +CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...) NOT-FOR-US: ExoPHPDesk -CVE-2007-0675 +CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech C ...) NOT-FOR-US: Windows Vista -CVE-2007-0674 +CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...) NOT-FOR-US: Windows Mobile -CVE-2007-0673 +CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops ...) NOT-FOR-US: (CA) BrightStor -CVE-2007-0672 +CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers t ...) NOT-FOR-US: (CA) BrightStor -CVE-2007-0671 +CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0670 +CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local us ...) NOT-FOR-US: IBM AIX -CVE-2007-0669 +CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local us ...) - twiki 1:4.0.5-9 (bug #410256) -CVE-2007-0668 +CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) NOT-FOR-US: Sun Solaris. -CVE-2007-0667 +CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ...) - sql-ledger <unfixed> (bug #409703; unimportant) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users [etch] - sql-ledger <no-dsa> (Should only be used with trusted users) NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger NOTE: is not secure with untrusted users. -CVE-2007-0666 +CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...) NOT-FOR-US: WS_FTP Server -CVE-2007-0665 +CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...) NOT-FOR-US: WS_FTP Server -CVE-2007-0664 +CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...) - thttpd <not-affected> (Gentoo-specific packaging flaw) NOTE: In accordance with Debian Policy is not possible start Webserver NOTE: in root directory (/). -CVE-2007-0663 +CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...) NOT-FOR-US: Eclectic Designs CascadianFAQ -CVE-2007-0662 +CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile ...) NOT-FOR-US: Hailboards -CVE-2007-0661 +CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...) NOT-FOR-US: Intel BMC -CVE-2007-0660 +CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before 0 ...) NOT-FOR-US: DotNetNuke -CVE-2007-0659 +CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for M ...) NOT-FOR-US: MODx MuddyDogPaws FileDownload -CVE-2007-0658 +CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module f ...) NOT-FOR-US: Drupal addon module "Textimage" -CVE-2007-0657 +CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to r ...) - nexuiz 2.2.3-1 (medium) [etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2) -CVE-2007-0656 +CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in p ...) NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2 -CVE-2007-0655 +CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies ...) NOT-FOR-US: MicroWorld -CVE-2007-0654 +CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-ass ...) {DSA-1277-1} - xmms 1:1.2.10+20070301-2 (bug #416423; low) -CVE-2007-0653 +CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ot ...) {DSA-1277-1} - xmms 1:1.2.10+20070301-2 (bug #416423; low) -CVE-2007-0652 +CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professi ...) NOT-FOR-US: MailEnable Professional -CVE-2007-0651 +CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Prof ...) NOT-FOR-US: MailEnable Professional -CVE-2007-0650 +CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...) - tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does) -CVE-2007-0649 +CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2 ...) NOT-FOR-US: OpenEMR -CVE-2007-0648 +CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...) NOT-FOR-US: Cisco -CVE-2007-0647 +CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-as ...) NOT-FOR-US: AppleKit -CVE-2007-0646 +CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Ma ...) NOT-FOR-US: iMovie -CVE-2007-0645 +CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assiste ...) NOT-FOR-US: iPhoto -CVE-2007-0644 +CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remot ...) NOT-FOR-US: Apple Safari -CVE-2007-0643 +CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-a ...) NOT-FOR-US: Bloodshed Dev-C++ -CVE-2007-0642 +CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU scri ...) NOT-FOR-US: Raymond BERTHOU script collection -CVE-2007-0641 +CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...) NOT-FOR-US: Shaffer Solutions (SSC) -CVE-2007-0640 +CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack v ...) - zabbix 1:1.1.4-8 (bug #409257) -CVE-2007-0639 +CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY 4 ...) NOT-FOR-US: GuppY -CVE-2007-0638 +CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...) NOT-FOR-US: PHPFootball -CVE-2007-0637 +CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...) NOT-FOR-US: Galeria Zdjec -CVE-2007-0636 +CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact a ...) NOT-FOR-US: incron -CVE-2007-0635 +CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...) NOT-FOR-US: EncapsCMS -CVE-2007-0634 +CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows rem ...) NOT-FOR-US: Sun Solaris CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak] - kaya 0.2.0-6 (bug #409062) CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive] - libx11 2:1.0.3-5 (low) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279 -CVE-2007-0633 +CVE-2007-0633 (PHP remote file inclusion vulnerability in include/themes/themefunc.ph ...) NOT-FOR-US: MyNews -CVE-2007-0632 +CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...) NOT-FOR-US: ASP EDGE -CVE-2007-0631 +CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...) NOT-FOR-US: Eclectic Designs CascadianFAQ -CVE-2007-0630 +CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...) NOT-FOR-US: xNews -CVE-2007-0629 +CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not p ...) NOT-FOR-US: Plain Black WebGUI -CVE-2007-0628 +CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Access Manager -CVE-2007-0627 +CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password argumen ...) NOT-FOR-US: gtalkbot -CVE-2007-0626 +CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal befo ...) - drupal 4.7.6-1 -CVE-2007-0625 +CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validat ...) NOT-FOR-US: NoMachine NX Server -CVE-2007-0624 +CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...) NOT-FOR-US: MAXdev MDPro -CVE-2007-0623 +CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...) NOT-FOR-US: MAXdev MDPro -CVE-2007-0622 +CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulleti ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-0621 REJECTED -CVE-2007-0620 +CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...) NOT-FOR-US: FD Script -CVE-2007-0619 +CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ar ...) - chmlib 2:0.39-1 (bug #408603; medium) -CVE-2007-0618 +CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...) NOT-FOR-US: IBM AIX -CVE-2007-0617 +CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...) NOT-FOR-US: Earthlink TotalAccess -CVE-2007-0616 +CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zen ...) NOT-FOR-US: zenphoto -CVE-2007-0615 +CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Manage ...) NOT-FOR-US: Hitachi -CVE-2007-0614 +CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...) NOT-FOR-US: Apple -CVE-2007-0613 +CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...) NOT-FOR-US: Apple -CVE-2007-0612 +CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vis ...) NOT-FOR-US: Microsoft ActiveX -CVE-2007-0611 +CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra ...) NOT-FOR-US: Free LAN Intranet Portal -CVE-2007-0610 +CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CM ...) NOT-FOR-US: CMSimple -CVE-2007-0609 +CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows r ...) NOT-FOR-US: Advanced Guestbook -CVE-2007-0608 +CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: Advanced Guestbook -CVE-2007-0607 +CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores gl ...) NOT-FOR-US: Web-Agora -CVE-2007-0606 +CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web-Agora -CVE-2007-0605 +CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced Gu ...) NOT-FOR-US: Advanced Guestbook -CVE-2007-0604 +CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3 ...) NOT-FOR-US: Movable Type -CVE-2007-0603 +CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...) NOT-FOR-US: PGP Desktop -CVE-2007-0602 +CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro Vir ...) NOT-FOR-US: Trend Micro AntiVirus -CVE-2007-0601 +CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...) NOT-FOR-US: Aztek Forum -CVE-2007-0600 +CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newspo ...) NOT-FOR-US: makit news -CVE-2007-0599 +CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4 ...) NOT-FOR-US: Aztek Forum -CVE-2007-0598 +CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allo ...) NOT-FOR-US: Aztek Forum -CVE-2007-0597 +CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Aztek Forum -CVE-2007-0596 +CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek For ...) NOT-FOR-US: Aztek Forum -CVE-2007-0595 +CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Si ...) NOT-FOR-US: high5 Review -CVE-2007-0594 +CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with in ...) NOT-FOR-US: Siteman -CVE-2007-0593 +CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with in ...) NOT-FOR-US: Siteman -CVE-2007-0592 +CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows re ...) NOT-FOR-US: