From b52483e988b611ffa7ff016030b0a61101f28219 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 18 Mar 2019 20:10:14 +0000 Subject: automatic update --- data/CVE/2006.list | 13968 +++++++++++++++++++++++++-------------------------- 1 file changed, 6984 insertions(+), 6984 deletions(-) (limited to 'data/CVE/2006.list') diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 2a182743e3..b4d22a4abd 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,10 +1,10 @@ -CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...) +CVE-2006-7253 NOT-FOR-US: GE Healthcare Infinia II -CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...) +CVE-2006-7252 NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7251 RESERVED -CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...) +CVE-2006-7250 {DSA-2454-1} - openssl 1.0.0h-1 NOTE: DSA addressed it in patch for CVE-2012-1165 @@ -12,7 +12,7 @@ CVE-2006-7249 REJECTED CVE-2006-7248 REJECTED -CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...) +CVE-2006-7247 NOT-FOR-US: Joomla! CVE-2006-7246 RESERVED @@ -21,72 +21,72 @@ CVE-2006-7246 - network-manager 0.9.4.0-1 [squeeze] - network-manager (Minor issue) NOTE: might be fixed earlier; I checked the source versions in Wheezy -CVE-2006-7245 (Monkey's Audio before 4.01b2 allows remote attackers to cause a denial ...) +CVE-2006-7245 NOT-FOR-US: Monkey's Audio -CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions ...) +CVE-2006-7244 - libpng 1.2.39-1 (unimportant) -CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might ...) +CVE-2006-7243 - php5 5.3.3-6 (low) NOTE: old, known, issue -- partial protection by the suhosin extension NOTE: http://svn.php.net/viewvc?view=revision&revision=305507 -CVE-2006-7242 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) +CVE-2006-7242 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2006-7241 (The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) ...) +CVE-2006-7241 NOT-FOR-US: IBM FileNet P8 Application Engine -CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...) +CVE-2006-7240 - gnome-power-manager 2.28.0-1 (unimportant) -CVE-2006-7239 (The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c ...) +CVE-2006-7239 - gnutls26 (fix is present in lenny/sid; fixed originally in upstream 1.4.2, which precedes 26) -CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 ...) +CVE-2006-7238 NOT-FOR-US: MyShoutPro -CVE-2006-7237 (PHP remote file inclusion vulnerability in ...) +CVE-2006-7237 NOT-FOR-US: Ixprim -CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and ...) +CVE-2006-7236 {DTSA-182-1} - xterm 238-1 (medium; bug #510030) [etch] - xterm (allowWindowOps disabled in configuration) NOTE: Somewhat mitigated by a filter for control characters in NOTE: post-etch versions. -CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...) +CVE-2006-7235 NOT-FOR-US: Teamtek Universal FTP Server -CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows ...) +CVE-2006-7234 - lynx-cur 2.8.7dev4-1 (low) - lynx (Doesn't include the current directory in the search path) -CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) +CVE-2006-7233 NOT-FOR-US: Openfire -CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 ...) +CVE-2006-7232 - mysql-dfsg-4.1 - mysql-dfsg-5.0 5.0.32-1 -CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...) +CVE-2006-7231 NOT-FOR-US: Civica Software Civica -CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) +CVE-2006-7230 {DSA-1570-1} - pcre3 7.0-1 - kazehakase 0.5.2-1 [sarge] - pcre3 4.5+7.4-1 [etch] - pcre3 6.7+7.4-2 -CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...) +CVE-2006-7229 - linux-2.6 2.6.20-1 [etch] - linux-2.6 (Ubuntu-specific regression) -CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) +CVE-2006-7228 {DSA-1570-1} - pcre3 6.2-1 - kazehakase 0.5.2-1 [sarge] - pcre3 4.5+7.4-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 -CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) +CVE-2006-7227 {DSA-1570-1} - pcre3 6.2-1 - kazehakase 0.5.2-1 [sarge] - pcre3 4.5+7.4-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 -CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...) +CVE-2006-7226 - pcre3 6.7-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector [sarge] - pcre3 4.5+7.4-1 [etch] - pcre3 6.7+7.4-2 -CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows ...) +CVE-2006-7225 - pcre3 6.7-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector @@ -94,1397 +94,1397 @@ CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allo [etch] - pcre3 6.7+7.4-2 CVE-2006-7224 REJECTED -CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the ...) +CVE-2006-7223 NOT-FOR-US: Xwiki -CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...) +CVE-2006-7222 NOT-FOR-US: Media Player Classic -CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow ...) +CVE-2006-7221 - gftp 2.0.18-17 (unimportant; bug #437710) -CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...) +CVE-2006-7220 NOT-FOR-US: SAP SAPLPD -CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...) +CVE-2006-7219 - ezpublish (Debian's version is too old) -CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...) +CVE-2006-7218 - ezpublish (Debian's version is too old) -CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...) +CVE-2006-7217 - derby (Fixed before initial upload to Debian) NOTE: http://issues.apache.org/jira/browse/DERBY-1858 -CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...) +CVE-2006-7216 - derby (Fixed before initial upload to Debian) NOTE: http://issues.apache.org/jira/browse/DERBY-1708 -CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...) +CVE-2006-7215 NOT-FOR-US: Intel processor -CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...) +CVE-2006-7214 {DSA-1529-1} - firebird1.5 (bug #432753) - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) -CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...) +CVE-2006-7213 {DSA-1529-1} - firebird1.5 (bug #432753) - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) -CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...) +CVE-2006-7212 {DSA-1529-1} - firebird1.5 (bug #432753) - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) -CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the ...) +CVE-2006-7211 {DSA-1529-1} - firebird1.5 (fixed before rename to firebird1.5) - firebird2 1.5.3.4870-4 (low; bug #362001) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) [sarge] - firebird2 (Minor issue) -CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...) +CVE-2006-7210 NOT-FOR-US: Windows -CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA ...) +CVE-2006-7209 NOT-FOR-US: phpTrafficA -CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam ...) +CVE-2006-7208 NOT-FOR-US: phpBB component com_forum -CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote ...) +CVE-2006-7207 NOT-FOR-US: AGEphone -CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) +CVE-2006-7206 NOT-FOR-US: Microsoft Internet Explorer CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection] - owl-dms 0.94-1 (medium; bug #416296) -CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...) +CVE-2006-7205 - php4 (unimportant) - php5 (unimportant) NOTE: local DoS when Apache memory limit is set high -CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...) +CVE-2006-7204 - php4 (unimportant) NOTE: open_basedir bypasses not supported -CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 ...) +CVE-2006-7203 {DSA-1504-1} - linux-2.6 2.6.18.dfsg.1-9 (low) -CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...) +CVE-2006-7202 NOT-FOR-US: Mambo -CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...) +CVE-2006-7201 NOT-FOR-US: EMC RSA Security SiteKey -CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...) +CVE-2006-7200 NOT-FOR-US: EMC RSA Security SiteKey -CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...) +CVE-2006-7199 NOT-FOR-US: EMC RSA Security SiteKey -CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2006-7198 NOT-FOR-US: IBM WebSphere Application Server -CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...) +CVE-2006-7197 - tomcat5.5 5.5.17-1 (low) -CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...) +CVE-2006-7196 - tomcat5.5 5.5.16-1 (unimportant) - tomcat5 (unimportant) - tomcat4 (unimportant) NOTE: Only present in an example, not in production code -CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...) +CVE-2006-7195 - tomcat5.5 5.5.20-1 (unimportant) - tomcat5 (unimportant) - tomcat4 (unimportant) NOTE: Only present in an example, not in production code -CVE-2006-7194 (PHP remote file inclusion vulnerability in ...) +CVE-2006-7194 NOT-FOR-US: Agora -CVE-2006-7193 (** DISPUTED ** ...) +CVE-2006-7193 NOT-FOR-US: disputed (SMARTY_DIR is a constant) -CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...) +CVE-2006-7192 NOT-FOR-US: Microsoft ASP .NET Framework -CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...) +CVE-2006-7191 {DSA-1287-1} - ldap-account-manager 1.0.0-1 (medium) -CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...) +CVE-2006-7190 NOT-FOR-US: WebAPP -CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...) +CVE-2006-7189 NOT-FOR-US: WebAPP -CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...) +CVE-2006-7188 NOT-FOR-US: WebAPP -CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...) +CVE-2006-7187 NOT-FOR-US: WebAPP -CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...) +CVE-2006-7186 NOT-FOR-US: WebAPP -CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...) +CVE-2006-7185 NOT-FOR-US: CMSmelborp -CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...) +CVE-2006-7184 NOT-FOR-US: Exhibit Engine -CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...) +CVE-2006-7183 NOT-FOR-US: Exhibit Engine -CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...) +CVE-2006-7182 NOT-FOR-US: MNews -CVE-2006-7181 (** DISPUTED ** ...) +CVE-2006-7181 NOT-FOR-US: Morcego CMS -CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...) +CVE-2006-7180 - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) -CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...) +CVE-2006-7179 - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) -CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...) +CVE-2006-7178 - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) -CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...) +CVE-2006-7177 - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) -CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) +CVE-2006-7176 - sendmail (Not a program flaw, a DNS error) -CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) +CVE-2006-7175 - sendmail (Debian compiles with FFR_TLS correctly) -CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...) +CVE-2006-7174 NOT-FOR-US: Dimension module of phpBB -CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...) +CVE-2006-7173 NOT-FOR-US: PHP-Stats -CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...) +CVE-2006-7172 NOT-FOR-US: PHP-Stats -CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...) +CVE-2006-7171 NOT-FOR-US: Mega Mall -CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall ...) +CVE-2006-7170 NOT-FOR-US: Mega Mall -CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...) +CVE-2006-7169 NOT-FOR-US: Ultimate PHP Board -CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...) +CVE-2006-7168 NOT-FOR-US: phpBB module Add Name -CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote ...) +CVE-2006-7167 NOT-FOR-US: ProRat Server -CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows ...) +CVE-2006-7166 NOT-FOR-US: IBM WebSphere Application Server -CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows ...) +CVE-2006-7165 NOT-FOR-US: IBM WebSphere Application Server -CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through ...) +CVE-2006-7164 NOT-FOR-US: IBM WebSphere Application Server -CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...) +CVE-2006-7163 NOT-FOR-US: DreameeSoft Password Master -CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...) +CVE-2006-7162 - putty 0.59-1 (bug #400804; unimportant) NOTE: Unsafe default, but not a vulnerability NOTE: Sensitive operations like key generation should only be done in private home -CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...) +CVE-2006-7161 NOT-FOR-US: Hazir Site -CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...) +CVE-2006-7160 NOT-FOR-US: Outpost Firewall PRO -CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...) +CVE-2006-7159 NOT-FOR-US: BTI-Tracker -CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) +CVE-2006-7158 NOT-FOR-US: Oracle Application Express -CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...) +CVE-2006-7157 NOT-FOR-US: Google Earth -CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...) +CVE-2006-7156 NOT-FOR-US: miniBB module Keyword Replacer -CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...) +CVE-2006-7155 NOT-FOR-US: Novell BorderManager -CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...) +CVE-2006-7154 NOT-FOR-US: Iono -CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...) +CVE-2006-7153 NOT-FOR-US: MiniBB Forum -CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...) +CVE-2006-7152 NOT-FOR-US: ASP-Nuke Community -CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...) +CVE-2006-7151 - libtool (Specific to Fedora build) -CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...) +CVE-2006-7150 NOT-FOR-US: Mambo -CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...) +CVE-2006-7149 NOT-FOR-US: Mambo -CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...) +CVE-2006-7148 NOT-FOR-US: phpBB module maluinfo -CVE-2006-7147 (PHP remote file inclusion vulnerability in ...) +CVE-2006-7147 NOT-FOR-US: phpBB module Import Tools -CVE-2006-7146 (** DISPUTED ** ...) +CVE-2006-7146 NOT-FOR-US: communityPortals -CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...) +CVE-2006-7145 NOT-FOR-US: Call Center Software -CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...) +CVE-2006-7144 NOT-FOR-US: Call Center Software -CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...) +CVE-2006-7143 NOT-FOR-US: Call Center Software -CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...) +CVE-2006-7142 NOT-FOR-US: Utimaco Safeguard -CVE-2006-7141 (** DISPUTED ** ...) +CVE-2006-7141 NOT-FOR-US: Oracle Database -CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...) +CVE-2006-7140 NOT-FOR-US: Sun Solaris -CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...) +CVE-2006-7139 - kdepim (unimportant) NOTE: Annoying bug, but neglectable "security implications" -CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...) +CVE-2006-7138 NOT-FOR-US: Oracle APEX -CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...) +CVE-2006-7137 NOT-FOR-US: TinyPortal -CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...) +CVE-2006-7136 NOT-FOR-US: PHP Poll Creator -CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...) +CVE-2006-7135 NOT-FOR-US: PHP Poll Creator -CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...) +CVE-2006-7134 NOT-FOR-US: Upload Tool for PHP -CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...) +CVE-2006-7133 NOT-FOR-US: Upload Tool for PHP -CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk ...) +CVE-2006-7132 NOT-FOR-US: PHPMyDesk -CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora ...) +CVE-2006-7131 NOT-FOR-US: Jinzora -CVE-2006-7130 (PHP remote file inclusion vulnerability in ...) +CVE-2006-7130 NOT-FOR-US: Jinzora -CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier ...) +CVE-2006-7129 NOT-FOR-US: ISS BlackICE -CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...) +CVE-2006-7128 NOT-FOR-US: JAF CMS -CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and ...) +CVE-2006-7127 NOT-FOR-US: JAF CMS -CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...) +CVE-2006-7126 NOT-FOR-US: Joomla component BSQ Sitestats -CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...) +CVE-2006-7125 NOT-FOR-US: Joomla component BSQ Sitestats -CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in ...) +CVE-2006-7124 NOT-FOR-US: Joomla component BSQ Sitestats -CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...) +CVE-2006-7123 NOT-FOR-US: Joomla component BSQ Sitestats -CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup ...) +CVE-2006-7122 NOT-FOR-US: Joomla component BSQ Sitestats -CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote ...) +CVE-2006-7121 NOT-FOR-US: Linksys SPA-921 -CVE-2006-7120 (** DISPUTED ** ...) +CVE-2006-7120 NOT-FOR-US: OSL maintain -CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php ...) +CVE-2006-7119 NOT-FOR-US: PHPGiggle -CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine ...) +CVE-2006-7118 NOT-FOR-US: DMXReady Site Engine Manager -CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...) +CVE-2006-7117 NOT-FOR-US: Kubix -CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...) +CVE-2006-7116 NOT-FOR-US: Kubix -CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote ...) +CVE-2006-7115 NOT-FOR-US: PHPKit -CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with ...) +CVE-2006-7114 NOT-FOR-US: P-News -CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote ...) +CVE-2006-7113 NOT-FOR-US: P-News -CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ...) +CVE-2006-7112 NOT-FOR-US: MD-Pro -CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ...) +CVE-2006-7111 NOT-FOR-US: KMail CGI -CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE ...) +CVE-2006-7110 NOT-FOR-US: Drupal module IMCE -CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal ...) +CVE-2006-7109 NOT-FOR-US: Drupal module IMCE -CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...) +CVE-2006-7108 - util-linux 2.17.2-9 (unimportant) NOTE: likely fixed far before this, which is the version in squeeze that was checked -CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...) +CVE-2006-7107 NOT-FOR-US: freePBX -CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...) +CVE-2006-7106 NOT-FOR-US: Power Phlogger -CVE-2006-7105 (** DISPUTED ** ...) +CVE-2006-7105 - smarty (described vulnerability never existed) -CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...) +CVE-2006-7104 NOT-FOR-US: MOStlyContent Editor -CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...) +CVE-2006-7103 NOT-FOR-US: EZOnlineGallery -CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...) +CVE-2006-7102 NOT-FOR-US: phpBurningPortal quiz-modul -CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...) +CVE-2006-7101 NOT-FOR-US: PHPWind -CVE-2006-7100 (PHP remote file inclusion vulnerability in ...) +CVE-2006-7100 NOT-FOR-US: phpBB Insert User -CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...) +CVE-2006-7099 NOT-FOR-US: SolarPay -CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...) +CVE-2006-7098 - apache 1.3.34-4.1 (low; bug #357561) -CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...) +CVE-2006-7097 NOT-FOR-US: TaskFreak! -CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...) +CVE-2006-7096 NOT-FOR-US: dimension 3 engine -CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...) +CVE-2006-7095 NOT-FOR-US: dimension 3 engine -CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...) +CVE-2006-7094 - linux-ftpd 0.17-23 (bug #384454; low) -CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 ...) +CVE-2006-7093 NOT-FOR-US: Mambo LaiThai -CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai ...) +CVE-2006-7092 NOT-FOR-US: Mambo LaiThai -CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht ...) +CVE-2006-7091 NOT-FOR-US: Topsites FREE -CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...) +CVE-2006-7090 NOT-FOR-US: phpBB Security -CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...) +CVE-2006-7089 NOT-FOR-US: Ban -CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...) +CVE-2006-7088 NOT-FOR-US: Simple PHP Forum -CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...) +CVE-2006-7087 NOT-FOR-US: Dotdeb PHP -CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow ...) +CVE-2006-7086 NOT-FOR-US: Hot Links -CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...) +CVE-2006-7085 NOT-FOR-US: Rigter Portal System CVE-2006-7084 REJECTED -CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...) +CVE-2006-7083 NOT-FOR-US: Rigter Portal System -CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...) +CVE-2006-7082 NOT-FOR-US: Rigter Portal System -CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 ...) +CVE-2006-7081 NOT-FOR-US: PhpNews -CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...) +CVE-2006-7080 NOT-FOR-US: exV2 -CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 ...) +CVE-2006-7079 NOT-FOR-US: exV2 -CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional ...) +CVE-2006-7078 NOT-FOR-US: Professional Home Page Tools Login Script -CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...) +CVE-2006-7077 NOT-FOR-US: Advanced Guestbook -CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...) +CVE-2006-7076 NOT-FOR-US: Advanced Guestbook -CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for ...) +CVE-2006-7075 - aqualung 0.9~beta6-1 (medium) -CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass ...) +CVE-2006-7074 NOT-FOR-US: SmartSiteCMS -CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod ...) +CVE-2006-7073 NOT-FOR-US: Opentools Attachment Mod -CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...) +CVE-2006-7072 NOT-FOR-US: GeoClassifieds Enterprise -CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision ...) +CVE-2006-7071 NOT-FOR-US: Invision Power Board -CVE-2006-7070 (Unrestricted file upload vulnerability in ...) +CVE-2006-7070 NOT-FOR-US: Etomite CMS -CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in ...) +CVE-2006-7069 NOT-FOR-US: Socketwiz Bookmarks -CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...) +CVE-2006-7068 NOT-FOR-US: CliServ Web Community -CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to ...) +CVE-2006-7067 NOT-FOR-US: Oracle -CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) +CVE-2006-7066 NOT-FOR-US: Microsoft IE -CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) +CVE-2006-7065 NOT-FOR-US: Microsoft IE -CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for ...) +CVE-2006-7064 NOT-FOR-US: Invision Power Board -CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 ...) +CVE-2006-7063 NOT-FOR-US: TinyPHPforum -CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows ...) +CVE-2006-7062 NOT-FOR-US: Kamgaing Email System -CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...) +CVE-2006-7061 NOT-FOR-US: E-Dating System -CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...) +CVE-2006-7060 NOT-FOR-US: E-Dating System -CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) +CVE-2006-7059 NOT-FOR-US: E-Dating System -CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...) +CVE-2006-7058 NOT-FOR-US: Sphider -CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c ...) +CVE-2006-7057 NOT-FOR-US: Sphider -CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost ...) +CVE-2006-7056 NOT-FOR-US: HostAdmin -CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...) +CVE-2006-7055 NOT-FOR-US: TotalCalendar -CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...) +CVE-2006-7054 NOT-FOR-US: FAST360 UTM -CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...) +CVE-2006-7053 NOT-FOR-US: FAST360 UTM -CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For ...) +CVE-2006-7052 NOT-FOR-US: DotWidget -CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...) +CVE-2006-7051 - linux-2.6 2.6.23-1 (low) [etch] - linux-2.6 (Design limitation, use resource limits if it poses a problem) -CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) ...) +CVE-2006-7050 NOT-FOR-US: WikkaWiki -CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the ...) +CVE-2006-7049 NOT-FOR-US: WikkaWiki -CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) +CVE-2006-7048 NOT-FOR-US: Claroline -CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...) +CVE-2006-7047 NOT-FOR-US: Shoutpro -CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...) +CVE-2006-7046 NOT-FOR-US: Clan Manager Pro -CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) ...) +CVE-2006-7045 NOT-FOR-US: Clan Manager Pro -CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in ...) +CVE-2006-7044 NOT-FOR-US: Clan Manager Pro -CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk ...) +CVE-2006-7043 NOT-FOR-US: Chipmunk -CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in ...) +CVE-2006-7042 NOT-FOR-US: Chipmunk -CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...) +CVE-2006-7041 NOT-FOR-US: MERCUR Messaging -CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...) +CVE-2006-7040 NOT-FOR-US: MERCUR Messaging -CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 ...) +CVE-2006-7039 NOT-FOR-US: MERCUR Messaging -CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...) +CVE-2006-7038 NOT-FOR-US: MERCUR Messaging -CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security ...) +CVE-2006-7037 NOT-FOR-US: MathCAD -CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...) +CVE-2006-7036 NOT-FOR-US: Andy's Chat -CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...) +CVE-2006-7035 NOT-FOR-US: Super Link Exchange Script -CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange ...) +CVE-2006-7034 NOT-FOR-US: Super Link Exchange Script -CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...) +CVE-2006-7033 NOT-FOR-US: Super Link Exchange Script -CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...) +CVE-2006-7032 NOT-FOR-US: FlashBB -CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote ...) +CVE-2006-7031 NOT-FOR-US: Microsoft IE -CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) +CVE-2006-7030 NOT-FOR-US: Microsoft IE -CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) +CVE-2006-7029 NOT-FOR-US: Microsoft IE -CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, ...) +CVE-2006-7028 NOT-FOR-US: Sun Solaris -CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs ...) +CVE-2006-7027 NOT-FOR-US: Microsoft ISA -CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in ...) +CVE-2006-7026 NOT-FOR-US: Topsites PHP -CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...) +CVE-2006-7025 NOT-FOR-US: Bookmark4U CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem] - pure-ftpd 1.0.21-1 (low) NOTE: oldstable is affected -CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...) +CVE-2006-7024 NOT-FOR-US: Harpia CMS -CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...) +CVE-2006-7023 NOT-FOR-US: fx-APP -CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...) +CVE-2006-7022 NOT-FOR-US: fx-APP -CVE-2006-7021 (PHP remote file inclusion vulnerability in ...) +CVE-2006-7021 NOT-FOR-US: Plume CMS -CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...) +CVE-2006-7020 NOT-FOR-US: phpwcms -CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...) +CVE-2006-7019 NOT-FOR-US: phpwcms -CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...) +CVE-2006-7018 NOT-FOR-US: phpwcms -CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...) +CVE-2006-7017 NOT-FOR-US: Indexu -CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...) +CVE-2006-7016 NOT-FOR-US: Jobline -CVE-2006-7015 (** DISPUTED ** ...) +CVE-2006-7015 NOT-FOR-US: Jobline -CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...) +CVE-2006-7014 NOT-FOR-US: BloggIT -CVE-2006-7013 (** DISPUTED ** ...) +CVE-2006-7013 NOT-FOR-US: Simple Machine Forum -CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...) +CVE-2006-7012 NOT-FOR-US: SCart -CVE-2006-7011 (** DISPUTED ** ...) +CVE-2006-7011 NOT-FOR-US: FlashChat -CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...) +CVE-2006-7010 NOT-FOR-US: Joomla! -CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...) +CVE-2006-7009 NOT-FOR-US: Joomla! -CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...) +CVE-2006-7008 NOT-FOR-US: Joomla! -CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...) +CVE-2006-7007 NOT-FOR-US: Tiny FTPd -CVE-2006-7006 (** DISPUTED ** ...) +CVE-2006-7006 NOT-FOR-US: Somery -CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...) +CVE-2006-7005 NOT-FOR-US: PSY Auction -CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...) +CVE-2006-7004 NOT-FOR-US: PSY Auction -CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...) +CVE-2006-7003 NOT-FOR-US: Fusion Polls -CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...) +CVE-2006-7002 NOT-FOR-US: Wheatblog -CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...) +CVE-2006-7001 NOT-FOR-US: PhpMyChat Plus -CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...) +CVE-2006-7000 NOT-FOR-US: DeskPRO -CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...) +CVE-2006-6999 NOT-FOR-US: DeskPRO -CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...) +CVE-2006-6998 NOT-FOR-US: DeskPRO -CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...) +CVE-2006-6997 NOT-FOR-US: MailEnable -CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...) +CVE-2006-6996 NOT-FOR-US: warforge.NEWS -CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...) +CVE-2006-6995 NOT-FOR-US: V3 Chat -CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...) +CVE-2006-6994 NOT-FOR-US: OzzyWork Gallery -CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...) +CVE-2006-6993 NOT-FOR-US: Neuron Blog -CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...) +CVE-2006-6992 NOT-FOR-US: GoSuRF Browser -CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...) +CVE-2006-6991 NOT-FOR-US: Fast Browser Pro -CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...) +CVE-2006-6990 NOT-FOR-US: Enigma Browser -CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...) +CVE-2006-6989 NOT-FOR-US: NetCaptor -CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...) +CVE-2006-6988 NOT-FOR-US: Slim Browser -CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...) +CVE-2006-6987 NOT-FOR-US: FineBrowser Freeware -CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...) +CVE-2006-6986 NOT-FOR-US: PhaseOut -CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...) +CVE-2006-6985 NOT-FOR-US: Maxthon -CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...) +CVE-2006-6984 NOT-FOR-US: GreenBrowser -CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...) +CVE-2006-6983 NOT-FOR-US: MYweb4net Browser -CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...) +CVE-2006-6982 NOT-FOR-US: 3proxy -CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...) +CVE-2006-6981 NOT-FOR-US: 3proxy -CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...) +CVE-2006-6980 - amarok 1.4.4-4 (bug #410850; unimportant) NOTE: This could only be exploited through the Magnatune shop -CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...) +CVE-2006-6979 - amarok 1.4.4-1 (bug #410850; low) [sarge] - amarok (Vulnerable code not present) -CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...) +CVE-2006-6978 NOT-FOR-US: FCKEditor -CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...) +CVE-2006-6977 NOT-FOR-US: FreeTextBox -CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...) +CVE-2006-6976 NOT-FOR-US: CentiPaid -CVE-2006-6975 (** DISPUTED ** ...) +CVE-2006-6975 NOT-FOR-US: CentiPaid -CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...) +CVE-2006-6974 NOT-FOR-US: DeskPRO -CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...) +CVE-2006-6973 NOT-FOR-US: DeskPRO -CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...) +CVE-2006-6972 NOT-FOR-US: BtitTracker -CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...) +CVE-2006-6971 - iceweasel (Windows only) -CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...) +CVE-2006-6970 NOT-FOR-US: Opera -CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...) +CVE-2006-6969 - jetty 5.1.10-4 (medium; bug #445283) NOTE: http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52&r2=1.53&view=patch -CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation ...) +CVE-2006-6968 NOT-FOR-US: Phorum CVE-2006-6967 REJECTED -CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...) +CVE-2006-6966 NOT-FOR-US: phpGraphy -CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...) +CVE-2006-6965 - dokuwiki 0.0.20061106-1 (low) -CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...) +CVE-2006-6964 NOT-FOR-US: MailEnable -CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...) +CVE-2006-6963 NOT-FOR-US: Docebo -CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...) +CVE-2006-6962 NOT-FOR-US: RS Gallery2 -CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...) +CVE-2006-6961 NOT-FOR-US: WebRoot Spy Sweeper -CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...) +CVE-2006-6960 NOT-FOR-US: WebRoot Spy Sweeper -CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...) +CVE-2006-6959 NOT-FOR-US: WebRoot Spy Sweeper -CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...) +CVE-2006-6958 NOT-FOR-US: phpBlueDragon CMS -CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...) +CVE-2006-6957 NOT-FOR-US: Docebo -CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) +CVE-2006-6956 NOT-FOR-US: Microsoft -CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...) +CVE-2006-6955 NOT-FOR-US: Opera -CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...) +CVE-2006-6954 - iceweasel (unimportant) NOTE: Browser crashes not treated as security problems NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash. NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840 -CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...) +CVE-2006-6953 NOT-FOR-US: GlobeTrotter Mobility Manager -CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...) +CVE-2006-6952 NOT-FOR-US: Computer Associates (CA) -CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...) +CVE-2006-6951 NOT-FOR-US: Odysseus Blog -CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...) +CVE-2006-6950 NOT-FOR-US: Conti FtpServer -CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...) +CVE-2006-6949 NOT-FOR-US: Conti FtpServer -CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...) +CVE-2006-6948 NOT-FOR-US: JVN -CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...) +CVE-2006-6947 NOT-FOR-US: NEC -CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...) +CVE-2006-6946 NOT-FOR-US: NEC -CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...) +CVE-2006-6945 NOT-FOR-US: VirtueMart -CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) +CVE-2006-6944 {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) -CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...) +CVE-2006-6943 - phpmyadmin 4:2.9.1.1-2 (unimportant) NOTE: Only path disclosure -CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...) +CVE-2006-6942 {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer. -CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) +CVE-2006-6941 NOT-FOR-US: FreeWebshop -CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) +CVE-2006-6940 NOT-FOR-US: OWA -CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...) +CVE-2006-6939 - ed 0.2-19 -CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...) +CVE-2006-6938 NOT-FOR-US: NitroTech CMS -CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...) +CVE-2006-6937 NOT-FOR-US: ASP Photo Gallery -CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...) +CVE-2006-6936 NOT-FOR-US: ASP Photo Gallery -CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...) +CVE-2006-6935 NOT-FOR-US: Portix -CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...) +CVE-2006-6934 NOT-FOR-US: Portix -CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...) +CVE-2006-6933 NOT-FOR-US: Easy Chat Server -CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...) +CVE-2006-6932 NOT-FOR-US: Image Gallery -CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during ...) +CVE-2006-6931 - snort 2.7.0-1 (low; bug #407421) [sarge] - snort (Minor issue) [etch] - snort (Minor issue) -CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 ...) +CVE-2006-6930 NOT-FOR-US: Rapid Classified -CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid ...) +CVE-2006-6929 NOT-FOR-US: Rapid Classified -CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 ...) +CVE-2006-6928 NOT-FOR-US: Rialto -CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...) +CVE-2006-6927 NOT-FOR-US: Rialto -CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...) +CVE-2006-6926 NOT-FOR-US: eXtremail -CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...) +CVE-2006-6925 NOT-FOR-US: bitweaver -CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...) +CVE-2006-6924 NOT-FOR-US: bitweaver -CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...) +CVE-2006-6923 NOT-FOR-US: bitweaver -CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...) +CVE-2006-6922 NOT-FOR-US: Deadlock -CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a ...) +CVE-2006-6921 - linux-2.6 2.6.18-1 (low) -CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...) +CVE-2006-6920 NOT-FOR-US: Nucleus -CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ...) +CVE-2006-6919 - firefox-sage 1.3.6-3 NOTE: 1.3.6-3 disabled HTML mode entirely -CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion ...) +CVE-2006-6918 NOT-FOR-US: GeoBB -CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...) +CVE-2006-6917 NOT-FOR-US: Computer Associates (CA) -CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...) +CVE-2006-6916 NOT-FOR-US: Getahead -CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...) +CVE-2006-6915 NOT-FOR-US: IBM -CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...) +CVE-2006-6914 NOT-FOR-US: IBM -CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...) +CVE-2006-6913 NOT-FOR-US: phpMyFAQ -CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...) +CVE-2006-6912 NOT-FOR-US: phpMyFAQ -CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...) +CVE-2006-6911 NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM -CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...) +CVE-2006-6910 NOT-FOR-US: Fersch Formbankserver -CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...) +CVE-2006-6909 NOT-FOR-US: Karl Dahlke Edbrowse -CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm ...) +CVE-2006-6908 NOT-FOR-US: Bluetooth Stack COM Server (Windows) -CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...) +CVE-2006-6907 NOT-FOR-US: Bluesoil Bluetooth -CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...) +CVE-2006-6906 NOT-FOR-US: Bluetooth stack on Mac OS -CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...) +CVE-2006-6905 NOT-FOR-US: Widcomm Bluetooth -CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows ...) +CVE-2006-6904 NOT-FOR-US: Broadcom -CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...) +CVE-2006-6903 NOT-FOR-US: Toshiba Bluetooth stack -CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...) +CVE-2006-6902 NOT-FOR-US: Windows Mobile -CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...) +CVE-2006-6901 NOT-FOR-US: Microsoft Windows -CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...) +CVE-2006-6900 NOT-FOR-US: Mac OS -CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to ...) +CVE-2006-6899 - bluez-utils 3.7-1 (bug #408889; medium) -CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote ...) +CVE-2006-6898 NOT-FOR-US: Widcomm Bluetooth -CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows ...) +CVE-2006-6897 NOT-FOR-US: Widcomm Bluetooth -CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly ...) +CVE-2006-6896 NOT-FOR-US: Plantronic Headset -CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...) +CVE-2006-6895 NOT-FOR-US: Sony Ericsson T60 -CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...) +CVE-2006-6894 NOT-FOR-US: SPINE -CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...) +CVE-2006-6893 - tor (unimportant) NOTE: It could be argued that this is a laws-of-physics vulnerability NOTE: that is a fundamental design limitation of certain hardware NOTE: implementations. -CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...) +CVE-2006-6892 NOT-FOR-US: Jonathon J. Freeman OvBB -CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...) +CVE-2006-6891 NOT-FOR-US: Vz Scripts ADP Forum -CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...) +CVE-2006-6890 NOT-FOR-US: Voodoo chat -CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...) +CVE-2006-6889 NOT-FOR-US: FreeStyle Wiki -CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...) +CVE-2006-6888 NOT-FOR-US: P-News -CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...) +CVE-2006-6887 NOT-FOR-US: logahead UNU -CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...) +CVE-2006-6886 NOT-FOR-US: phpwcms -CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...) +CVE-2006-6885 - flashplugin-nonfree (Windows-specific) -CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...) +CVE-2006-6884 NOT-FOR-US: Sky Software -CVE-2006-6883 (** DISPUTED ** ...) +CVE-2006-6883 NOT-FOR-US: PHPIrc_bot -CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...) +CVE-2006-6882 NOT-FOR-US: Golden Book -CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...) +CVE-2006-6881 NOT-FOR-US: ATMEL WLAN drivers -CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...) +CVE-2006-6880 NOT-FOR-US: PHP-Update -CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...) +CVE-2006-6879 NOT-FOR-US: PHP-Update -CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...) +CVE-2006-6878 NOT-FOR-US: PHP-Update -CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...) +CVE-2006-6877 NOT-FOR-US: Matteo Lucarelli 3editor -CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module ...) +CVE-2006-6876 - openser 1.1.1-1 (medium) [etch] - openser 1.1.0-9etch1 NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog -CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...) +CVE-2006-6875 - openser 1.1.1-1 (medium) [etch] - openser 1.1.0-9etch1 NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog -CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...) +CVE-2006-6874 NOT-FOR-US: eNdonesia CMS -CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...) +CVE-2006-6873 NOT-FOR-US: eNdonesia CMS -CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...) +CVE-2006-6872 NOT-FOR-US: eNdonesia CMS -CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...) +CVE-2006-6871 NOT-FOR-US: eNdonesia CMS -CVE-2006-6869 (Directory traversal vulnerability in ...) +CVE-2006-6869 NOT-FOR-US: MAXdev -CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...) +CVE-2006-6868 NOT-FOR-US: Zen Cart -CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...) +CVE-2006-6867 NOT-FOR-US: buratinable templator (aka bubla) -CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...) +CVE-2006-6866 NOT-FOR-US: Ahead4 -CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...) +CVE-2006-6865 NOT-FOR-US: Softartisans -CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...) +CVE-2006-6864 NOT-FOR-US: Enigma2 -CVE-2006-6863 (** DISPUTED ** ...) +CVE-2006-6863 NOT-FOR-US: Enigma2 -CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...) +CVE-2006-6862 NOT-FOR-US: Outfront Spooky Login -CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...) +CVE-2006-6861 NOT-FOR-US: Outfront Spooky Login -CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...) +CVE-2006-6860 NOT-FOR-US: MythControl -CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...) +CVE-2006-6859 NOT-FOR-US: Website Designs for Less CVE-2006-XXXX [ssmtp password leak] - ssmtp 2.61-10.1 (bug #369542; low) -CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...) +CVE-2006-6870 - avahi 0.6.16-1 (low) -CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...) +CVE-2006-6858 - miredo 1.0.4-2 (bug #405412; bug #405111; medium) -CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-6857 NOT-FOR-US: Docebo LMS -CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...) +CVE-2006-6856 NOT-FOR-US: WebText CMS -CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...) +CVE-2006-6855 NOT-FOR-US: AIDeX Mini-WebServer -CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...) +CVE-2006-6854 NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related) -CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...) +CVE-2006-6853 NOT-FOR-US: Durian Web Application Server -CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...) +CVE-2006-6852 - tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium) -CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...) +CVE-2006-6851 NOT-FOR-US: ac4p Mobilelib gold -CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...) +CVE-2006-6850 NOT-FOR-US: Shadowed Portal / Roster Module -CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...) +CVE-2006-6849 NOT-FOR-US: Cahier de texte (CDT) -CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...) +CVE-2006-6848 NOT-FOR-US: ASPTicker -CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...) +CVE-2006-6847 NOT-FOR-US: RealPlayer for Windows -CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...) +CVE-2006-6846 NOT-FOR-US: WYWO - InOut Board -CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) +CVE-2006-6845 NOT-FOR-US: CMS Made Simple -CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...) +CVE-2006-6844 NOT-FOR-US: CMS Made Simple -CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...) +CVE-2006-6843 NOT-FOR-US: EasyPartner component for Joomla! -CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...) +CVE-2006-6842 NOT-FOR-US: Acronym Mod for phpBB2 -CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...) +CVE-2006-6841 {DSA-1488-1} - phpbb2 2.0.21-6 (bug #405980) -CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) +CVE-2006-6840 {DSA-1488-1} - phpbb2 2.0.21-6 (bug #405980) -CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) +CVE-2006-6839 {DSA-1488-1} - phpbb2 2.0.21-6 (bug #405980) -CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...) +CVE-2006-6838 NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control -CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...) +CVE-2006-6837 NOT-FOR-US: Total Commander -CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...) +CVE-2006-6836 NOT-FOR-US: IBM -CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...) +CVE-2006-6835 NOT-FOR-US: Land Down Under -CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...) +CVE-2006-6834 NOT-FOR-US: Joomla! -CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...) +CVE-2006-6833 NOT-FOR-US: Joomla! -CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...) +CVE-2006-6832 NOT-FOR-US: Joomla! -CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...) +CVE-2006-6831 NOT-FOR-US: aFAQ -CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...) +CVE-2006-6830 NOT-FOR-US: b2 Blog -CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...) +CVE-2006-6829 NOT-FOR-US: Efkan Forum -CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...) +CVE-2006-6828 NOT-FOR-US: Efkan Forum -CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a ...) +CVE-2006-6827 - flashplugin-nonfree (Windows-specific) -CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal ...) +CVE-2006-6826 NOT-FOR-US: Personal .NET Portal -CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...) +CVE-2006-6825 NOT-FOR-US: Calendar MX -CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...) +CVE-2006-6824 NOT-FOR-US: iCalendar -CVE-2006-6823 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6823 NOT-FOR-US: Yrch! -CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate ...) +CVE-2006-6822 NOT-FOR-US: Enthrallweb eClassifieds -CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the ...) +CVE-2006-6821 NOT-FOR-US: Enthrallweb eNews -CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the ...) +CVE-2006-6820 NOT-FOR-US: Enthrallweb eCoupons -CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the ...) +CVE-2006-6819 NOT-FOR-US: AlstraSoft Web Host Directory -CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass ...) +CVE-2006-6818 NOT-FOR-US: AlstraSoft Web Host Directory -CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain ...) +CVE-2006-6817 NOT-FOR-US: AlstraSoft Web Host Directory -CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login ...) +CVE-2006-6816 NOT-FOR-US: DMXReady Secure Login Manager -CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...) +CVE-2006-6815 NOT-FOR-US: DMXReady Secure Login Manager -CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx ...) +CVE-2006-6814 NOT-FOR-US: Hosting Controller -CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload ...) +CVE-2006-6813 NOT-FOR-US: Mxmania File Upload Manager -CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...) +CVE-2006-6812 NOT-FOR-US: myPHPCalendar -CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...) +CVE-2006-6811 - kdenetwork 4:3.5.5-4 (low; bug #405828) [sarge] - kdenetwork (Minor issue) -CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...) +CVE-2006-6810 NOT-FOR-US: DB Hub -CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...) +CVE-2006-6809 NOT-FOR-US: buratinable templator (aka bubla) -CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) +CVE-2006-6808 - wordpress 2.0.6-1 (bug #405299) -CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) +CVE-2006-6807 NOT-FOR-US: Ananda Real Estate -CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...) +CVE-2006-6806 NOT-FOR-US: Enthrallweb eMates -CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs ...) +CVE-2006-6805 NOT-FOR-US: Enthrallweb eJobs -CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business ...) +CVE-2006-6804 NOT-FOR-US: Dragon Business Directory - Pro -CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 ...) +CVE-2006-6803 NOT-FOR-US: Enthrallweb eCars -CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages ...) +CVE-2006-6802 NOT-FOR-US: Enthrallweb ePages -CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, ...) +CVE-2006-6801 NOT-FOR-US: SH-News -CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...) +CVE-2006-6800 NOT-FOR-US: Limbo CMS -CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...) +CVE-2006-6799 {DSA-1250-1} - cacti 0.8.6i-3 (bug #404818; high) CVE-2006-6798 RESERVED -CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...) +CVE-2006-6797 NOT-FOR-US: Microsoft -CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...) +CVE-2006-6796 NOT-FOR-US: MTCMS -CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...) +CVE-2006-6795 NOT-FOR-US: myPHPNuke -CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...) +CVE-2006-6794 NOT-FOR-US: Efkan Forum -CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...) +CVE-2006-6793 NOT-FOR-US: Okul Merkezi Portal -CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX ...) +CVE-2006-6792 NOT-FOR-US: Calendar MX -CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows ...) +CVE-2006-6791 NOT-FOR-US: chatwm -CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in ...) +CVE-2006-6790 NOT-FOR-US: Ultimate PHP Board -CVE-2006-6789 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6789 NOT-FOR-US: Phpbbxtra -CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...) +CVE-2006-6788 NOT-FOR-US: LuckyBot -CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in ...) +CVE-2006-6787 NOT-FOR-US: Newsletter MX -CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...) +CVE-2006-6786 NOT-FOR-US: Open Newsletter -CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...) +CVE-2006-6785 NOT-FOR-US: Open Newsletter -CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...) +CVE-2006-6784 NOT-FOR-US: Netbula Anyboard -CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload ...) +CVE-2006-6783 NOT-FOR-US: logahead UNU -CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ...) +CVE-2006-6782 NOT-FOR-US: pnamazu -CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive ...) +CVE-2006-6781 NOT-FOR-US: HLstats -CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through ...) +CVE-2006-6780 NOT-FOR-US: HLstats -CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows ...) +CVE-2006-6779 NOT-FOR-US: vBulletin -CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...) +CVE-2006-6778 NOT-FOR-US: TimberWolf -CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future ...) +CVE-2006-6777 NOT-FOR-US: Future Internet -CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...) +CVE-2006-6776 NOT-FOR-US: Future Internet -CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of ...) +CVE-2006-6775 NOT-FOR-US: acFTP -CVE-2006-6774 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6774 NOT-FOR-US: Content Federator -CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...) +CVE-2006-6773 NOT-FOR-US: Fishyshoop -CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in ...) +CVE-2006-6772 - w3m 0.5.1-5.1 (bug #404564; low) - w3mmee (Does not include this format string vuln in the code) [sarge] - w3m (Minor issue, only exploitable in dump