EzDatabase -CVE-2007-0591 +CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An V ...) NOT-FOR-US: VirtualPath -CVE-2007-0590 +CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...) NOT-FOR-US: Forum Livre -CVE-2007-0589 +CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...) NOT-FOR-US: Forum Livre -CVE-2007-0588 +CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quickti ...) NOT-FOR-US: Apple CVE-2007-0587 RESERVED CVE-2007-0586 RESERVED -CVE-2007-0585 +CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...) NOT-FOR-US: Webfwlog -CVE-2007-0584 +CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php i ...) NOT-FOR-US: PhP Generic -CVE-2007-0583 +CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...) NOT-FOR-US: HTTP Commander -CVE-2007-0582 +CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows re ...) NOT-FOR-US: ChernobiLe -CVE-2007-0581 +CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...) NOT-FOR-US: EclipseBB -CVE-2007-0580 +CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...) NOT-FOR-US: Foro Domus -CVE-2007-0579 +CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...) NOT-FOR-US: Horde Groupware -CVE-2007-0578 +CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows remot ...) - mpg123 0.61-5 (bug #409296; unimportant) NOTE: Not much of a security problem; user will abort mpg123 and never listen to NOTE: the faulty stream again -CVE-2007-0577 +CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ACGVcli ...) NOT-FOR-US: ACGVclick -CVE-2007-0576 +CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...) NOT-FOR-US: Xt-Stats -CVE-2007-0575 +CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login pag ...) NOT-FOR-US: ASPCode.net AdMentor -CVE-2007-0574 +CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...) NOT-FOR-US: SpoonLabs Vivvo Article Management CMS -CVE-2007-0573 +CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...) NOT-FOR-US: nsGalPHP -CVE-2007-0572 +CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in D ...) NOT-FOR-US: Drunken:Golem Gaming Portal -CVE-2007-0571 +CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...) NOT-FOR-US: phpMyReports -CVE-2007-0570 +CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes G ...) NOT-FOR-US: Ad Fundum Integratable News Script -CVE-2007-0569 +CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote at ...) NOT-FOR-US: xNews -CVE-2007-0568 +CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in M ...) NOT-FOR-US: MyPHPCommander -CVE-2007-0567 +CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in Interactive-S ...) NOT-FOR-US: Interactive-Scripts.Com -CVE-2007-0566 +CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earli ...) NOT-FOR-US: ASP NEWS -CVE-2007-0565 +CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...) NOT-FOR-US: CGI RESCUE -CVE-2007-0564 +CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) befor ...) NOT-FOR-US: Symantec -CVE-2007-0563 +CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Se ...) NOT-FOR-US: Symantec -CVE-2007-0562 +CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...) NOT-FOR-US: Windows Explorer -CVE-2007-0561 +CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...) NOT-FOR-US: Xero Portal -CVE-2007-0560 +CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier a ...) NOT-FOR-US: ASP EDGE -CVE-2007-0559 +CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 all ...) NOT-FOR-US: RPW -CVE-2007-0558 +CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in In ...) NOT-FOR-US: vHostAdmin -CVE-2007-0557 +CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ori ...) NOT-FOR-US: rPath -CVE-2007-0556 +CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8 ...) - postgresql-8.2 8.2.2-1 - postgresql-8.1 8.1.7-1 - postgresql-7.4 <not-affected> (only PostgreSQL 8.x) - postgresql <not-affected> (only PostgreSQL 8.x) -CVE-2007-0555 +CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8. ...) {DSA-1261-1} - postgresql-8.2 8.2.2-1 - postgresql-8.1 8.1.7-1 - postgresql-7.4 1:7.4.16-1 - postgresql <not-affected> (only transitional package) -CVE-2007-0554 +CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...) NOT-FOR-US: Guos Posting System -CVE-2007-0553 +CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php i ...) NOT-FOR-US: PHProxy -CVE-2007-0552 +CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in install/default/error404.h ...) NOT-FOR-US: Onnac -CVE-2007-0551 +CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...) NOT-FOR-US: CMSimple -CVE-2007-0550 +CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...) NOT-FOR-US: 212cafe Guestbook -CVE-2007-0549 +CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...) NOT-FOR-US: 212cafe Guestbook -CVE-2007-0548 +CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a de ...) NOT-FOR-US: KarjaSoft -CVE-2007-0547 +CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...) NOT-FOR-US: CGI RESCUE -CVE-2007-0546 +CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root wi ...) NOT-FOR-US: Toxiclab Shoutbox -CVE-2007-0545 +CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...) NOT-FOR-US: Maxtricity Tagger -CVE-2007-0544 +CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka M ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2007-0543 +CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web r ...) NOT-FOR-US: ZixForum -CVE-2007-0542 +CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestb ...) NOT-FOR-US: 212cafe Guestbook -CVE-2007-0541 +CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitr ...) {DTSA-33-1} - wordpress 2.1.0-1 (low) -CVE-2007-0540 +CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwi ...) {DSA-1564-1} - wordpress 2.1.0-1 (low) -CVE-2007-0539 +CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote att ...) {DTSA-33-1} - wordpress 2.1.0-1 (low) -CVE-2007-0538 +CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...) NOT-FOR-US: Telligent -CVE-2007-0537 +CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not p ...) - kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium) -CVE-2007-0536 +CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop supplementa ...) NOT-FOR-US: rPath -CVE-2007-0535 +CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...) NOT-FOR-US: Vote! Pro -CVE-2007-0534 +CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...) NOT-FOR-US: Drupal module "Project" -CVE-2007-0533 +CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and K ...) NOT-FOR-US: Borland Delphi -CVE-2007-0532 +CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive informat ...) NOT-FOR-US: Uploader -CVE-2007-0531 +CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeW ...) NOT-FOR-US: FreeWebShop CVE-2007-0530 NOT-FOR-US: Advanced Guestbook -CVE-2007-0529 +CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the admini ...) NOT-FOR-US: PHP Link Directory -CVE-2007-0528 +CVE-2007-0528 (The admin web console implemented by the Centrality Communications (ak ...) NOT-FOR-US: Centrality Communications -CVE-2007-0527 +CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.log ...) NOT-FOR-US: Website Baker -CVE-2007-0526 +CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...) NOT-FOR-US: Bitweaver -CVE-2007-0525 +CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (Min ...) NOT-FOR-US: Mini Web server -CVE-2007-0524 +CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...) NOT-FOR-US: LG -CVE-2007-0523 +CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Nokia -CVE-2007-0522 +CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a deni ...) NOT-FOR-US: Motorola -CVE-2007-0521 +CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cau ...) NOT-FOR-US: Sony Ericsson -CVE-2007-0520 +CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allo ...) NOT-FOR-US: Unique Ads -CVE-2007-0519 +CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Insta ...) NOT-FOR-US: XMB Host -CVE-2007-0518 +CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive inform ...) NOT-FOR-US: Scriptsez -CVE-2007-0517 +CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...) NOT-FOR-US: Scriptsez -CVE-2007-0516 +CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with pe ...) NOT-FOR-US: Yana -CVE-2007-0515 +CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remot ...) NOT-FOR-US: Microsoft -CVE-2007-0514 +CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitach ...) NOT-FOR-US: Hitachi -CVE-2007-0513 +CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64) ...) NOT-FOR-US: Hitachi -CVE-2007-0512 +CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 0 ...) NOT-FOR-US: Hitachi -CVE-2007-0511 +CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD ...) NOT-FOR-US: phpXD -CVE-2007-0510 +CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ...) - awffull <unfixed> (unimportant) NOTE: This appears to be a bug without a vulnerability vector. -CVE-2007-0509 +CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unk ...) NOT-FOR-US: MaklerPlus -CVE-2007-0507 +CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4 ...) NOT-FOR-US: Drupal module "Acidfree" -CVE-2007-0506 +CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...) NOT-FOR-US: Drupal module "Project" -CVE-2007-0505 +CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4 ...) NOT-FOR-US: Drupal module "Project" -CVE-2007-0504 +CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and p ...) NOT-FOR-US: Vote! Pro -CVE-2007-0503 +CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 bef ...) NOT-FOR-US: Sun -CVE-2007-0502 +CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...) NOT-FOR-US: webSPELL -CVE-2007-0501 +CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum Too ...) NOT-FOR-US: Advanced Random Generators -CVE-2007-0500 +CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in Bra ...) NOT-FOR-US: Bradabra -CVE-2007-0499 +CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim p ...) NOT-FOR-US: phpIndexPage -CVE-2007-0498 +CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...) NOT-FOR-US: MySpeach -CVE-2007-0497 +CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in Upload-Se ...) NOT-FOR-US: Upload-Service -CVE-2007-0496 +CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...) NOT-FOR-US: Neon Lab -CVE-2007-0495 +CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in P ...) NOT-FOR-US: PhpSherpa -CVE-2007-0492 +CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01 ...) NOT-FOR-US: webSPELL -CVE-2007-0491 +CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpe ...) NOT-FOR-US: MySpeach -CVE-2007-0490 +CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensi ...) NOT-FOR-US: Open-Realty -CVE-2007-0489 +CVE-2007-0489 (PHP remote file inclusion vulnerability in includes/functions.visohotl ...) NOT-FOR-US: VisoHotlink -CVE-2007-0488 +CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Q ...) NOT-FOR-US: Huawei CVE-2007-0487 NOT-FOR-US: FreeForum CVE-2007-0486 NOT-FOR-US: Openads -CVE-2007-0485 +CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...) NOT-FOR-US: Webdev -CVE-2007-0484 +CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...) NOT-FOR-US: ReviewPost -CVE-2007-0483 +CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...) NOT-FOR-US: ReviewPost -CVE-2007-0482 +CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 al ...) NOT-FOR-US: Sun -CVE-2007-0481 +CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...) NOT-FOR-US: Cisco -CVE-2007-0480 +CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...) NOT-FOR-US: Cisco -CVE-2007-0479 +CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...) NOT-FOR-US: Cisco -CVE-2007-0478 +CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does ...) NOT-FOR-US: Apple Safari -CVE-2007-0477 +CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.1 ...) NOT-FOR-US: Openads -CVE-2007-0476 +CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2 ...) - openldap2 <not-affected> (Gentoo packaging bug) -CVE-2007-0475 +CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4 ...) - smb4k 0.8.1-1 (low) [etch] - smb4k <no-dsa> (Minor issue) NOTE: not all problems fixed in 0.8.0 -CVE-2007-0474 +CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoer ...) - smb4k 0.8.1-1 (low) [etch] - smb4k <no-dsa> (Minor issue) NOTE: not fixed in 0.8.0, see NOTE: https://web.archive.org/web/20070712072042/http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769 -CVE-2007-0473 +CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 d ...) - smb4k 0.8.0-1 (low) [etch] - smb4k <no-dsa> (Minor issue) -CVE-2007-0472 +CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to (1 ...) - smb4k 0.8.0-1 (low) [etch] - smb4k <no-dsa> (Minor issue) -CVE-2007-0508 +CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClo ...) - bbclone 0.4.6-8 (bug #408839; medium) CVE-2007-XXXX [hinfo code injection] - hinfo 1.02-3.1 (bug #402316; low) [sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack) -CVE-2007-0494 +CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...) {DSA-1254-1} - bind9 1:9.3.4-2 (medium; bug #408432) - bind <not-affected> -CVE-2007-0493 +CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...) - bind9 1:9.3.4-2 (medium; bug #408432) [sarge] - bind9 <not-affected> (Vulnerable code not present) - bind <not-affected> @@ -14945,81 +14945,81 @@ CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and - ffmpeg 0.cvs20060823-6 - xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy) - mplayer 1.0~rc1-12 -CVE-2007-0471 +CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...) NOT-FOR-US: Check Point -CVE-2007-0470 +CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 1 ...) NOT-FOR-US: Sun Solaris -CVE-2007-0469 +CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 do ...) - libgems-ruby 0.9.3-1 (low; bug #408299) [etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data) -CVE-2007-0468 +CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (M ...) NOT-FOR-US: Visual C++ -CVE-2007-0467 +CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin gro ...) NOT-FOR-US: Apple -CVE-2007-0466 +CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 al ...) NOT-FOR-US: Telestream -CVE-2007-0465 +CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4. ...) NOT-FOR-US: Apple -CVE-2007-0464 +CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 o ...) NOT-FOR-US: CFNetwork on Apple Mac OS -CVE-2007-0463 +CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...) NOT-FOR-US: Apple -CVE-2007-0462 +CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktim ...) NOT-FOR-US: Apple -CVE-2007-0461 +CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before 2. ...) - dazuko-source <removed> (bug #408300) [sarge] - dazuko-source <not-affected> (Vulnerable code not present) -CVE-2007-0460 +CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...) - ulogd 1.23-6 (medium) -CVE-2007-0459 +CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.9 ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-0458 +CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-0457 +CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (f ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-0456 +CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal <not-affected> (Vulnerable code not present) -CVE-2007-0455 +CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Grap ...) {DSA-1936-1} - libgd2 2.0.35.dfsg-1 (bug #408982; low) [sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable) [etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable) -CVE-2007-0454 +CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...) {DSA-1257} - samba 3.0.23d-5 (medium) -CVE-2007-0453 +CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 throug ...) - samba <not-affected> (Solaris-specific vulnerability) -CVE-2007-0452 +CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...) {DSA-1257} - samba 3.0.23d-5 (low) -CVE-2007-0450 +CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...) - tomcat5 <removed> (unimportant) - tomcat5.5 5.5.23-1 (unimportant) NOTE: This only adds an additional control settings for path delimiters, the NOTE: necessary proxies still need to be secured or fixed individually (e.g. NOTE: as done for mod_jk in a DSA -CVE-2007-0449 +CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Ba ...) NOT-FOR-US: CA BrightStor -CVE-2007-0448 +CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI h ...) - php5 <removed> (unimportant) NOTE: open_basedir bypasses not supported -CVE-2007-0447 +CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Sym ...) NOT-FOR-US: Symantec -CVE-2007-0446 +CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Merc ...) NOT-FOR-US: HP Mercury -CVE-2007-0445 +CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand Scann ...) NOT-FOR-US: Kaspersky Anti-Virus -CVE-2007-0444 +CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...) NOT-FOR-US: Citrix -CVE-2007-0443 +CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in Gracen ...) NOT-FOR-US: GraceNote ActiveX Control -CVE-2007-0442 +CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impa ...) NOT-FOR-US: IBM OS/400 -CVE-2007-0441 +CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: OpenView Network Node Manager CVE-2007-0440 RESERVED @@ -15027,157 +15027,157 @@ CVE-2007-0439 RESERVED CVE-2007-0438 RESERVED -CVE-2007-0437 +CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample Cach ...) NOT-FOR-US: InterSystems Cache -CVE-2007-0436 +CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS14 ...) NOT-FOR-US: X-Kryptor -CVE-2007-0435 +CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...) NOT-FOR-US: T-Com Speedport -CVE-2007-0434 +CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...) NOT-FOR-US: BEA -CVE-2007-0433 +CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 thr ...) NOT-FOR-US: BEA -CVE-2007-0432 +CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject m ...) NOT-FOR-US: BEA -CVE-2007-0431 +CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote a ...) NOT-FOR-US: AVM -CVE-2007-0430 +CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ea ...) NOT-FOR-US: Apple Mac OS -CVE-2007-0429 +CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed w ...) NOT-FOR-US: DivX Web Player -CVE-2007-0428 +CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for W ...) - wzdftpd 0.8.1-1 (medium) -CVE-2007-0427 +CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...) NOT-FOR-US: Microsoft -CVE-2007-0426 +CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered e ...) NOT-FOR-US: BEA -CVE-2007-0425 +CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 thro ...) NOT-FOR-US: BEA -CVE-2007-0424 +CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...) NOT-FOR-US: BEA -CVE-2007-0423 +CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...) NOT-FOR-US: BEA -CVE-2007-0422 +CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...) NOT-FOR-US: BEA -CVE-2007-0421 +CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allow ...) NOT-FOR-US: BEA -CVE-2007-0420 +CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...) NOT-FOR-US: BEA -CVE-2007-0419 +CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...) NOT-FOR-US: BEA -CVE-2007-0418 +CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...) NOT-FOR-US: BEA -CVE-2007-0417 +CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...) NOT-FOR-US: BEA -CVE-2007-0416 +CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...) NOT-FOR-US: BEA -CVE-2007-0415 +CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce acce ...) NOT-FOR-US: BEA -CVE-2007-0414 +CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 thro ...) NOT-FOR-US: BEA -CVE-2007-0413 +CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a bac ...) NOT-FOR-US: BEA -CVE-2007-0412 +CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...) NOT-FOR-US: BEA -CVE-2007-0411 +CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...) NOT-FOR-US: BEA -CVE-2007-0410 +CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...) NOT-FOR-US: BEA -CVE-2007-0409 +CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...) NOT-FOR-US: BEA -CVE-2007-0408 +CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate cli ...) NOT-FOR-US: BEA -CVE-2007-0407 +CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...) NOT-FOR-US: Poplar Gedcom Viewer -CVE-2007-0406 +CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, an ...) - gxine 0.5.8-2 (medium; bug #405876) -CVE-2007-0405 +CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...) - python-django 0.95.1-1 (bug #407786) -CVE-2007-0404 +CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...) - python-django 0.95.1-1 (bug #407786) -CVE-2007-0403 +CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...) NOT-FOR-US: Easebay Resources -CVE-2007-0402 +CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in E ...) NOT-FOR-US: Easebay Resources -CVE-2007-0401 +CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...) NOT-FOR-US: Easebay Resources -CVE-2007-0400 +CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Ea ...) NOT-FOR-US: Easebay Resources -CVE-2007-0399 +CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Si ...) NOT-FOR-US: Simple Machines Forum -CVE-2007-0398 +CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in A ...) NOT-FOR-US: MisterSPa-forum CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7] - wordpress 2.0.7 (bug #407116; unimportant) NOTE: Non-issue, hash issue fixed since months in Sarge and Etch, NOTE: register_globals unsupported anyway -CVE-2007-0397 +CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) NOT-FOR-US: Cisco -CVE-2007-0396 +CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in c ...) NOT-FOR-US: HP-UX -CVE-2007-0395 +CVE-2007-0395 (PHP remote file inclusion vulnerability in libraries/grab_globals.lib. ...) NOT-FOR-US: ComVironment -CVE-2007-0394 +CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file descriptor ...) NOT-FOR-US: HP-UX -CVE-2007-0393 +CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...) NOT-FOR-US: Sun Solaris -CVE-2007-0392 +CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors be ...) NOT-FOR-US: IBM AIX -CVE-2007-0391 +CVE-2007-0391 (Format string vulnerability in the log creation functionality of BitDe ...) NOT-FOR-US: BitDefender -CVE-2007-0390 +CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...) NOT-FOR-US: sabros.us -CVE-2007-0389 +CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...) NOT-FOR-US: ArsDigita Community System -CVE-2007-0388 +CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board (wB ...) NOT-FOR-US: Woltlab Burning Board -CVE-2007-0387 +CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks com ...) NOT-FOR-US: Joomla! -CVE-2007-0386 +CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...) NOT-FOR-US: PostNuke -CVE-2007-0385 +CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain se ...) NOT-FOR-US: PostNuke -CVE-2007-0384 +CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews sec ...) NOT-FOR-US: PostNuke CVE-2007-0383 NOT-FOR-US: WDaemon -CVE-2007-0382 +CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the L ...) NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla! -CVE-2007-0381 +CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...) NOT-FOR-US: ATutor -CVE-2007-0380 +CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: DocMan -CVE-2007-0379 +CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remo ...) NOT-FOR-US: DocMan -CVE-2007-0378 +CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attacke ...) NOT-FOR-US: DocMan -CVE-2007-0377 +CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote at ...) NOT-FOR-US: Xoops -CVE-2007-0376 +CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows re ...) NOT-FOR-US: Virtuemart -CVE-2007-0375 +CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Joomla! -CVE-2007-0374 +CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2 ...) - mambo 4.6.1-5 (bug #407995; low) -CVE-2007-0373 +CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow rem ...) NOT-FOR-US: Joomla! -CVE-2007-0372 +CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...) NOT-FOR-US: PHP-Nuke -CVE-2007-0371 +CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ( ...) NOT-FOR-US: Common Controls Replacement Project (CCRP) -CVE-2007-0370 +CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.20 ...) NOT-FOR-US: phpBP -CVE-2007-0369 +CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows re ...) NOT-FOR-US: phpBP -CVE-2007-0368 +CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...) NOT-FOR-US: mbse -CVE-2007-0367 +CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and dire ...) NOT-FOR-US: Maxum Rumpus -CVE-2007-0366 +CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows l ...) NOT-FOR-US: Maxum Rumpus -CVE-2007-0365 +CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...) NOT-FOR-US: All In One Control Panel -CVE-2007-0364 +CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com I ...) NOT-FOR-US: nicecoder.com INDEXU CVE-2007-XXXX [libjabber DoS] - centericq 4.21.0-18 (unimportant; bug #406982) @@ -15193,362 +15193,362 @@ CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids] - xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy) CVE-2007-XXXX [netpbm heap corruption] - netpbm-free 2:10.0-11 (bug #407605) -CVE-2007-0363 +CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Op ...) NOT-FOR-US: Openads -CVE-2007-0362 +CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) NOT-FOR-US: FreshReader -CVE-2007-0361 +CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphoru ...) NOT-FOR-US: PHPMyphorum -CVE-2007-0360 +CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2 ...) NOT-FOR-US: Oreon -CVE-2007-0359 +CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey C ...) NOT-FOR-US: Travelsized CMS -CVE-2007-0358 +CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP Jetdi ...) NOT-FOR-US: HP Jetdirect -CVE-2007-0357 +CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz ...) NOT-FOR-US: AVM -CVE-2007-0356 +CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Ac ...) NOT-FOR-US: Common Controls Replacement Project (CCRP) -CVE-2007-0355 +CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Ma ...) NOT-FOR-US: Apple -CVE-2007-0354 +CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0 ...) NOT-FOR-US: MGB OpenSource Guestbook -CVE-2007-0353 +CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) logi ...) NOT-FOR-US: myBloggie -CVE-2007-0352 +CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...) NOT-FOR-US: Microsoft -CVE-2007-0351 +CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle us ...) NOT-FOR-US: Microsoft -CVE-2007-0350 +CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...) NOT-FOR-US: FileMailer -CVE-2007-0349 +CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com INDE ...) NOT-FOR-US: INDEXU -CVE-2007-0348 +CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...) NOT-FOR-US: ActiveX control in InterActual Player -CVE-2007-0347 +CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not prope ...) - cvstrac 2.0.1-1 [etch] - cvstrac <not-affected> (Vulnerable code not present) [sarge] - cvstrac <not-affected> (Vulnerable code not present) NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things NOTE: are done like using %q instead of %s for user supplied data -CVE-2007-0346 +CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...) NOT-FOR-US: FileMailer -CVE-2007-0345 +CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain A ...) NOT-FOR-US: Apple -CVE-2007-0344 +CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...) - colloquy <removed> -CVE-2007-0343 +CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of s ...) NOT-FOR-US: OpenBSD -CVE-2007-0342 +CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...) NOT-FOR-US: Apple WebKit -CVE-2007-0341 +CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earli ...) - phpmyadmin 4:2.9.1.1-2 (medium) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2007-0340 +CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84 ...) NOT-FOR-US: ThWboard -CVE-2007-0339 +CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in Scrip ...) NOT-FOR-US: FileMailer -CVE-2007-0338 +CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...) NOT-FOR-US: BolinTech Dream FTP Server -CVE-2007-0337 +CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...) NOT-FOR-US: KGB -CVE-2007-0336 +CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows loca ...) NOT-FOR-US: Rixstep -CVE-2007-0335 +CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book 