mode) -CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...) +CVE-2006-6771 NOT-FOR-US: Irokez CMS -CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media ...) +CVE-2006-6770 NOT-FOR-US: Jinzora Media Jukebox -CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) +CVE-2006-6769 NOT-FOR-US: PHP Live! -CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) +CVE-2006-6768 NOT-FOR-US: PWP Technologies The Classified Ad System -CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of ...) +CVE-2006-6767 - oftpd -CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...) +CVE-2006-6766 NOT-FOR-US: cwmExplorer -CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...) +CVE-2006-6765 NOT-FOR-US: Pagetool -CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...) +CVE-2006-6764 NOT-FOR-US: Keep It Simple Guest Book (KISGB) -CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It ...) +CVE-2006-6763 NOT-FOR-US: Keep It Simple Guest Book (KISGB) -CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows ...) +CVE-2006-6762 NOT-FOR-US: Novell NetMail -CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...) +CVE-2006-6761 NOT-FOR-US: Novell NetMail -CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...) +CVE-2006-6760 NOT-FOR-US: phpMyAnime (aka phpmymanga) -CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...) +CVE-2006-6759 NOT-FOR-US: RealNetworks RealPlayer -CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...) +CVE-2006-6758 NOT-FOR-US: Http explorer -CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 ...) +CVE-2006-6757 NOT-FOR-US: cwmExplorer -CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a ...) +CVE-2006-6756 NOT-FOR-US: Ixprim -CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...) +CVE-2006-6755 NOT-FOR-US: Ixprim -CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote ...) +CVE-2006-6754 NOT-FOR-US: Ixprim -CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly ...) +CVE-2006-6753 NOT-FOR-US: Microsoft -CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain ...) +CVE-2006-6752 NOT-FOR-US: FTPRush -CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 ...) +CVE-2006-6751 NOT-FOR-US: XM Easy Personal FTP Server -CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 ...) +CVE-2006-6750 NOT-FOR-US: XM Easy Personal FTP Server -CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...) +CVE-2006-6748 NOT-FOR-US: Newxooper -CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows ...) +CVE-2006-6747 NOT-FOR-US: Xt-News -CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 ...) +CVE-2006-6746 NOT-FOR-US: Xt-News -CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...) +CVE-2006-6745 - sun-java5 1.5.0-08-1 -CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index ...) +CVE-2006-6744 NOT-FOR-US: phpProfiles -CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain ...) +CVE-2006-6743 NOT-FOR-US: phpProfiles -CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP ...) +CVE-2006-6742 NOT-FOR-US: HP -CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...) +CVE-2006-6741 NOT-FOR-US: MKPortal -CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles ...) +CVE-2006-6740 NOT-FOR-US: phpProfiles -CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi ...) +CVE-2006-6739 NOT-FOR-US: Paristemi -CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...) +CVE-2006-6738 NOT-FOR-US: cwmCounter -CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...) +CVE-2006-6737 - sun-java5 1.5.0-07-1 -CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...) +CVE-2006-6736 - sun-java5 1.5.0-07-1 -CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web ...) +CVE-2006-6735 NOT-FOR-US: Website Mini Web Shop -CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php ...) +CVE-2006-6734 NOT-FOR-US: Website Mini Web Shop -CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in ...) +CVE-2006-6733 NOT-FOR-US: Support Cards 1 (osTicket) -CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...) +CVE-2006-6732 NOT-FOR-US: cwmVote -CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...) +CVE-2006-6731 - sun-java5 1.5.0-08-1 -CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...) +CVE-2006-6730 NOTE: Access to DMA-capable hardware such as graphics cards can, NOTE: by design, bypass security restrictions. Not a real issue. -CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...) +CVE-2006-6729 NOT-FOR-US: a-blog -CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...) +CVE-2006-6728 NOT-FOR-US: LAN Messenger -CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in ...) +CVE-2006-6727 NOT-FOR-US: inertianews -CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ...) +CVE-2006-6726 NOT-FOR-US: inertianews -CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and ...) +CVE-2006-6725 NOT-FOR-US: PHPBuilder -CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, ...) +CVE-2006-6724 NOT-FOR-US: BolinTech Dream FTP Server -CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows ...) +CVE-2006-6723 NOT-FOR-US: Microsoft -CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...) +CVE-2006-6722 NOT-FOR-US: Bandwebsite (aka Bandsite portal system) -CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in ...) +CVE-2006-6721 NOT-FOR-US: Knusperleicht ShoutBox -CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...) +CVE-2006-6720 NOT-FOR-US: Azucar CMS -CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...) +CVE-2006-6719 - wget 1.13-1 (unimportant) NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=bd7f4ef701ce5db64659db496d3f47aeedfadac2 (v1.13) -CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...) +CVE-2006-6718 NOT-FOR-US: Allied Telesis -CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...) +CVE-2006-6717 NOT-FOR-US: Allied Telesis -CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...) +CVE-2006-6716 NOT-FOR-US: uploader&downloader -CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...) +CVE-2006-6715 NOT-FOR-US: PowerClan -CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...) +CVE-2006-6714 NOT-FOR-US: Hitachi Directory Server -CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...) +CVE-2006-6713 NOT-FOR-US: Hitachi Directory Server -CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...) +CVE-2006-6712 - sugarcrm-ce-5.0 (bug #457876) -CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...) +CVE-2006-6711 NOT-FOR-US: Newxooper -CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...) +CVE-2006-6710 NOT-FOR-US: PgmReloaded -CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site ...) +CVE-2006-6709 NOT-FOR-US: MGinternet Property Site Manager -CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...) +CVE-2006-6708 NOT-FOR-US: MGinternet Property Site Manager -CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ...) +CVE-2006-6707 NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control -CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 ...) +CVE-2006-6706 NOT-FOR-US: Soumu Workflow -CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu ...) +CVE-2006-6705 NOT-FOR-US: Soumu Workflow -CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail ...) +CVE-2006-6704 NOT-FOR-US: @Mail -CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal ...) +CVE-2006-6703 NOT-FOR-US: Oracle Portal -CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...) +CVE-2006-6702 NOT-FOR-US: @Mail -CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail ...) +CVE-2006-6701 NOT-FOR-US: @Mail -CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows ...) +CVE-2006-6700 NOT-FOR-US: @Mail -CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and ...) +CVE-2006-6699 NOT-FOR-US: Oracle Portal -CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...) +CVE-2006-6698 - gconf2 2.24.0-1 (unimportant; bug #404743) NOTE: Minor nuisance, not much of a security problem -CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...) +CVE-2006-6749 - openser 1.1.0-8 (medium; bug #404591) CVE-2006-XXXX [insecure rpath in libflash-mozplugin] - libflash 0.4.13-9 (low; bug #399508) [etch] - libflash (Not exploitable through directory writable by an unprivileged user) -CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...) +CVE-2006-6697 NOT-FOR-US: Oracle -CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and ...) +CVE-2006-6696 NOT-FOR-US: Microsoft -CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-6695 NOT-FOR-US: Carsen Klock TextSend -CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...) +CVE-2006-6694 NOT-FOR-US: E-Uploader -CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...) +CVE-2006-6693 - zabbix 1:1.1.2-4 (medium; bug #391388) -CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...) +CVE-2006-6692 - zabbix 1:1.1.2-4 (medium; bug #391388) -CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...) +CVE-2006-6691 NOT-FOR-US: Valdersoft Shopping Cart -CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...) +CVE-2006-6690 - typo3-src 4.0.2+debian-2 (high; bug #403906) NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9 -CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...) +CVE-2006-6689 NOT-FOR-US: Paristemi -CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...) +CVE-2006-6688 NOT-FOR-US: Web Automated Perl Portal (WebAPP) -CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...) +CVE-2006-6687 NOT-FOR-US: Web Automated Perl Portal (WebAPP) -CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...) +CVE-2006-6686 NOT-FOR-US: Carsen Klock TextSend -CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...) +CVE-2006-6685 - chetcpasswd (medium) -CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...) +CVE-2006-6684 - chetcpasswd (medium) -CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...) +CVE-2006-6683 - chetcpasswd (medium) -CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...) +CVE-2006-6682 - chetcpasswd (medium) -CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...) +CVE-2006-6681 - chetcpasswd (medium) -CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...) +CVE-2006-6680 - chetcpasswd (low) -CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...) +CVE-2006-6679 - chetcpasswd (medium) -CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...) +CVE-2006-6678 {DSA-1251-1} - netrik 1.15.3-1.1 (medium; bug #404233) -CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...) +CVE-2006-6677 NOT-FOR-US: ESET NOD32 Antivirus -CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 ...) +CVE-2006-6676 NOT-FOR-US: ESET NOD32 Antivirus -CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...) +CVE-2006-6675 NOT-FOR-US: Novell -CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...) +CVE-2006-6674 NOT-FOR-US: Ozeki HTTP-SMS Gateway -CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...) +CVE-2006-6673 NOT-FOR-US: WinFtp Server -CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...) +CVE-2006-6672 NOT-FOR-US: Download Portal -CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...) +CVE-2006-6671 NOT-FOR-US: Download Portal -CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...) +CVE-2006-6670 NOT-FOR-US: Nortel CallPilot -CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...) +CVE-2006-6669 {DSA-1279-1} - webcalendar 1.0.5-2 (low; bug #404234) -CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...) +CVE-2006-6668 NOT-FOR-US: VerliAdmin -CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...) +CVE-2006-6667 NOT-FOR-US: VerliAdmin -CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...) +CVE-2006-6666 NOT-FOR-US: VerliAdmin -CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...) +CVE-2006-6665 NOT-FOR-US: DeepBurner -CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...) +CVE-2006-6664 NOT-FOR-US: Aleph One -CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...) +CVE-2006-6663 NOT-FOR-US: Aleph One -CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...) +CVE-2006-6662 NOT-FOR-US: Linux User Management (novell-lum) -CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...) +CVE-2006-6661 NOT-FOR-US: PHP-Update -CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...) +CVE-2006-6660 - kdelibs (at least it is fixed in 4:3.5.5a.dfsg.1-5) NOTE: is DoS only, anyway -CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...) +CVE-2006-6659 NOT-FOR-US: Microsoft -CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...) +CVE-2006-6658 NOT-FOR-US: Inktomi -CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...) +CVE-2006-6657 NOT-FOR-US: NetBSD -CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...) +CVE-2006-6656 NOT-FOR-US: NetBSD -CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...) +CVE-2006-6655 NOT-FOR-US: NetBSD -CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...) +CVE-2006-6654 NOT-FOR-US: NetBSD -CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...) +CVE-2006-6653 NOT-FOR-US: NetBSD -CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in ...) +CVE-2006-6652 NOT-FOR-US: NetBSD -CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...) +CVE-2006-6651 NOT-FOR-US: Intel -CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...) +CVE-2006-6650 NOT-FOR-US: mxBB -CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...) +CVE-2006-6649 NOT-FOR-US: HyperVM -CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...) +CVE-2006-6648 NOT-FOR-US: RateMe -CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...) +CVE-2006-6647 NOT-FOR-US: MySite for Drupal -CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...) +CVE-2006-6646 NOT-FOR-US: Drupal Project Issue Tracking -CVE-2006-6645 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6645 NOT-FOR-US: Web Links module for mxBB -CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...) +CVE-2006-6644 NOT-FOR-US: Meeting module for mxBB -CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...) +CVE-2006-6643 NOT-FOR-US: Fightersoft Multimedia Star FTP server -CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...) +CVE-2006-6642 NOT-FOR-US: Sistemi -CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...) +CVE-2006-6641 NOT-FOR-US: CA CleverPath Portal -CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...) +CVE-2006-6640 NOT-FOR-US: SiteCatalyst -CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...) +CVE-2006-6639 - chetcpasswd (medium) -CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...) +CVE-2006-6638 NOT-FOR-US: IBM -CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...) +CVE-2006-6637 NOT-FOR-US: IBM -CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...) +CVE-2006-6636 NOT-FOR-US: IBM -CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...) +CVE-2006-6635 NOT-FOR-US: JumbaCMS -CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...) +CVE-2006-6634 NOT-FOR-US: ExtCalThai for Mambo -CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...) +CVE-2006-6633 NOT-FOR-US: YapBB -CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...) +CVE-2006-6632 NOT-FOR-US: Genepi -CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...) +CVE-2006-6631 NOT-FOR-US: osprey -CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...) +CVE-2006-6630 NOT-FOR-US: osprey -CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...) +CVE-2006-6629 NOT-FOR-US: WeBWorK -CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...) +CVE-2006-6628 - openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105) NOTE: No code injection possible, just a crash -CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...) +CVE-2006-6627 NOT-FOR-US: BitDefender -CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...) +CVE-2006-6626 - moodle 1.6-1 NOTE: Does not affect moodle 1.6 according to SecurityFocus. -CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...) +CVE-2006-6625 - moodle 1.6.3-2 (low) NOTE: "SC#341 fixed initilaization of navtail variable" NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log -CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...) +CVE-2006-6624 NOT-FOR-US: Sambar -CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...) +CVE-2006-6623 NOT-FOR-US: Sygate -CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the ...) +CVE-2006-6622 NOT-FOR-US: Soft4Ever Look 'n' Stop -CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...) +CVE-2006-6621 NOT-FOR-US: Filseclab Personal Firewall -CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...) +CVE-2006-6620 NOT-FOR-US: Comodo Personal Firewall -CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...) +CVE-2006-6619 NOT-FOR-US: AVG Anti-Virus plus Firewall -CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...) +CVE-2006-6618 NOT-FOR-US: AntiHook 3.0.0.23 - Desktop -CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...) +CVE-2006-6617 NOT-FOR-US: Microsoft -CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...) +CVE-2006-6616 NOT-FOR-US: w00t Gallery -CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...) +CVE-2006-6615 NOT-FOR-US: Activity Games module for mxBB -CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...) +CVE-2006-6614 - fai 3.1.3 (low; bug #402644) [sarge] - fai (Minor issue, only in rare configs and use cases) -CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...) +CVE-2006-6613 NOT-FOR-US: phpAlbum -CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...) +CVE-2006-6612 NOT-FOR-US: PhpMyCms -CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...) +CVE-2006-6611 NOT-FOR-US: Barman -CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...) +CVE-2006-6610 - nexuiz 2.2.1-1 (low) NOTE: Only game console command execution possible, not shell commands -CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...) +CVE-2006-6609 - nexuiz 2.2.1-1 -CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...) +CVE-2006-6608 NOT-FOR-US: HP -CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...) +CVE-2006-6607 NOT-FOR-US: IBM -CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...) +CVE-2006-6606 NOT-FOR-US: jclarens -CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...) +CVE-2006-6605 NOT-FOR-US: MailEnable -CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...) +CVE-2006-6604 - torrentflux 2.1-7 (medium; bug #400582) -CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...) +CVE-2006-6603 NOT-FOR-US: YMMAPI.YMailAttach -CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows ...) +CVE-2006-6602 NOT-FOR-US: Windows -CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows ...) +CVE-2006-6601 NOT-FOR-US: Microsoft -CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux ...) +CVE-2006-6600 - torrentflux 2.1-7 (medium; bug #400582) -CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users ...) +CVE-2006-6599 - torrentflux 2.1-7 (medium; bug #400582) -CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux ...) +CVE-2006-6598 - torrentflux 2.1-6 -CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows ...) +CVE-2006-6597 NOT-FOR-US: HyperAccess -CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute ...) +CVE-2006-6596 NOT-FOR-US: HyperAccess -CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 ...) +CVE-2006-6595 NOT-FOR-US: ScriptMate User Manager -CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ...) +CVE-2006-6594 NOT-FOR-US: ScriptMate User Manager -CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in ...) +CVE-2006-6593 NOT-FOR-US: AMAZONIA MOD for phpBB -CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...) +CVE-2006-6592 NOT-FOR-US: Bloq -CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in ...) +CVE-2006-6591 NOT-FOR-US: EXlor -CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR ...) +CVE-2006-6590 NOT-FOR-US: AR Memberscript -CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-6589 NOT-FOR-US: Apache Open For BusinessProject (OFBiz) -CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...) +CVE-2006-6588 NOT-FOR-US: Apache Open For BusinessProject (OFBiz) -CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation ...) +CVE-2006-6587 NOT-FOR-US: Apache Open For BusinessProject (OFBiz) -CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...) +CVE-2006-6586 NOT-FOR-US: Vortex Blog -CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...) +CVE-2006-6585 - iceweasel 2.0.0.1+dfsg-1 - firefox 45.0-1 - firefox-esr 45.0esr-1 -CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...) +CVE-2006-6584 NOT-FOR-US: italkplus (Italk+) -CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to ...) +CVE-2006-6583 NOT-FOR-US: ScriptMate User Manager -CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...) +CVE-2006-6582 NOT-FOR-US: ScriptMate User Manager -CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in ...) +CVE-2006-6581 NOT-FOR-US: PHP_Debug -CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is ...) +CVE-2006-6580 NOT-FOR-US: ProNews -CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and ...) +CVE-2006-6579 NOT-FOR-US: Microsoft -CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the ...) +CVE-2006-6578 NOT-FOR-US: Microsoft -CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ...) +CVE-2006-6577 NOT-FOR-US: Neocrome Land Down Under -CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 ...) +CVE-2006-6576 NOT-FOR-US: Golden FTP Server -CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert ...) +CVE-2006-6575 NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap) -CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for ...) +CVE-2006-6574 {DSA-1467-1} - mantis 1.0.6+dfsg-3 (bug #402802) [sarge] - mantis 0.19.2-5sarge5 @@ -1505,161 +1505,161 @@ CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php) - moodle 1.6.3-2 CVE-2006-XXXX [znc file access security hole] - znc 0.045-3 (bug #403141; medium) -CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...) +CVE-2006-6573 NOT-FOR-US: Citrix -CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...) +CVE-2006-6572 NOT-FOR-US: Citrix -CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in ...) +CVE-2006-6571 NOT-FOR-US: GenesisTrader -CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...) +CVE-2006-6570 NOT-FOR-US: GenesisTrader -CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source ...) +CVE-2006-6569 NOT-FOR-US: GenesisTrader -CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...) +CVE-2006-6568 NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB -CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php ...) +CVE-2006-6567 NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB -CVE-2006-6566 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6566 NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB -CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...) +CVE-2006-6565 NOT-FOR-US: FileZilla Server -CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...) +CVE-2006-6564 NOT-FOR-US: FileZilla Server -CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...) +CVE-2006-6563 - proftpd-dfsg 1.3.0-17 (medium) [sarge] - proftpd (Vulnerable code not activated in binary build) CVE-2006-6562 RESERVED -CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word ...) +CVE-2006-6561 NOT-FOR-US: Microsoft -CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...) +CVE-2006-6560 NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB -CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request ...) +CVE-2006-6559 NOT-FOR-US: Lotfian Request For Travel -CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...) +CVE-2006-6558 NOT-FOR-US: Crob FTP Server -CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have ...) +CVE-2006-6557 NOT-FOR-US: Skulls! -CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...) +CVE-2006-6556 NOT-FOR-US: EyeOS -CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...) +CVE-2006-6555 NOT-FOR-US: EasyFill -CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows ...) +CVE-2006-6554 NOT-FOR-US: Kerio MailServer -CVE-2006-6553 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6553 NOT-FOR-US: NewsSuite 1.03 module for mxBB -CVE-2006-6552 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6552 NOT-FOR-US: BLOG:CMS -CVE-2006-6551 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6551 NOT-FOR-US: Tucows Client Code Suite (CCS) -CVE-2006-6550 (** DISPUTED ** ...) +CVE-2006-6550 NOT-FOR-US: Phorum -CVE-2006-6549 (** DISPUTED ** ...) +CVE-2006-6549 NOT-FOR-US: Rad Upload -CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) +CVE-2006-6548 NOT-FOR-US: cPanel WebHost Manager -CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod ...) +CVE-2006-6547 NOT-FOR-US: Winamp -CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in ...) +CVE-2006-6546 NOT-FOR-US: cutenews -CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...) +CVE-2006-6545 NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB -CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote ...) +CVE-2006-6544 NOT-FOR-US: CM68 News -CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect ...) +CVE-2006-6543 NOT-FOR-US: AppIntellect SpotLight CRM -CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ...) +CVE-2006-6542 NOT-FOR-US: Fantastic News -CVE-2006-6541 (** DISPUTED ** ...) +CVE-2006-6541 NOT-FOR-US: Animated Smiley Generator -CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before ...) +CVE-2006-6540 NOT-FOR-US: Bluetrait -CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ...) +CVE-2006-6539 NOT-FOR-US: Winamp Web Interface -CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...) +CVE-2006-6538 NOT-FOR-US: D-LINK -CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, ...) +CVE-2006-6537 NOT-FOR-US: IBM -CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...) +CVE-2006-6536 NOT-FOR-US: Cilem Haber Free Edition -CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...) +CVE-2006-6535 {DSA-1304} - linux-2.6 (Fixed before upload into the archive; 2.6.10) -CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...) +CVE-2006-6534 NOT-FOR-US: osCommerce -CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...) +CVE-2006-6533 NOT-FOR-US: osCommerce -CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...) +CVE-2006-6532 NOT-FOR-US: Vt-Forum Lite -CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...) +CVE-2006-6531 NOT-FOR-US: Help Tip module for Drupal -CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 ...) +CVE-2006-6530 NOT-FOR-US: Help Tip module for Drupal -CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private ...) +CVE-2006-6529 NOT-FOR-US: Chatroom Module for Drupal -CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom ...) +CVE-2006-6528 NOT-FOR-US: Chatroom Module for Drupal -CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar ...) +CVE-2006-6527 NOT-FOR-US: Gizzar -CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar ...) +CVE-2006-6526 NOT-FOR-US: Gizzar -CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...) +CVE-2006-6525 NOT-FOR-US: EzHRS HR Assist -CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...) +CVE-2006-6524 NOT-FOR-US: EzHRS HR Assist -CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...) +CVE-2006-6523 NOT-FOR-US: BoxTrapper in cPanel -CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...) +CVE-2006-6522 NOT-FOR-US: WikiTimeScale TwoZero -CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...) +CVE-2006-6521 NOT-FOR-US: Messageriescripthp -CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-6520 NOT-FOR-US: Messageriescripthp -CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...) +CVE-2006-6519 NOT-FOR-US: ProNews -CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...) +CVE-2006-6518 NOT-FOR-US: ProNews -CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...) +CVE-2006-6517 NOT-FOR-US: KDPics -CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...) +CVE-2006-6516 NOT-FOR-US: KDPics -CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...) +CVE-2006-6515 - mantis 1.0.6+dfsg-1 (unimportant) NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163 NOTE: Not a security bug, only a very annoying feature. -CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...) +CVE-2006-6514 NOT-FOR-US: Winamp Web Interface (Wawi) -CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...) +CVE-2006-6513 NOT-FOR-US: Winamp Web Interface (Wawi) -CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...) +CVE-2006-6512 NOT-FOR-US: Winamp Web Interface (Wawi) -CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...) +CVE-2006-6511 NOT-FOR-US: dadaIMC -CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...) +CVE-2006-6510 NOT-FOR-US: SiteKiosk -CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...) +CVE-2006-6509 NOT-FOR-US: SiteKiosk -CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...) +CVE-2006-6508 {DSA-1488-1} NOTE: This is covered/duped by CVE-2006-6841 - phpbb2 2.0.21-6 -CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...) +CVE-2006-6507 NOTE: MFSA-2006-76 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner (maintainer reported) - iceape (maintainer reported) -CVE-2006-6506 (The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...) +CVE-2006-6506 NOTE: MFSA-2006-75 - iceweasel 2.0.0.1+dfsg-1 (low) - iceape (maintainer reported) -CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...) +CVE-2006-6505 {DSA-1265-1} NOTE: MFSA-2006-74 [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) - icedove 1.5.0.9.dfsg1-1 (high) - iceape 1.0.7-1 (high) - mozilla -CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...) +CVE-2006-6504 NOTE: MFSA-2006-73 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) @@ -1668,7 +1668,7 @@ CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ... - firefox-esr 45.0esr-1 (high) NOTE: Flaw was introduced in Firefox 1.5.0.4 - icedove 1.5.0.9.dfsg1-1 (high) -CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...) +CVE-2006-6503 {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-72 - iceweasel 2.0.0.1+dfsg-1 (high) @@ -1680,7 +1680,7 @@ CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunder - mozilla-firefox (high) - mozilla-thunderbird (high) - icedove 1.5.0.9.dfsg1-1 (high) -CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...) +CVE-2006-6502 {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-71 - iceweasel 2.0.0.1+dfsg-1 (high) @@ -1693,7 +1693,7 @@ CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for . - mozilla-thunderbird (unimportant) - icedove 1.5.0.9.dfsg1-1 (unimportant) NOTE: Not exploitable in standard Icedove configuration -CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) +CVE-2006-6501 {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-70 - iceweasel 2.0.0.1+dfsg-1 (high) @@ -1705,7 +1705,7 @@ CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, - mozilla-firefox (high) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) -CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...) +CVE-2006-6500 NOTE: MFSA-2006-69 - iceweasel (windows only) - xulrunner (Windows only) @@ -1715,7 +1715,7 @@ CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, - mozilla-firefox (windows only) - mozilla-thunderbird (windows only) - icedove (windows only) -CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) +CVE-2006-6499 {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) @@ -1729,7 +1729,7 @@ CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x - icedove 1.5.0.9.dfsg1-1 (low) NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv NOTE: user? I don't think so -CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...) +CVE-2006-6498 {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) @@ -1741,7 +1741,7 @@ CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for - mozilla-firefox (high) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) -CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...) +CVE-2006-6497 {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (medium) @@ -1753,356 +1753,356 @@ CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Moz - mozilla-firefox (medium) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) -CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...) +CVE-2006-6496 NOT-FOR-US: CA Anti-Virus -CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...) +CVE-2006-6495 NOT-FOR-US: Solaris -CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...) +CVE-2006-6494 NOT-FOR-US: Solaris -CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...) +CVE-2006-6493 - openldap2.3 (kerberos support not enabled) - openldap2 (kerberos support not enabled) CVE-2006-6492 REJECTED CVE-2006-6491 REJECTED -CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue ...) +CVE-2006-6490 NOT-FOR-US: SupportSoft ActiveX -CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...) +CVE-2006-6489 NOT-FOR-US: SISCO OSI stack -CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...) +CVE-2006-6488 NOT-FOR-US: ICONICS -CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...) +CVE-2006-6487 NOT-FOR-US: DT Guestbook -CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...) +CVE-2006-6486 NOT-FOR-US: EasyPage -CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...) +CVE-2006-6485 NOT-FOR-US: ShopSite -CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...) +CVE-2006-6484 NOT-FOR-US: MailEnable -CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML ...) +CVE-2006-6483 NOT-FOR-US: ColdFusion -CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...) +CVE-2006-6482 NOT-FOR-US: ColdFusion -CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...) +CVE-2006-6481 {DSA-1238-1} - clamav 0.88.7-1 (low; bug #401874) -CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...) +CVE-2006-6480 NOT-FOR-US: AnnonceScriptHP -CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...) +CVE-2006-6479 NOT-FOR-US: AnnonceScriptHP -CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow ...) +CVE-2006-6478 NOT-FOR-US: AnnonceScriptHP -CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) +CVE-2006-6477 NOT-FOR-US: Mandiant First Response (MFR) -CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) +CVE-2006-6476 NOT-FOR-US: Mandiant First Response (MFR) -CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) +CVE-2006-6475 NOT-FOR-US: Mandiant First Response (MFR) -CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...) +CVE-2006-6474 NOT-FOR-US: McAfee -CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...) +CVE-2006-6473 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...) +CVE-2006-6472 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6471 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before ...) +CVE-2006-6470 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6469 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6468 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6467 NOT-FOR-US: Xerox WorkCentre -CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in ...) +CVE-2006-6466 NOT-FOR-US: WikyBlog -CVE-2006-6465 (** DISPUTED ** ...) +CVE-2006-6465 NOT-FOR-US: WikyBlog -CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) ...) +CVE-2006-6464 NOT-FOR-US: Midicart -CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart ...) +CVE-2006-6463 NOT-FOR-US: Midicart -CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in ...) +CVE-2006-6462 NOT-FOR-US: CM68 News -CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote ...) +CVE-2006-6461 NOT-FOR-US: Yourfreeworld Stylish Text Ads Script -CVE-2006-6460 (Yourfreeworld.com Short Url & Url Tracker Script allows remote ...) +CVE-2006-6460 NOT-FOR-US: Yourfreeworld.com Short Url Script -CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB ...) +CVE-2006-6459 NOT-FOR-US: Toplist