1.0. ...) NOT-FOR-US: Jax Petition Book -CVE-2007-0334 +CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and SIP ...) NOT-FOR-US: Outpost Firewall Pro -CVE-2007-0333 +CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access r ...) NOT-FOR-US: Outpost Firewall Pro -CVE-2007-0332 +CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...) NOT-FOR-US: liens_dynamiques -CVE-2007-0331 +CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynami ...) NOT-FOR-US: liens_dynamiques -CVE-2007-0330 +CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...) NOT-FOR-US: Ipswitch WS_FTP -CVE-2007-0329 +CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote attac ...) NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery -CVE-2007-0328 +CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in Macrov ...) NOT-FOR-US: Macrovision CVE-2007-0327 RESERVED -CVE-2007-0326 +CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...) NOT-FOR-US: PNI Digital Media Photo Upload -CVE-2007-0325 +CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...) NOT-FOR-US: Trend Micro OfficeScan -CVE-2007-0324 +CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in befor ...) NOT-FOR-US: LizardTech DjVu Browser Plug-in -CVE-2007-0323 +CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion (RIM ...) NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control -CVE-2007-0322 +CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online ...) NOT-FOR-US: Intuit QuickBooks -CVE-2007-0321 +CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in isusweb ...) NOT-FOR-US: FLEXnet Connect -CVE-2007-0320 +CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...) NOT-FOR-US: InstallFromTheWeb -CVE-2007-0319 +CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ActiveEmailTest.Em ...) NOT-FOR-US: Motive ActiveEmailTest -CVE-2007-0318 +CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-depende ...) NOT-FOR-US: Apple Mac OS -CVE-2007-0317 +CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla be ...) - filezilla 3.0.0~beta2-3 (medium; bug #407683) -CVE-2007-0316 +CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...) NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2007-0315 +CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote att ...) - filezilla <not-affected> (fixed before the first Debian upload) -CVE-2007-0314 +CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System 1 ...) NOT-FOR-US: Article System -CVE-2007-0313 +CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) befo ...) - gosa 2.5.8-1 (medium) [etch] - gosa 2.5.6-2.1 -CVE-2007-0312 +CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ins ...) NOT-FOR-US: wcSimple -CVE-2007-0311 +CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier al ...) NOT-FOR-US: Texas Imperial Software WFTPD Pro Server -CVE-2007-0310 +CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates differen ...) NOT-FOR-US: BMC Software -CVE-2007-0309 +CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in Franci ...) NOT-FOR-US: PHP-Nuke -CVE-2007-0308 +CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) NOT-FOR-US: Poplar Gedcom Viewer -CVE-2007-0307 +CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in Popla ...) NOT-FOR-US: Poplar Gedcom Viewer -CVE-2007-0306 +CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...) NOT-FOR-US: Digiappz -CVE-2007-0305 +CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon S ...) NOT-FOR-US: Okul Merkezi Portal -CVE-2007-0304 +CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 al ...) NOT-FOR-US: MiNT Haber Sistemi -CVE-2007-0303 +CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have u ...) NOT-FOR-US: Zina -CVE-2007-0302 +CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1. ...) NOT-FOR-US: InstantASP -CVE-2007-0301 +CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in Fd ...) NOT-FOR-US: FdWeB -CVE-2007-0300 +CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1. ...) NOT-FOR-US: TLM CMS -CVE-2007-0299 +CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byt ...) NOT-FOR-US: Apple Mac OS -CVE-2007-0298 +CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...) NOT-FOR-US: LunarPoll -CVE-2007-0297 +CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...) NOT-FOR-US: Oracle -CVE-2007-0296 +CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...) NOT-FOR-US: Oracle -CVE-2007-0295 +CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...) NOT-FOR-US: Oracle -CVE-2007-0294 +CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has un ...) NOT-FOR-US: Oracle -CVE-2007-0293 +CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...) NOT-FOR-US: Oracle -CVE-2007-0292 +CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...) NOT-FOR-US: Oracle -CVE-2007-0291 +CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Oracle -CVE-2007-0290 +CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle -CVE-2007-0289 +CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...) NOT-FOR-US: Oracle -CVE-2007-0288 +CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has un ...) NOT-FOR-US: Oracle -CVE-2007-0287 +CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...) NOT-FOR-US: Oracle -CVE-2007-0286 +CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...) NOT-FOR-US: Oracle -CVE-2007-0285 +CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...) NOT-FOR-US: Oracle -CVE-2007-0284 +CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...) NOT-FOR-US: Oracle -CVE-2007-0283 +CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Col ...) NOT-FOR-US: Oracle -CVE-2007-0282 +CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...) NOT-FOR-US: Oracle -CVE-2007-0281 +CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9. ...) NOT-FOR-US: Oracle -CVE-2007-0280 +CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...) NOT-FOR-US: Oracle -CVE-2007-0279 +CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...) NOT-FOR-US: Oracle -CVE-2007-0278 +CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...) NOT-FOR-US: Oracle -CVE-2007-0277 +CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...) NOT-FOR-US: Oracle -CVE-2007-0276 +CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9. ...) NOT-FOR-US: Oracle -CVE-2007-0275 +CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartrid ...) NOT-FOR-US: Oracle -CVE-2007-0274 +CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10 ...) NOT-FOR-US: Oracle -CVE-2007-0273 +CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0. ...) NOT-FOR-US: Oracle -CVE-2007-0272 +CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0. ...) NOT-FOR-US: Oracle -CVE-2007-0271 +CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has u ...) NOT-FOR-US: Oracle -CVE-2007-0270 +CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0. ...) NOT-FOR-US: Oracle -CVE-2007-0269 +CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10 ...) NOT-FOR-US: Oracle -CVE-2007-0268 +CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0 ...) NOT-FOR-US: Oracle -CVE-2007-0267 +CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...) NOT-FOR-US: UFS filesystem on MacOS/FreeBSD -CVE-2007-0266 +CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...) NOT-FOR-US: Ezboxx Portal -CVE-2007-0265 +CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal S ...) NOT-FOR-US: Ezboxx Portal -CVE-2007-0264 +CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ca ...) NOT-FOR-US: Winzip -CVE-2007-0263 +CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows user- ...) NOT-FOR-US: Total Commander -CVE-2007-0262 +CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify t ...) {DTSA-33-1} - wordpress 2.0.8-1 (bug #407289) -CVE-2007-0261 +CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when auth ...) NOT-FOR-US: sNews CVE-2007-0260 NOT-FOR-US: Naig -CVE-2007-0259 +CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...) NOT-FOR-US: Ezboxx Portal -CVE-2007-0258 +CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2 ...) NOT-FOR-US: Fastilo CVE-2007-0257 - kernel-patch-grsecurity2 2.1.10-1 (bug #407350) NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html -CVE-2007-0256 +CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of servi ...) - vlc 0.8.6.c-1 (unimportant; bug #407290) -CVE-2007-0255 +CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...) NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere NOTE: This appears to be a generic crash -CVE-2007-0254 +CVE-2007-0254 (Format string vulnerability in the errors_create_window function in er ...) - xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369) NOTE: If've verified the Etch version to contain the necessary format strings CVE-2007-0253 - kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350) NOTE: See CVE-2007-0257 -CVE-2007-0252 +CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote at ...) NOT-FOR-US: easy-content -CVE-2007-0251 +CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort 2 ...) - snort <not-affected> (DecodeGRE function not in unstable version) NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2 NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian. -CVE-2007-0250 +CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain poten ...) NOT-FOR-US: NWOM Topsites 3.0 -CVE-2007-0249 +CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...) NOT-FOR-US: NWOM Topsites 3.0 -CVE-2007-0247 +CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...) - squid 2.6.5-4 (low) [sarge] - squid <not-affected> (Vulnerable code not present) -CVE-2007-0246 +CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 befor ...) {DSA-1297-1} - gforge-plugin-scmcvs 4.5.14-6 -CVE-2007-0245 +CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier a ...) {DSA-1307-1} - openoffice.org 2.2.1~rc1-1 [lenny] - openoffice.org 2.0.4.dfsg.2-7etch1 -CVE-2007-0244 +CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3 ...) {DSA-1288-2 DSA-1288-1} - pptpd 1.3.4-1 -CVE-2007-0243 +CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Upda ...) - sun-java5 1.5.0-10-1 -CVE-2007-0242 +CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does n ...) {DSA-1292-1} - qt4-x11 4.2.2-2 - qt-x11-free 3:3.3.7-4 CVE-2007-0241 RESERVED - linux-2.6 2.6.18.dfsg.1-12 -CVE-2007-0240 +CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier al ...) {DSA-1275-1} - zope2.9 2.9.7-1 [etch] - zope2.9 2.9.6-4etch1 -CVE-2007-0239 +CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote attacker ...) {DSA-1270-1} - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 -CVE-2007-0238 +CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCa ...) {DSA-1270-1} - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 -CVE-2007-0237 +CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ov ...) {DSA-1269-1} - lookup-el 1.4-5 (low) -CVE-2007-0236 +CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...) NOT-FOR-US: Mac OS X -CVE-2007-0235 +CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...) {DSA-1255-1} - libgtop2 2.14.4-3 (medium; bug #407020) NOTE: libgtop does not contain the affected code. CVE-2007-0234 REJECTED -CVE-2007-0233 +CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly unse ...) - wordpress 2.1.0-1 (unimportant) NOTE: This is argubly a php bug, CVE-2006-3017 -CVE-2007-0232 +CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.ph ...) NOT-FOR-US: Jshop Server -CVE-2007-0231 +CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, wh ...) NOT-FOR-US: Movable Type -CVE-2007-0230 +CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...) NOT-FOR-US: CS-Cart -CVE-2007-0229 +CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and Fr ...) NOT-FOR-US: MacOS X -CVE-2007-0228 +CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer al ...) NOT-FOR-US: EIQ Networks Network Security Analyzer -CVE-2007-0227 +CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify nam ...) - slocate 3.1-1.1 (bug #411937; low) [sarge] - slocate <not-affected> (Performs correct access checks) [etch] - slocate <no-dsa> (Minor issue) NOTE: slocate will allow users to find files in directories with the NOTE: executable bit set but without the readable bit set. This is NOTE: an information leak. -CVE-2007-0226 +CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...) NOT-FOR-US: uniForum -CVE-2007-0225 +CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-AS ...) NOT-FOR-US: Shopping Cart -CVE-2007-0224 +CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shoppin ...) NOT-FOR-US: Shopping Cart -CVE-2007-0223 +CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...) NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2007-0222 +CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side compo ...) NOT-FOR-US: Oracle Application Server -CVE-2007-0221 +CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Ser ...) NOT-FOR-US: Microsoft -CVE-2007-0220 +CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...) NOT-FOR-US: Microsoft -CVE-2007-0219 +CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...) NOT-FOR-US: Microsoft -CVE-2007-0218 +CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to exec ...) NOT-FOR-US: Microsoft -CVE-2007-0217 +CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 an ...) NOT-FOR-US: Microsoft -CVE-2007-0216 +CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 20 ...) NOT-FOR-US: Microsoft Office -CVE-2007-0215 +CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0214 +CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 S ...) NOT-FOR-US: Microsoft -CVE-2007-0213 +CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does no ...) NOT-FOR-US: Microsoft CVE-2007-0212 REJECTED -CVE-2007-0211 +CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...) NOT-FOR-US: Microsoft -CVE-2007-0210 +CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft -CVE-2007-0209 +CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...) NOT-FOR-US: Microsoft -CVE-2007-0208 +CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...) NOT-FOR-US: Microsoft CVE-2007-0207 REJECTED -CVE-2007-0206 +CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: OpenView Network Node Manager CVE-2007-XXXX [udev wrong permissions on raid devices] - udev 0.105-2 (bug #404927) [sarge] - udev <not-affected> (Doesn't affect Sarge) CVE-2007-XXXX [yacas insecure rpath] - yacas 1.0.57-3 (bug #399226; bug #399227; low) -CVE-2007-0248 +CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows remot ...) - squid 2.6.5-4 (low; bug #407202) [sarge] - squid <not-affected> (Vulnerable code not present) NOTE: reference - http://secunia.com/advisories/23767/ @@ -15557,104 +15557,104 @@ CVE-2007-XXXX [bcfg2 password disclosure] [etch] - bcfg2 0.8.6.1-1.1etch1 CVE-2007-XXXX [mysql 5.0 several DoS vulns] - mysql-dfsg-5.0 5.0.32-1 -CVE-2007-0205 +CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex Guestboo ...) NOT-FOR-US: @alex -CVE-2007-0204 +CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) - phpmyadmin 4:2.9.1.1-2 (bug #406486; low) [sarge] - phpmyadmin <not-affected> (vulnerable code not present) -CVE-2007-0203 +CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ha ...) - phpmyadmin 4:2.9.1.1-2 (bug #406486; low) [sarge] - phpmyadmin <not-affected> (vulnerable code not present) NOTE: duplicate of CVE-2006-6374? -CVE-2007-0202 +CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and e ...) NOT-FOR-US: @lex -CVE-2007-0201 +CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Fire ...) NOT-FOR-US: TIS -CVE-2007-0200 +CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Go ...) NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery -CVE-2007-0199 +CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...) NOT-FOR-US: Cisco -CVE-2007-0198 +CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...) NOT-FOR-US: Cisco -CVE-2007-0197 +CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote att ...) NOT-FOR-US: Apple Mac OS -CVE-2007-0196 +CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...) NOT-FOR-US: Motionborg Web Real Estate -CVE-2007-0195 +CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays d ...) NOT-FOR-US: F5 -CVE-2007-0194 +CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensi ...) NOT-FOR-US: MKPortal -CVE-2007-0193 +CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by unau ...) NOT-FOR-US: FON La Fonera -CVE-2007-0192 +CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main opera ...) NOT-FOR-US: MKPortal -CVE-2007-0191 +CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allo ...) NOT-FOR-US: MKPortal -CVE-2007-0190 +CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...) NOT-FOR-US: edit-x ecommerce CVE-2007-0189 NOT-FOR-US: GeoBB -CVE-2007-0188 +CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access re ...) NOT-FOR-US: F5 -CVE-2007-0187 +CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to acces ...) NOT-FOR-US: F5 -CVE-2007-0186 +CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) NOT-FOR-US: F5 -CVE-2007-0185 +CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ca ...) NOT-FOR-US: Getahead -CVE-2007-0184 +CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ob ...) NOT-FOR-US: Getahead -CVE-2007-0183 +CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Ser ...) NOT-FOR-US: iPlanet Web -CVE-2007-0182 +CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo stor ...) NOT-FOR-US: Magic photo storage website -CVE-2007-0181 +CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...) NOT-FOR-US: Magic Photo Storage website -CVE-2007-0180 +CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...) NOT-FOR-US: EF Commander -CVE-2007-0179 +CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows r ...) NOT-FOR-US: PHPKIT -CVE-2007-0178 +CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...) NOT-FOR-US: Easy Banner Pro -CVE-2007-0177 +CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWi ...) - mediawiki 1.7.1-6 (bug #406238; medium) NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721 -CVE-2007-0176 +CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...) {DSA-1475-1} - gforge 4.6.99+svn6347-1 (low; bug #406244) [sarge] - gforge <not-affected> (Vulnerable code not present) -CVE-2007-0175 +CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolu ...) {DSA-1568-1} - b2evolution 0.9.2-4 (bug #410568; low) -CVE-2007-0174 +CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...) NOT-FOR-US: Sina UC2006 -CVE-2007-0173 +CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...) NOT-FOR-US: L2J Statistik Script -CVE-2007-0172 +CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3. ...) NOT-FOR-US: AllMyGuest -CVE-2007-0171 +CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5 ...) NOT-FOR-US: AllMyLinks -CVE-2007-0170 +CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...) NOT-FOR-US: AllmyVisitors -CVE-2007-0169 +CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...) NOT-FOR-US: Computer Associates (CA) -CVE-2007-0168 +CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserv ...) NOT-FOR-US: Computer Associates (CA) -CVE-2007-0167 +CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...) NOT-FOR-US: PPC Search -CVE-2007-0166 +CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathname ...) - kfreebsd-5 <not-affected> -CVE-2007-0165 +CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remo ...) NOT-FOR-US: Solaris -CVE-2007-0164 +CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, whic ...) NOT-FOR-US: Camouflage -CVE-2007-0163 +CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in t ...) NOT-FOR-US: Steganography -CVE-2007-0162 +CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permi ...) NOT-FOR-US: Mac OS X -CVE-2007-0161 +CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as u ...) NOT-FOR-US: HP all-in-one drivers -CVE-2007-0160 +CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.c ...) - centericq 4.21.0-17 (low) [sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server) NOTE: The bug really exist but, is not exploitable because the LiveJournal server @@ -15662,117 +15662,117 @@ CVE-2007-0160 NOTE: (50 characters). In my opnion is only exploitable if the user try connect in NOTE: fake LiveJournal server. All version of Debian centericq packages have a NOTE: compromised code. -CVE-2007-0159 +CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - geoip 1.3.17-1.1 (bug #406628; low) [sarge] - geoip <no-dsa> (Minor issue) CVE-2007-0158 RESERVED -CVE-2007-0157 +CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...) - neon26 0.26.2-3.1 (medium; bug #404723) NOTE: neon25 doesn't have the uri_lookup macro -CVE-2007-0156 +CVE-2007-0156 (M-Core stores the database under the web document root, which allows r ...) NOT-FOR-US: M-Core -CVE-2007-0155 +CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...) NOT-FOR-US: HarikaOnline -CVE-2007-0154 +CVE-2007-0154 (Webulas stores sensitive information under the web root with insuffici ...) NOT-FOR-US: Webulas -CVE-2007-0153 +CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with insuf ...) NOT-FOR-US: AJLogin -CVE-2007-0152 +CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficie ...) NOT-FOR-US: OhhASP -CVE-2007-0151 +CVE-2007-0151 (MitiSoft stores sensitive information under the web root with insuffic ...) NOT-FOR-US: MitiSoft -CVE-2007-0150 +CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in Day ...) NOT-FOR-US: Dayfox -CVE-2007-0149 +CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with i ...) NOT-FOR-US: EMembersPro -CVE-2007-0148 +CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote a ...) NOT-FOR-US: OminiGroup -CVE-2007-0147 +CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an incorre ...) NOT-FOR-US: Cuyahoga -CVE-2007-0146 +CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips C ...) NOT-FOR-US: Fix and Chips -CVE-2007-0145 +CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP N ...) NOT-FOR-US: BinGoPHP -CVE-2007-0144 +CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Q ...) NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM -CVE-2007-0143 +CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...) NOT-FOR-US: NUNE News -CVE-2007-0142 +CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce S ...) NOT-FOR-US: ShopStoreNow -CVE-2007-0141 +CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Li ...) NOT-FOR-US: YALD -CVE-2007-0140 +CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download (Yenion ...) NOT-FOR-US: Kolayindir -CVE-2007-0139 +CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/O ...) NOT-FOR-US: DECnet-Plus -CVE-2007-0138 +CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...) NOT-FOR-US: Formbankserver -CVE-2007-0137 +CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...) NOT-FOR-US: Serene Bach -CVE-2007-0136 +CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...) - drupal 4.7.5-1 NOTE: vendor advisory: http://drupal.org/node/104233 - DRUPAL-SA-2007-001 -CVE-2007-0135 +CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...) NOT-FOR-US: Aratix -CVE-2007-0134 +CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...) NOT-FOR-US: IG Shop -CVE-2007-0133 +CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in iGener ...) NOT-FOR-US: IG Shop -CVE-2007-0132 +CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...) NOT-FOR-US: IG Shop -CVE-2007-0131 +CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...) NOT-FOR-US: JAMWiki -CVE-2007-0130 +CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 al ...) NOT-FOR-US: iG Calendar -CVE-2007-0129 +CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...) NOT-FOR-US: LocazoList -CVE-2007-0128 +CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlie ...) NOT-FOR-US: Digirez -CVE-2007-0127 +CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly vali ...) NOT-FOR-US: Opera -CVE-2007-0126 +CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ex ...) NOT-FOR-US: Opera -CVE-2007-0125 +CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux b ...) NOT-FOR-US: Kaspersky Labs -CVE-2007-0124 +CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...) - drupal 4.7.5-1 (low) -CVE-2007-0123 +CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows rem ...) NOT-FOR-US: Uber Uploader -CVE-2007-0122 +CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4 ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-0121 +CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...) NOT-FOR-US: RI Blog -CVE-2007-0120 +CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlie ...) NOT-FOR-US: Acunetix Web Vulnerability Scanner -CVE-2007-0119 +CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 all ...) NOT-FOR-US: EditTag -CVE-2007-0118 +CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...) NOT-FOR-US: EditTag -CVE-2007-0117 +CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 1 ...) NOT-FOR-US: Mac OS -CVE-2007-0116 +CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive informati ...) NOT-FOR-US: Digger Solutions Intranet Open Source (IOS) -CVE-2007-0115 +CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...) NOT-FOR-US: Coppermine Photo Gallery -CVE-2007-0114 +CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...) NOT-FOR-US: Sun Java System Content Delivery Server -CVE-2007-0113 +CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...) NOT-FOR-US: PacketWise -CVE-2007-0112 +CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...) NOT-FOR-US: createauction -CVE-2007-0111 +CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as u ...) NOT-FOR-US: PocketPC -CVE-2007-0110 +CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Ac ...) NOT-FOR-US: Novell Access Manager -CVE-2007-0109 +CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error m ...) - wordpress 2.0.6-1 (low) NOTE: http://trac.wordpress.org/changeset/4665 -CVE-2007-0108 +CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...) NOT-FOR-US: Novell Client -CVE-2007-0105 +CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure Acc ...) NOT-FOR-US: Cisco -CVE-2007-0104 +CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patc ...) - kdegraphics 4:3.5.5-3 (unimportant) - koffice <unfixed> (unimportant) - poppler 0.4.5-5.1 (unimportant) @@ -15784,215 +15784,215 @@ CVE-2007-0104 NOTE: of imagination. I suppose KDE Security only issued an update for it NOTE: because the shared underlying code was part of the Month of Apple Bugs NOTE: and they wanted to debunk claims of code injection. -CVE-2007-0103 +CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat befor ...) NOT-FOR-US: Acrobat Reader -CVE-2007-0102 +CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Prev ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0101 +CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...) NOT-FOR-US: SPINE -CVE-2007-0100 +CVE-2007-0100 (The Perforce client does not restrict the set of files that it overwri ...) NOT-FOR-US: Perforce -CVE-2007-0099 +CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services 3.0 ...) NOT-FOR-US: Microsoft -CVE-2007-0098 +CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 an ...) NOT-FOR-US: VerliAdmin -CVE-2007-0097 +CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) Read ...) NOT-FOR-US: ConeXware PowerArchive -CVE-2007-0096 +CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...) NOT-FOR-US: Carbon Communities -CVE-2007-0095 +CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive informa ...) - phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant) NOTE: Only path disclosure -CVE-2007-0094 +CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...) NOT-FOR-US: Sven Moderow GuestBook -CVE-2007-0093 +CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content Manageme ...) NOT-FOR-US: Simple Web Content Management System -CVE-2007-0092 +CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 al ...) NOT-FOR-US: E-SMARTCART -CVE-2007-0091 +CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with insuf ...) NOT-FOR-US: newsCMSlite -CVE-2007-0090 +CVE-2007-0090 (WineGlass stores sensitive information under the web root with insuffi ...) NOT-FOR-US: WineGlass -CVE-2007-0089 +CVE-2007-0089 (jgbbs stores sensitive information under the web root with insufficien ...) NOT-FOR-US: jgbbs -CVE-2007-0088 +CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...) NOT-FOR-US: openmedia CVE-2007-0087 NOT-FOR-US: Microsoft IIS CVE-2007-0086 - apache <unfixed> (unimportant) - apache2 <unfixed> (unimportant) -CVE-2007-0085 +CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...) NOT-FOR-US: OpenBSD VGA wscons driver CVE-2007-0084 NOT-FOR-US: Windows NT -CVE-2007-0083 +CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...) NOT-FOR-US: Nuked Klan -CVE-2007-0082 +CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ha ...) NOT-FOR-US: IMGallery -CVE-2007-0081 +CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possib ...) NOT-FOR-US: Sunbelt Kerio Personal Firewall CVE-2007-0080 - freeradius <unfixed> (unimportant) NOTE: Data triggering the buffer overflow can only be controlled by root -CVE-2007-0079 +CVE-2007-0079 (rblog stores sensitive information under the web root with insufficien ...) NOT-FOR-US: rblog -CVE-2007-0078 +CVE-2007-0078 (BattleBlog stores sensitive information under the web root with insuff ...) NOT-FOR-US: BattleBlog -CVE-2007-0077 +CVE-2007-0077 (lblog stores sensitive information under the web root with insufficien ...) NOT-FOR-US: lblog -CVE-2007-0076 +CVE-2007-0076 (Openforum stores sensitive information under the web root with insuffi ...) NOT-FOR-US: Openforum -CVE-2007-0075 +CVE-2007-0075 (AspBB stores sensitive information under the web root with insufficien ...) NOT-FOR-US: AspBB -CVE-2007-0074 +CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro -CVE-2007-0073 +CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro -CVE-2007-0072 +CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro -CVE-2007-0071 +CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0. ...) - flashplugin-nonfree 1:1.4 NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change CVE-2007-0070 RESERVED -CVE-2007-0069 +CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, S ...) NOT-FOR-US: Microsoft Windows -CVE-2007-0068 +CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...) NOT-FOR-US: IBM Lotus Domino -CVE-2007-0067 +CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x be ...) NOT-FOR-US: Lotus Domino Server -CVE-2007-0066 +CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, whe ...) NOT-FOR-US: Microsoft Windows -CVE-2007-0065 +CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) Autom ...) NOT-FOR-US: Microsoft Windows -CVE-2007-0064 +CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5 ...) NOT-FOR-US: Windows -CVE-2007-0063 +CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...) - vmware-package 0.16 -CVE-2007-0062 +CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before ...) - vmware-package 0.16 -CVE-2007-0061 +CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...) - vmware-package 0.16 -CVE-2007-0060 +CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...) NOT-FOR-US: CA -CVE-2007-0059 +CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allow ...) NOT-FOR-US: Apple Quicktime -CVE-2007-0058 +CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...) NOT-FOR-US: Cisco -CVE-2007-0057 +CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3 ...) NOT-FOR-US: Cisco -CVE-2007-0056 +CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4. ...) NOT-FOR-US: AShop Deluxe -CVE-2007-0055 +CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Fo ...) NOT-FOR-US: Formbankserver -CVE-2007-0054 +CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Fo ...) NOT-FOR-US: Belchior Foundry vCard PRO -CVE-2007-0053 +CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2 ...) NOT-FOR-US: ASP SiteWare autoDealer -CVE-2007-0052 +CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows r ...) NOT-FOR-US: Vizayn Haber -CVE-2007-0051 +CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ver ...) NOT-FOR-US: Apple iPhoto -CVE-2007-0106 +CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_022007.141.html -CVE-2007-0107 +CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_012007.140.html CVE-2007-0050 NOT-FOR-US: OpenPinboard -CVE-2007-0049 +CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to a ...) NOT-FOR-US: TaskTracker -CVE-2007-0048 +CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin dist ...) NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer -CVE-2007-0047 +CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0 ...) NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer -CVE-2007-0046 +CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before 8. ...) NOT-FOR-US: Adobe Acrobat Reader Plugin -CVE-2007-0045 +CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat R ...) {DSA-1336-1} NOT-FOR-US: Adobe Acrobat Reader Plugin NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02) NOTE: and icape 1.0.8-1 -CVE-2007-0044 +CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Exp ...) NOT-FOR-US: Adobe Acrobat Reader Plugin -CVE-2007-0043 +CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1. ...) NOT-FOR-US: Microsoft .NET -CVE-2007-0042 +CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1. ...) NOT-FOR-US: Microsoft .NET -CVE-2007-0041 +CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 fo ...) NOT-FOR-US: Microsoft .NET -CVE-2007-0040 +CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows -CVE-2007-0039 +CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Micro ...) NOT-FOR-US: Microsoft -CVE-2007-0038 +CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft W ...) NOT-FOR-US: Microsoft CVE-2007-0037 REJECTED CVE-2007-0036 REJECTED -CVE-2007-0035 +CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) NOT-FOR-US: Microsoft Word -CVE-2007-0034 +CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microso ...) NOT-FOR-US: Microsoft Outlook -CVE-2007-0033 +CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers ...) NOT-FOR-US: Microsoft Outlook CVE-2007-0032 REJECTED -CVE-2007-0031 +CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0030 +CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0029 +CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0028 +CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, an ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0027 +CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0026 +CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 20 ...) NOT-FOR-US: Microsoft -CVE-2007-0025 +CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...) NOT-FOR-US: Microsoft -CVE-2007-0024 +CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation (v ...) NOT-FOR-US: Microsoft IE -CVE-2007-0023 +CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.a ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0022 +CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X 1 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-0021 +CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote attacke ...) NOT-FOR-US: Apple iChat -CVE-2007-0020 +CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic Tran ...) NOT-FOR-US: Panic Transmit -CVE-2007-0019 +CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earl ...) NOT-FOR-US: Maxum Rumpus -CVE-2007-0018 +CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX con ...) NOT-FOR-US: NCTAudioFile2 ActiveX control -CVE-2007-0017 +CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler fun ...) {DSA-1252-1} - vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium) -CVE-2007-0016 +CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...) NOT-FOR-US: MoviePlay CVE-2007-XXXX [webcam-server unspecified vulnerability] - webcam-server 0.50-2 -CVE-2007-0015 +CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ex ...) NOT-FOR-US: Apple Quicktime -CVE-2007-0014 +CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...) NOT-FOR-US: ChainKey Java Code Protection CVE-2007-0013 RESERVED -CVE-2007-0012 +CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...) - sun-java5 <removed> (unimportant) - sun-java6 <removed> (unimportant) - openjdk-6 <removed> (unimportant) NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific -CVE-2007-0011 +CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...) NOT-FOR-US: Citrix Access Gateway -CVE-2007-0010 +CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) be ...) {DSA-1256-1} - gtk+2.0 2.8.20-5 -CVE-2007-0009 +CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Se ...) {DSA-1336-1} NOTE: MFSA-2007-06 - iceweasel 2.0.0.2+dfsg-1 (low) @@ -16001,7 +16001,7 @@ CVE-2007-0009 - icedove 1.5.0.10.dfsg1-1 [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0008 +CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Ser ...) {DSA-1336-1} NOTE: MFSA-2007-06 - iceweasel 2.0.0.2+dfsg-1 (low) @@ -16010,24 +16010,24 @@ CVE-2007-0008 - icedove 1.5.0.10.dfsg1-1 [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported) [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported) -CVE-2007-0007 +CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary fi ...) - gnucash 2.0.5-1 (bug #411942; medium) -CVE-2007-0006 +CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...) - linux-2.6 2.6.18.dfsg.1-12 -CVE-2007-0005 +CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in th ...) {DSA-1286-1} - linux-2.6 2.6.20-1 -CVE-2007-0004 +CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise Linu ...) NOTE: if security relevant at all, it's 2.4.* only - linux-2.6 <not-affected> (2.4 only) -CVE-2007-0003 +CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers t ...) - pam <not-affected> (Only pam 0.99.7 affected) -CVE-2007-0002 +CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document importer/ ...) {DSA-1270-1 DSA-1268-1} - libwpd 0.8.9-1 NOTE: openoffice.org changelog indicates libwpd is included but not used - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 [etch] - libwpd 0.8.7-6 -CVE-2007-0001 +CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...) - linux-2.6 <not-affected> (Red Hat specific vulnerability) |