for phpBB -CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...) +CVE-2006-6458 NOT-FOR-US: Trend Micro (Windows) -CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...) +CVE-2006-6457 - tikiwiki (bug #404472) NOTE: Might be a mis-report, check with upstream -CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and ...) +CVE-2006-6456 NOT-FOR-US: Microsoft Word -CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...) +CVE-2006-6455 NOT-FOR-US: DUware -CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...) +CVE-2006-6454 NOT-FOR-US: J-OWAMP Web Interface -CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...) +CVE-2006-6453 NOT-FOR-US: J-OWAMP Web Interface -CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...) +CVE-2006-6452 NOT-FOR-US: RunCMS -CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...) +CVE-2006-6451 NOT-FOR-US: Plesk -CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...) +CVE-2006-6450 NOT-FOR-US: Novell ZENworks Patch Management -CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...) +CVE-2006-6449 NOT-FOR-US: Vt-Forum Lite -CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...) +CVE-2006-6448 NOT-FOR-US: Vt-Forum -CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...) +CVE-2006-6447 NOT-FOR-US: Vt-Forum Lite -CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...) +CVE-2006-6446 NOT-FOR-US: iWare Professional -CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...) +CVE-2006-6445 NOT-FOR-US: Envolution -CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...) +CVE-2006-6444 NOT-FOR-US: Nostra DivX Player -CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...) +CVE-2006-6443 NOT-FOR-US: Novell Distributed Print Services -CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...) +CVE-2006-6442 NOT-FOR-US: America Online -CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6441 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...) +CVE-2006-6440 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6439 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) +CVE-2006-6438 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...) +CVE-2006-6437 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...) +CVE-2006-6436 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...) +CVE-2006-6435 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...) +CVE-2006-6434 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) +CVE-2006-6433 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...) +CVE-2006-6432 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...) +CVE-2006-6431 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...) +CVE-2006-6430 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) +CVE-2006-6429 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) +CVE-2006-6428 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...) +CVE-2006-6427 NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...) +CVE-2006-6426 NOT-FOR-US: ThinkEdit -CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...) +CVE-2006-6425 NOT-FOR-US: Novell NetMail -CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow ...) +CVE-2006-6424 NOT-FOR-US: Novell NetMail -CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...) +CVE-2006-6423 NOT-FOR-US: MailEnable -CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...) +CVE-2006-6422 NOT-FOR-US: AgileBill AgileVoice -CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...) +CVE-2006-6421 - phpbb2 2.0.21-6 (medium) [sarge] - phpbb2 -CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...) +CVE-2006-6420 NOT-FOR-US: Joomla Content Editor (JCE) -CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...) +CVE-2006-6419 NOT-FOR-US: Joomla Content Editor (JCE) -CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...) +CVE-2006-6418 NOT-FOR-US: HP Tru64 UNIX -CVE-2006-6417 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6417 - b2evolution (vulnerable code added later) -CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...) +CVE-2006-6416 NOT-FOR-US: PhpLeague -CVE-2006-6415 (** DISPUTED ** ...) +CVE-2006-6415 NOT-FOR-US: phpAdsNew -CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...) +CVE-2006-6414 NOT-FOR-US: dol storye -CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...) +CVE-2006-6413 NOT-FOR-US: Amateras sns CVE-2006-6412 RESERVED -CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...) +CVE-2006-6411 NOT-FOR-US: Linksys -CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...) +CVE-2006-6410 NOT-FOR-US: VMWare -CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...) +CVE-2006-6409 NOT-FOR-US: F-Secure -CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...) +CVE-2006-6408 NOT-FOR-US: Kaspersky -CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...) +CVE-2006-6407 NOT-FOR-US: F-Prot -CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...) +CVE-2006-6406 {DSA-1238-1} - clamav 0.88.7-1 (medium; bug #401873) -CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...) +CVE-2006-6405 NOT-FOR-US: BitDefender -CVE-2006-6404 (INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows ...) +CVE-2006-6404 NOT-FOR-US: Innovation Data Processing's FDR Backup -CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...) +CVE-2006-6403 NOT-FOR-US: MyStats -CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...) +CVE-2006-6402 NOT-FOR-US: MyStats -CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...) +CVE-2006-6401 NOT-FOR-US: MyStats -CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...) +CVE-2006-6400 NOT-FOR-US: JustSystems -CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...) +CVE-2006-6399 NOT-FOR-US: Superfreaker Studios UPublisher -CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...) +CVE-2006-6398 NOT-FOR-US: Superfreaker Studios UPublisher -CVE-2006-6397 (** DISPUTED ** ...) +CVE-2006-6397 NOTE: not a vuln -CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...) +CVE-2006-6396 NOT-FOR-US: BlazeVideo HDTV Player -CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...) +CVE-2006-6395 NOT-FOR-US: Ulrik Petersen Emdros Database Engine -CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...) +CVE-2006-6394 NOT-FOR-US: Jonas Gauffin Publicera -CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...) +CVE-2006-6393 NOT-FOR-US: Jonas Gauffin Publicera -CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...) +CVE-2006-6392 NOT-FOR-US: plxWebDev -CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...) +CVE-2006-6391 NOT-FOR-US: Open Solution Quick.Cart -CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...) +CVE-2006-6390 NOT-FOR-US: Open Solution Quick.Cart -CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) +CVE-2006-6389 NOT-FOR-US: ac4p Mobile -CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...) +CVE-2006-6388 NOT-FOR-US: LINK Content Management Server -CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...) +CVE-2006-6387 NOT-FOR-US: LINK Content Management Server -CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...) +CVE-2006-6386 NOT-FOR-US: CVS management/tracker (drupal plugin) -CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...) +CVE-2006-6384 NOT-FOR-US: abitwhizzy.php -CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...) +CVE-2006-6383 - php5 (unimportant) - php4 (unimportant) NOTE: safe-mode and basedir violations not treated as security issues -CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...) +CVE-2006-6382 NOT-FOR-US: Positive Software H-Sphere -CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...) +CVE-2006-6381 NOT-FOR-US: Ultimate HelpDesk -CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...) +CVE-2006-6380 NOT-FOR-US: Ultimate HelpDesk -CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...) +CVE-2006-6379 NOT-FOR-US: BrightStor Backup Discovery Service -CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...) +CVE-2006-6378 NOT-FOR-US: BTSaveMySql -CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...) +CVE-2006-6377 NOT-FOR-US: Uploadscript -CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...) +CVE-2006-6376 NOT-FOR-US: Simple File Manager -CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...) +CVE-2006-6375 NOT-FOR-US: Simple machines Forum -CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) +CVE-2006-6374 - phpmyadmin (low; bug #404744) [sarge] - phpmyadmin (doesn't use sessions at all) [etch] - phpmyadmin (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ -CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) +CVE-2006-6373 - phpmyadmin (unimportant) NOTE: path is known in Debian anyway -CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) +CVE-2006-6372 NOT-FOR-US: JAB Guest Book -CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...) +CVE-2006-6371 NOT-FOR-US: JAB Guest Book -CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...) +CVE-2006-6370 NOT-FOR-US: Invision Gallery -CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...) +CVE-2006-6369 NOT-FOR-US: Invision Community Blog Mod -CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...) +CVE-2006-6385 NOT-FOR-US: Affects only Windows despite other claims -CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...) +CVE-2006-6368 NOT-FOR-US: awrate -CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...) +CVE-2006-6367 NOT-FOR-US: Duware -CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-6366 NOT-FOR-US: Cerberus Helpdesk -CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...) +CVE-2006-6365 NOT-FOR-US: Duware -CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...) +CVE-2006-6364 NOT-FOR-US: Inside Systems Mail (ISMail) -CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...) +CVE-2006-6363 NOT-FOR-US: BlueSocket Secure Controller CVE-2006-6362 REJECTED -CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...) +CVE-2006-6361 NOT-FOR-US: Bitflux Upload Progress Mete -CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...) +CVE-2006-6360 NOT-FOR-US: PHP Upload Center -CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...) +CVE-2006-6359 NOT-FOR-US: Stefan Frech online-bookmarks -CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...) +CVE-2006-6358 NOT-FOR-US: Stefan Frech online-bookmarks -CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...) +CVE-2006-6357 NOT-FOR-US: PHPNews -CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-6356 NOT-FOR-US: PHPNews -CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...) +CVE-2006-6355 NOT-FOR-US: DuWare -CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...) +CVE-2006-6354 NOT-FOR-US: DuWare -CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...) +CVE-2006-6353 NOT-FOR-US: Mac OS X -CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...) +CVE-2006-6352 NOT-FOR-US: F-Prot Antivirus -CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...) +CVE-2006-6351 NOT-FOR-US: KhaledMuratList -CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...) +CVE-2006-6350 NOT-FOR-US: listpics 5 -CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...) +CVE-2006-6349 NOT-FOR-US: PWP Technologies The Classified Ad System -CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...) +CVE-2006-6348 NOT-FOR-US: mowdBB -CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...) +CVE-2006-6347 NOT-FOR-US: TFT-Gallery -CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...) +CVE-2006-6346 NOT-FOR-US: SAP -CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...) +CVE-2006-6345 NOT-FOR-US: SAP -CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...) +CVE-2006-6344 NOT-FOR-US: Neocrome Seditio -CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...) +CVE-2006-6343 NOT-FOR-US: Neocrome Seditio -CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...) +CVE-2006-6342 NOT-FOR-US: KLF-DESIGN -CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...) +CVE-2006-6341 NOT-FOR-US: mg.applanix -CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...) +CVE-2006-6340 NOT-FOR-US: nVIDIA nView -CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...) +CVE-2006-6339 NOT-FOR-US: deV!L`z Clanportal -CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...) +CVE-2006-6338 NOT-FOR-US: deV!L`z Clanportal -CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and ...) +CVE-2006-6337 NOT-FOR-US: Aspee Ziyaretci Defteri -CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...) +CVE-2006-6336 NOT-FOR-US: Eudora WorldMail -CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...) +CVE-2006-6335 NOT-FOR-US: Sophos Anti-Virus -CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...) +CVE-2006-6334 NOT-FOR-US: Citrix Presentation Server Client -CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...) +CVE-2006-6333 - linux-2.6 2.6.20-1 [etch] - linux-2.6 (Only affects 2.6.19, introduced after 2.6.18) -CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...) +CVE-2006-6332 - madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111) [etch] - madwifi (Non-free not supported) -CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...) +CVE-2006-6331 - torrentflux 2.1-7 (bug #400582; medium) -CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...) +CVE-2006-6330 - torrentflux 2.1-6 (bug #399169; medium) -CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...) +CVE-2006-6329 - torrentflux 2.1-6 (bug #399169) -CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...) +CVE-2006-6328 - torrentflux 2.1-5 (bug #395930; medium) NOTE: duplicate of CVE-2006-5609 CVE-2006-6327 @@ -2123,7 +2123,7 @@ CVE-2006-6320 RESERVED CVE-2006-6319 RESERVED -CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...) +CVE-2006-6318 {DSA-1242-1} - elog 2.6.2+r1754-1 CVE-2006-6317 @@ -2138,459 +2138,459 @@ CVE-2006-6313 RESERVED CVE-2006-6312 RESERVED -CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...) +CVE-2006-6311 NOT-FOR-US: Microsoft -CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...) +CVE-2006-6310 NOT-FOR-US: Microsoft -CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...) +CVE-2006-6309 NOT-FOR-US: Tivoli -CVE-2006-6308 (** DISPUTED ** ...) +CVE-2006-6308 NOT-FOR-US: Symantec LiveState -CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...) +CVE-2006-6307 NOT-FOR-US: Novell Netware -CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...) +CVE-2006-6306 NOT-FOR-US: Novell Netware -CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...) +CVE-2006-6305 - net-snmp (Only affects version 5.3.0) -CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...) +CVE-2006-6304 - linux-2.6 (Only affects plain 2.6.19) -CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...) +CVE-2006-6303 NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ - ruby1.8 1.8.5-4 (low) -CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) +CVE-2006-6300 NOT-FOR-US: CuteNews -CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...) +CVE-2006-6299 NOT-FOR-US: Novell ZENworks -CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...) +CVE-2006-6298 NOT-FOR-US: Metyus Okul Yonetim Sistemi -CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...) +CVE-2006-6297 - kdegraphics (unimportant) NOTE: Generic bug, treating it as a security problem is quite a stretch -CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...) +CVE-2006-6296 NOT-FOR-US: Microsoft -CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...) +CVE-2006-6295 NOT-FOR-US: MxBB Portal -CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...) +CVE-2006-6294 NOT-FOR-US: F-Prot Antivirus -CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...) +CVE-2006-6293 NOT-FOR-US: F-Prot Antivirus -CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, ...) +CVE-2006-6292 NOT-FOR-US: Apple Airport -CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...) +CVE-2006-6291 NOT-FOR-US: MailEnable Professional -CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...) +CVE-2006-6290 NOT-FOR-US: MailEnable -CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...) +CVE-2006-6289 NOT-FOR-US: Woltlab Burning Board -CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier ...) +CVE-2006-6288 NOT-FOR-US: Niek Albers CoolPlayer -CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...) +CVE-2006-6287 NOT-FOR-US: AtomixMP3 -CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...) +CVE-2006-6286 NOT-FOR-US: Palm Desktop -CVE-2006-6285 (** DISPUTED ** ...) +CVE-2006-6285 NOT-FOR-US: Kai Blankenhorn Bitfolge -CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...) +CVE-2006-6284 NOT-FOR-US: Vikingboard -CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) +CVE-2006-6283 NOT-FOR-US: Vikingboard -CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...) +CVE-2006-6282 NOT-FOR-US: Vikingboard -CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...) +CVE-2006-6281 NOT-FOR-US: dicshunary -CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...) +CVE-2006-6280 NOT-FOR-US: Oxygen (O2PHP Bulletin Board) -CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...) +CVE-2006-6279 NOT-FOR-US: @lex Guestbook -CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...) +CVE-2006-6278 NOT-FOR-US: @lex Guestbook -CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...) +CVE-2006-6277 NOT-FOR-US: ContentServ -CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...) +CVE-2006-6276 NOT-FOR-US: Sun Java System Proxy Server -CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) +CVE-2006-6275 NOT-FOR-US: Solaris -CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...) +CVE-2006-6274 NOT-FOR-US: Expinion.net iNews -CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, ...) +CVE-2006-6302 - fail2ban (looks fixed in 0.6, see #401793) -CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...) +CVE-2006-6301 - denyhosts 2.6-1 (medium; bug #401795) -CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...) +CVE-2006-6273 NOT-FOR-US: Simple PHP Gallery -CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...) +CVE-2006-6272 NOT-FOR-US: Simple PHP Gallery -CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 ...) +CVE-2006-6271 NOT-FOR-US: PHPOLL -CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...) +CVE-2006-6270 NOT-FOR-US: ASPMForum -CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...) +CVE-2006-6269 NOT-FOR-US: Infinitytechs Restaurants CM -CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...) +CVE-2006-6268 NOT-FOR-US: Neocrome Land Down Under -CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...) +CVE-2006-6267 NOT-FOR-US: PostNuke -CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...) +CVE-2006-6266 NOTE: It seems that no significant packet amplification takes place. NOTE: Probably harmless. -CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...) +CVE-2006-6265 NOTE: Potential firewall bypass is inherent to tunneling software. NOTE: Not a bug. -CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...) +CVE-2006-6264 NOTE: Potential firewall bypass is inherent to tunneling software. NOTE: Not a bug. -CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...) +CVE-2006-6263 NOTE: Potential firewall bypass is inherent to tunneling software. NOTE: Not a bug. -CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...) +CVE-2006-6262 NOT-FOR-US: PHPJunkYard MBoard -CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...) +CVE-2006-6261 NOT-FOR-US: Quintessential Player -CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema ...) +CVE-2006-6260 NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP) -CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...) +CVE-2006-6259 NOT-FOR-US: AlternC -CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the ...) +CVE-2006-6258 NOT-FOR-US: AlternC -CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are ...) +CVE-2006-6257 NOT-FOR-US: AlternC -CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in ...) +CVE-2006-6256 NOT-FOR-US: AlternC -CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI ...) +CVE-2006-6255 NOT-FOR-US: NukeAI -CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote ...) +CVE-2006-6254 NOT-FOR-US: Cahier de texte -CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, ...) +CVE-2006-6253 NOT-FOR-US: Cahier de texte -CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual ...) +CVE-2006-6252 NOT-FOR-US: Microsoft Windows Live Messenger -CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...) +CVE-2006-6251 NOT-FOR-US: VUPlayer -CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier ...) +CVE-2006-6250 NOT-FOR-US: Songbird Media Player -CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...) +CVE-2006-6249 NOT-FOR-US: Chama Cargo -CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...) +CVE-2006-6248 NOT-FOR-US: GPhotos -CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...) +CVE-2006-6247 NOT-FOR-US: UPhotoGallery -CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...) +CVE-2006-6246 NOT-FOR-US: Photo Organizer -CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b ...) +CVE-2006-6245 NOT-FOR-US: Photo Organizer -CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) ...) +CVE-2006-6244 NOT-FOR-US: Coalescent Systems freePBX -CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...) +CVE-2006-6243 NOT-FOR-US: FipsSHOP -CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...) +CVE-2006-6242 - serendipity 1.0.4-1 (unimportant; bug #401614) NOTE: Only exploitable with register_globals -CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...) +CVE-2006-6241 NOT-FOR-US: Sorin Chitu Telnet-FTP Server -CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...) +CVE-2006-6240 NOT-FOR-US: Sorin Chitu Telnet-FTP Server -CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise ...) +CVE-2006-6239 NOT-FOR-US: MailEnable NetWebAdmin -CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...) +CVE-2006-6238 NOT-FOR-US: Apple Safari -CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...) +CVE-2006-6237 NOT-FOR-US: Woltlab Burning Board Lite -CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) +CVE-2006-6236 NOT-FOR-US: Acrobat Reader -CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...) +CVE-2006-6235 {DSA-1231-1} - gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914) - gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913) -CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...) +CVE-2006-6234 NOT-FOR-US: PHP-Nuke -CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown ...) +CVE-2006-6233 NOT-FOR-US: PostNuke -CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in ...) +CVE-2006-6232 NOT-FOR-US: DreamAccount -CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive ...) +CVE-2006-6231 NOT-FOR-US: VuBB -CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote ...) +CVE-2006-6230 NOT-FOR-US: VuBB -CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs ...) +CVE-2006-6229 NOT-FOR-US: Codewalkers ltwCalendar -CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar ...) +CVE-2006-6228 NOT-FOR-US: Codewalkers ltwCalendar -CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...) +CVE-2006-6227 NOT-FOR-US: NeoEngine -CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...) +CVE-2006-6226 NOT-FOR-US: NeoEngine -CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 ...) +CVE-2006-6225 NOT-FOR-US: GeekLog -CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...) +CVE-2006-6224 NOT-FOR-US: Puntal -CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...) +CVE-2006-6223 NOT-FOR-US: Google Search Appliance -CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...) +CVE-2006-6222 NOT-FOR-US: Symantec Veritas NetBackup -CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...) +CVE-2006-6221 NOT-FOR-US: 2X ThinClientServer Enterprise Edition -CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...) +CVE-2006-6220 NOT-FOR-US: Recipes Complete Website -CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-6219 NOT-FOR-US: dev4u CMS -CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...) +CVE-2006-6218 NOT-FOR-US: dev4u CMS -CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...) +CVE-2006-6217 NOT-FOR-US: Mermaid module for PHP-NUKE -CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec ...) +CVE-2006-6216 NOT-FOR-US: Nivisec Hacks List -CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...) +CVE-2006-6215 NOT-FOR-US: Wallpaper Complete Website -CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website ...) +CVE-2006-6214 NOT-FOR-US: Wallpaper Complete Website -CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...) +CVE-2006-6213 NOT-FOR-US: PEGames -CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...) +CVE-2006-6212 NOT-FOR-US: Site News -CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...) +CVE-2006-6211 NOT-FOR-US: BirdBlog -CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...) +CVE-2006-6210 NOT-FOR-US: ASP ListPics -CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart ...) +CVE-2006-6209 NOT-FOR-US: MidiCart ASP Shopping Cart -CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...) +CVE-2006-6208 NOT-FOR-US: Enthreallweb eClassifieds -CVE-2006-6207 (** DISPUTED ** ...) +CVE-2006-6207 NOT-FOR-US: Evolve Merchant -CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...) +CVE-2006-6206 NOT-FOR-US: WarHound General Shopping Cart -CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in ...) +CVE-2006-6205 NOT-FOR-US: Enthrallweb eHomes -CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...) +CVE-2006-6204 NOT-FOR-US: Enthrallweb eHomes -CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...) +CVE-2006-6203 NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker -CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...) +CVE-2006-6202 NOT-FOR-US: PHP-Nuke -CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...) +CVE-2006-6201 NOT-FOR-US: Borland idsql32.dll -CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...) +CVE-2006-6200 NOT-FOR-US: PHP-Nuke -CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...) +CVE-2006-6199 NOT-FOR-US: BlazeVideo BlazeDVD -CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) +CVE-2006-6198 NOT-FOR-US: cPanel -CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...) +CVE-2006-6197 - b2evolution (0.9 releases not vulnerable) -CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...) +CVE-2006-6196 NOT-FOR-US: Fixit iDMS Pro Image Gallery -CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...) +CVE-2006-6195 NOT-FOR-US: Fixit iDMS Pro Image Gallery -CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...) +CVE-2006-6194 NOT-FOR-US: Ultimate Survey Pro -CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...) +CVE-2006-6193 NOT-FOR-US: BasicForum -CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...) +CVE-2006-6192 NOT-FOR-US: 8pixel.net SimpleBlog -CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...) +CVE-2006-6191 NOT-FOR-US: 8pixel.net SimpleBlog -CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...) +CVE-2006-6190 NOT-FOR-US: Anna^ IRC Bot -CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...) +CVE-2006-6189 NOT-FOR-US: ClickTech Click Blog -CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...) +CVE-2006-6188 NOT-FOR-US: ClickTech Click Gallery -CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...) +CVE-2006-6187 NOT-FOR-US: ClickTech Click Gallery -CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...) +CVE-2006-6186 NOT-FOR-US: enomphp -CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...) +CVE-2006-6185 NOT-FOR-US: Wabbit PHP Gallery -CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...) +CVE-2006-6184 NOT-FOR-US: Allied Telesyn TFTP Server -CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...) +CVE-2006-6183 NOT-FOR-US: 3Com 3CTftpSvc -CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...) +CVE-2006-6182 NOT-FOR-US: Gabriele Teotino GNotebook -CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...) +CVE-2006-6181 NOT-FOR-US: ClickTech ClickContact -CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...) +CVE-2006-6180 NOT-FOR-US: iNews Publisher -CVE-2006-6179 (Buffer overflow in ...) +CVE-2006-6179 NOT-FOR-US: Trend Micro OfficeScan -CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...) +CVE-2006-6178 NOT-FOR-US: Trend Micro OfficeScan CVE-2006-XXXX [libxslt segfault / DoS] - libxslt 1.1.19-1 (low) [sarge] - libxslt (vulnerability added later) -CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...) +CVE-2006-6177 NOT-FOR-US: Neocrome Seditio -CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...) +CVE-2006-6176 NOT-FOR-US: Blogn -CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...) +CVE-2006-6175 - kronolith2 2.1.4-1 (bug #400899; bug #401061) - kronolith (Vulnerable code not present) -CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...) +CVE-2006-6174 - tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650) -CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...) +CVE-2006-6173 NOT-FOR-US: Mac OS X -CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP ...) +CVE-2006-6172 {DSA-1244-1} - xine-lib 1.1.2+dfsg-2 (medium; bug #401740) - mplayer 1.0~rc1-11 (medium) -CVE-2006-6171 (** DISPUTED ** ...) +CVE-2006-6171 {DSA-1218} - proftpd-dfsg 1.3.0-13 (low; bug #399070) -CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...) +CVE-2006-6170 {DSA-1222-1} - proftpd-dfsg 1.3.0-16 (medium; bug #400793) -CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...) +CVE-2006-6168 - tikiwiki 1.9.7+dfsg-1 (low) -CVE-2006-6167 (** DISPUTED ** ...) +CVE-2006-6167 NOT-FOR-US: Active PHP Bookmarks -CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...) +CVE-2006-6166 NOT-FOR-US: Joomla Content Editor (JCE) for Joomla! -CVE-2006-6165 (** DISPUTED ** ...) +CVE-2006-6165 NOTE: non-issue -CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...) +CVE-2006-6164 NOT-FOR-US: OpenBSD -CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...) +CVE-2006-6163 - tikiwiki 1.9.7+dfsg-1 (low) -CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...) +CVE-2006-6162 - tikiwiki 1.9.7+dfsg-1 (low) -CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) +CVE-2006-6161 NOT-FOR-US: Doug Luxem Liberum Help Desk -CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...) +CVE-2006-6160 NOT-FOR-US: Doug Luxem Liberum Help Desk -CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...) +CVE-2006-6159 NOT-FOR-US: DeskPRO -CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help ...) +CVE-2006-6158 NOT-FOR-US: PMOS Help Desk -CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and ...) +CVE-2006-6157 NOT-FOR-US: ContentNow -CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX ...) +CVE-2006-6156 NOT-FOR-US: HIOX Star Rating System Script (HSRS) -CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star ...) +CVE-2006-6155 NOT-FOR-US: HIOX Star Rating System Script (HSRS) -CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star ...) +CVE-2006-6154 NOT-FOR-US: HIOX Star Rating System Script (HSRS) -CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net ...) +CVE-2006-6153 NOT-FOR-US: vSpin.net -CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...) +CVE-2006-6152 NOT-FOR-US: vSpin.net -CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie ...) +CVE-2006-6151 NOT-FOR-US: Messagerie Locale -CVE-2006-6150 (PHP remote file inclusion vulnerability in ...) +CVE-2006-6150 NOT-FOR-US: OWLLib -CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 ...) +CVE-2006-6149 NOT-FOR-US: JiRos FAQ Manager -CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...) +CVE-2006-6148 NOT-FOR-US: JiRos FAQ Manager -CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow ...) +CVE-2006-6147 NOT-FOR-US: JiRos Links Manager -CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...) +CVE-2006-6146 NOT-FOR-US: libharu -CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...) +CVE-2006-6145 NOT-FOR-US: CRYPTOCard -CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for ...) +CVE-2006-6144 - krb5 (Only 1.5 onwards are vulnerable) -CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...) +CVE-2006-6143 - krb5 1.4.4-6 (high) [sarge] - krb5 -CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) +CVE-2006-6142 {DSA-1241-1} - squirrelmail 2:1.4.9a-1 -CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...) +CVE-2006-6141 NOT-FOR-US: Tftpd32 -CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...) +CVE-2006-6140 NOT-FOR-US: Sisfo Kampus -CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...) +CVE-2006-6139 NOT-FOR-US: Sisfo Kampus -CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 ...) +CVE-2006-6138 NOT-FOR-US: Sisfo Kampus -CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...) +CVE-2006-6137 NOT-FOR-US: Sisfo Kampus -CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) ...) +CVE-2006-6136 NOT-FOR-US: IBM WebSphere -CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) +CVE-2006-6135 NOT-FOR-US: IBM WebSphere -CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...) +CVE-2006-6134 NOT-FOR-US: Windows Media -CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for ...) +CVE-2006-6133 NOT-FOR-US: Business Objects Crystal Reports -CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow ...) +CVE-2006-6132 NOT-FOR-US: Link Exchange Lite -CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) ...) +CVE-2006-6131 NOT-FOR-US: Kerio WebSTAR -CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...) +CVE-2006-6130 NOT-FOR-US: Apple Mac OS X -CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...) +CVE-2006-6169 {DSA-1231-1} - gnupg 1.4.5-3 (medium; bug #401765) - gnupg2 2.0.0-5.1 (medium; bug #400777) CVE-2006-XXXX [smb4k security issue] - smb4k 0.7.5-1 [sarge] - smb4k (Vulnerable code not present) -CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...) +CVE-2006-6129 NOT-FOR-US: Apple Mac OS X -CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...) +CVE-2006-6128 - linux (Kernel rejects the malformed filesystem) - linux-2.6 [squeeze] - linux-2.6 (Kernel rejects the malformed filesystem) NOTE: It's not obvious when or how this was fixed -CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...) +CVE-2006-6127 NOT-FOR-US: Apple Mac OS X -CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...) +CVE-2006-6126 NOT-FOR-US: Apple Mac OS X -CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) ...) +CVE-2006-6125 NOT-FOR-US: NetGear -CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server ...) +CVE-2006-6124 NOT-FOR-US: SeleniumServer Web Server -CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ...) +CVE-2006-6123 NOT-FOR-US: Coppermine Photo Gallery (CPG) -CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact ...) +CVE-2006-6122 - tin 1:1.8.2-1 -CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...) +CVE-2006-6121 NOT-FOR-US: Acer -CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft ...) +CVE-2006-6120 - koffice 1:1.6.1-1 (bug #401230; medium) -CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...) +CVE-2006-6119 NOT-FOR-US: mmgallery -CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery ...) +CVE-2006-6118 NOT-FOR-US: mmgallery -CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and ...) +CVE-2006-6117 NOT-FOR-US: fipsGallery -CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and ...) +CVE-2006-6116 NOT-FOR-US: fipsForum -CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier ...) +CVE-2006-6115 NOT-FOR-US: fipsCMS CVE-2006-6114 REJECTED -CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...) +CVE-2006-6113 NOT-FOR-US: Monkey Boards -CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...) +CVE-2006-6112 NOT-FOR-US: LifeType -CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...) +CVE-2006-6111 NOT-FOR-US: Alan Ward A-Cart Pro -CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...) +CVE-2006-6110 NOT-FOR-US: BPG-InfoTech Content Management System -CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...) +CVE-2006-6109 NOT-FOR-US: CandyPress Store -CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...) +CVE-2006-6108 NOT-FOR-US: EC-CUBE -CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...) +CVE-2006-6107 - dbus 1.0.2-1 (low) [sarge] - dbus (Minor issue) -CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...) +CVE-2006-6106 {DSA-1503-2 DSA-1503-1 DSA-1304} - linux-2.6 2.6.18.dfsg.1-9 -CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...) +CVE-2006-6105 - gdm 2.16.4-1 (medium; bug #403219) [sarge] - gdm (Vulnerable code not present) -CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...) +CVE-2006-6104 - mono 1.2.2.1-1 (low) -CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...) +CVE-2006-6103 {DSA-1249-1} - xorg-server 2:1.1.1-15 -CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...) +CVE-2006-6102 {DSA-1249-1} - xorg-server 2:1.1.1-15 -CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...) +CVE-2006-6101 {DSA-1249-1} - xorg-server 2:1.1.1-15 CVE-2006-6100 @@ -2599,49 +2599,49 @@ CVE-2006-6099 REJECTED CVE-2006-6098 REJECTED -CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows ...) +CVE-2006-6097 {DSA-1223-1} - tar 1.16-2 (high; bug #399845) -CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in ...) +CVE-2006-6096 NOT-FOR-US: ActiveNews Manage -CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...) +CVE-2006-6095 NOT-FOR-US: ActiveNews Manage -CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...) +CVE-2006-6094 NOT-FOR-US: ActiveNews Manage -CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php ...) +CVE-2006-6093 NOT-FOR-US: PicturesPro Photo Cart -CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...) +CVE-2006-6092 NOT-FOR-US: Auto Gallery -CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...) +CVE-2006-6091 NOT-FOR-US: GrimBB -CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote ...) +CVE-2006-6090 NOT-FOR-US: BaalAsp -CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...) +CVE-2006-6089 NOT-FOR-US: BaalAsp forum -CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...) +CVE-2006-6088 NOT-FOR-US: i-Gallery -CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...) +CVE-2006-6087 NOT-FOR-US: my little weblog -CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...) +CVE-2006-6086 NOT-FOR-US: e-Ark -CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...) +CVE-2006-6085 - kile 1:1.9.3-1 (low) [sarge] - kile (Minor issue) -CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy ...) +CVE-2006-6084 NOT-FOR-US: aBitWhizzy -CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...) +CVE-2006-6083 NOT-FOR-US: CreaScripts Creadirectory -CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts ...) +CVE-2006-6082 NOT-FOR-US: CreaScripts Creadirectory -CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php ...) +CVE-2006-6081 NOT-FOR-US: Telaen -CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews ...) +CVE-2006-6080 NOT-FOR-US: gNews -CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 ...) +CVE-2006-6079 NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth) -CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...) +CVE-2006-6078 NOT-FOR-US: a-ConMan -CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...) +CVE-2006-6077 {DSA-1336-1} NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (high; bug #409220) @@ -2650,158 +2650,158 @@ CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and [sarge] - mozilla (Mozilla products from Sarge no longer supported) - xulrunner 1.8.0.10-1 (medium) NOTE: Epiphany affected by xulrunner -CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...) +CVE-2006-6076 NOT-FOR-US: BrightStor -CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...) +CVE-2006-6075 NOT-FOR-US: BaalAsp forum -CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...) +CVE-2006-6074 NOT-FOR-US: Enthrallweb eShopping Cart -CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...) +CVE-2006-6073 NOT-FOR-US: Enthrallweb eShopping Cart -CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...) +CVE-2006-6072 NOT-FOR-US: BPG-InfoTech Easy Publisher -CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ...) +CVE-2006-6071 - twiki 1:4.0.5-2 (bug #401303; low) -CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...) +CVE-2006-6070 NOT-FOR-US: ASP Nuke -CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...) +CVE-2006-6069 NOT-FOR-US: mAlbum -CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in ...) +CVE-2006-6068 NOT-FOR-US: mAlbum -CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real ...) +CVE-2006-6067 NOT-FOR-US: DataShed -CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events ...) +CVE-2006-6066 NOT-FOR-US: Dragon Calendar -CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...) +CVE-2006-6065 NOT-FOR-US: CalSnails Module for MxBB Portal -CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...) +CVE-2006-6064 NOT-FOR-US: Fuzzball MUCK -CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier ...) +CVE-2006-6063 NOT-FOR-US: XMPlay -CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...) +CVE-2006-6062 NOT-FOR-US: Apple Mac OS X -CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...) +CVE-2006-6061 NOT-FOR-US: Apple Mac OS X -CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...) +CVE-2006-6060 {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root -CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...) +CVE-2006-6059 NOT-FOR-US: NetGear -CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, ...) +CVE-2006-6058 {DSA-1504-1 DSA-1436-1} - linux-2.6 2.6.22-6 NOTE: Mounting filesystem partitions should be limited to root -CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...) +CVE-2006-6057 - linux-2.6 (Debian kernels up to 2.6.18 didn't include GFS) -CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...) +CVE-2006-6056 {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root -CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...) +CVE-2006-6055 NOT-FOR-US: D-Link -CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...) +CVE-2006-6054 {DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root -CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...) +CVE-2006-6053 {DSA-1503-2 DSA-1503-1 DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root -CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...) +CVE-2006-6052 NOT-FOR-US: NetEpi Case Manager -CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...) +CVE-2006-6051 NOT-FOR-US: MosReporter (com_reporter) component for Joomla! -CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em ...) +CVE-2006-6050 NOT-FOR-US: Rank'em -CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 ...) +CVE-2006-6049 NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo -CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when ...) +CVE-2006-6048 NOT-FOR-US: Etomite CMS -CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite ...) +CVE-2006-6047 NOT-FOR-US: Etomite CMSEtomite CMS -CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 ...) +CVE-2006-6046 NOT-FOR-US: eggblog -CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...) +CVE-2006-6045 NOT-FOR-US: omdev One Admin -CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in ...) +CVE-2006-6044 NOT-FOR-US: PHPQuickGallery -CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver ...) +CVE-2006-6043 NOT-FOR-US: Oliver (formerly Webshare) -CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in ...) +CVE-2006-6042 NOT-FOR-US: phpWebThings -CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...) +CVE-2006-6041 NOT-FOR-US: WORK system e-commerce -CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-6040 NOT-FOR-US: vBulletin -CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP ...) +CVE-2006-6039 NOT-FOR-US: MatchMaker -CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum ...) +CVE-2006-6038 NOT-FOR-US: Powie's PHP Forum -CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-6037 NOT-FOR-US: Travelsized CMS -CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote ...) +CVE-2006-6036 NOT-FOR-US: OpenHuman -CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...) +CVE-2006-6035 NOT-FOR-US: BLOG:CMS -CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...) +CVE-2006-6034 NOT-FOR-US: SitesOutlet E-commerce Kit-1 -CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog ...) +CVE-2006-6033 NOT-FOR-US: Simple PHP Blog -CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) +CVE-2006-6032 NOT-FOR-US: Simple PHP Blog -CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet ...) +CVE-2006-6031 NOT-FOR-US: ASPCart -CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow ...) +CVE-2006-6030 NOT-FOR-US: E-Calendar ProE-Calendar Pro -CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 ...) +CVE-2006-6029 NOT-FOR-US: Property Pro -CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...) +CVE-2006-6028 NOT-FOR-US: DoSePa -CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) +CVE-2006-6027 NOT-FOR-US: Adobe Reader -CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix ...) +CVE-2006-6026 NOT-FOR-US: Helix DNA Server -CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...) +CVE-2006-6025 NOT-FOR-US: QUALCOMM Eudora WorldMail -CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...) +CVE-2006-6024 NOT-FOR-US: Eudora Worldmail -CVE-2006-6023 (** DISPUTED ** ...) +CVE-2006-6023 NOT-FOR-US: Bloo -CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...) +CVE-2006-6022 NOT-FOR-US: BestWebApp Dating Site -CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp ...) +CVE-2006-6021 NOT-FOR-US: BestWebApp Dating Site -CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog ...) +CVE-2006-6020 NOT-FOR-US: Blog Torrent Preview -CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-6019 NOT-FOR-US: Bloo -CVE-2006-6018 (** DISPUTED ** ...) +CVE-2006-6018 NOT-FOR-US: My-BIC -CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a ...) +CVE-2006-6017 - wordpress 2.0.5-0.1 -CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...) +CVE-2006-6016 - wordpress 2.0.5-0.1 -CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple ...) +CVE-2006-6015 - kdebase (unimportant; bug #400121) NOTE: Browser crashes are not treated as security problems -CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...) +CVE-2006-6014 NOT-FOR-US: NetBSD -CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...) +CVE-2006-6013 - kfreebsd-5 5.4-21 [etch] - kfreebsd-5 (no security support) -CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...) +CVE-2006-6012 NOT-FOR-US: Car Site Manager -CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...) +CVE-2006-6011 NOT-FOR-US: SAP -CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...) +CVE-2006-6010 NOT-FOR-US: SAP -CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...) +CVE-2006-6009 - sun-java5 1.5.0-08-1 -CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...) +CVE-2006-6008 {DSA-1217} - linux-ftpd 0.17-23 -CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...) +CVE-2006-6007 NOT-FOR-US: WebEvents (Online Event Registration Template) CVE-2006-6006 REJECTED @@ -2827,437 +2827,437 @@ CVE-2006-5996 REJECTED CVE-2006-5995 REJECTED -CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...) +CVE-2006-5994 NOT-FOR-US: Microsoft Word CVE-2006-5993 REJECTED CVE-2006-5992 REJECTED -CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...) +CVE-2006-5991 NOT-FOR-US: CactuShop -CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...) +CVE-2006-5990 NOT-FOR-US: VMWare -CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...) +CVE-2006-5989 {DSA-1247-1} - libapache-mod-auth-kerb 5.3-1 (low; bug #400589) -CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...) +CVE-2006-5988 NOT-FOR-US: Windows -CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly ...) +CVE-2006-5987 NOT-FOR-US: ASPintranet -CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...) +CVE-2006-5986 NOT-FOR-US: Extreme CMS -CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-5985 NOT-FOR-US: Extreme CMS -CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...) +CVE-2006-5984 NOT-FOR-US: Helm Hosting Control Panel -CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software ...) +CVE-2006-5983 NOT-FOR-US: DirectAdmin -CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user ...) +CVE-2006-5982 NOT-FOR-US: Selenium Server -CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP ...) +CVE-2006-5981 NOT-FOR-US: Selenium Server -CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ...) +CVE-2006-5980 NOT-FOR-US: NetJetServer -CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure ...) +CVE-2006-5979 NOT-FOR-US: NetJetServer -CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown ...) +CVE-2006-5978 NOT-FOR-US: E-Xoopport -CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...) +CVE-2006-5977 NOT-FOR-US: MultiCalendars -CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe ...) +CVE-2006-5976 NOT-FOR-US: BlogMe -CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...) +CVE-2006-5975 NOT-FOR-US: BlogMe -CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...) +CVE-2006-5974 - fetchmail 6.3.6-1 (low) [sarge] - fetchmail (Vulnerable code not present) -CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...) +CVE-2006-5973 - dovecot 1.0.rc15-1 [sarge] - dovecot (Vulnerable code not present) CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability] - firefox-sage (medium; bug #399170) NOTE: Debian's version has HTML disabled -CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...) +CVE-2006-5972 NOT-FOR-US: NetGear -CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...) +CVE-2006-5971 NOT-FOR-US: Verity Ultraseek -CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...) +CVE-2006-5970 NOT-FOR-US: Verity Ultraseek -CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...) +CVE-2006-5969 - fvwm 1:2.5.18-2 (low; bug #400303) [sarge] - fvwm (Minor issue) -CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...) +CVE-2006-5968 NOT-FOR-US: MDaemon -CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...) +CVE-2006-5967 NOT-FOR-US: Panda ActiveScan -CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...) +CVE-2006-5966 NOT-FOR-US: Panda ActiveScan -CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...) +CVE-2006-5965 NOT-FOR-US: PassGo SSO Plus -CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...) +CVE-2006-5964 NOT-FOR-US: PentaZip -CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...) +CVE-2006-5963 NOT-FOR-US: PentaZip -CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...) +CVE-2006-5962 NOT-FOR-US: Hpecs Shopping Cart -CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...) +CVE-2006-5961 NOT-FOR-US: Mercury Mail Transport -CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-5960 NOT-FOR-US: A+ Store E-Commerce -CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce ...) +CVE-2006-5959 NOT-FOR-US: A+ Store E-Commerce -CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...) +CVE-2006-5958 NOT-FOR-US: INFINICART -CVE-2006-5957 (** DISPUTED ** ...) +CVE-2006-5957 NOT-FOR-US: INFINICART -CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...) +CVE-2006-5956 NOT-FOR-US: PHPRunner -CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka ...) +CVE-2006-5955 NOT-FOR-US: DataShed -CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier ...) +CVE-2006-5954 NOT-FOR-US: NetVIOS -CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart ...) +CVE-2006-5953 NOT-FOR-US: Evolve shopping cart -CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 ...) +CVE-2006-5952 NOT-FOR-US: ASP Smiley -CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...) +CVE-2006-5951 NOT-FOR-US: Exophpdesk -CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...) +CVE-2006-5950 NOT-FOR-US: ALTools ALFTP FTP Server -CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...) +CVE-2006-5949 NOT-FOR-US: ALTools ALFTP FTP Server -CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...) +CVE-2006-5948 NOT-FOR-US: phpPeanuts -CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...) +CVE-2006-5947 NOT-FOR-US: Conxint FTP Server -CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...) +CVE-2006-5946 NOT-FOR-US: FunkyASP Glossary -CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...) +CVE-2006-5945 NOT-FOR-US: MGinternet Car Site Manager -CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...) +CVE-2006-5944 NOT-FOR-US: MGinternet Car Site Manager -CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...) +CVE-2006-5943 NOT-FOR-US: Less Inventory Manager -CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-5942 NOT-FOR-US: Less Inventory Manager CVE-2006-5941 REJECTED -CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...) +CVE-2006-5940 NOT-FOR-US: Grisoft AVG Anti-Virus -CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...) +CVE-2006-5939 NOT-FOR-US: Grisoft AVG Anti-Virus -CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote ...) +CVE-2006-5938 NOT-FOR-US: Grisoft AVG Anti-Virus -CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 ...) +CVE-2006-5937 NOT-FOR-US: Grisoft AVG Anti-Virus -CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce ...) +CVE-2006-5936 NOT-FOR-US: SiteXpress E-Commerce -CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and ...) +CVE-2006-5935 NOT-FOR-US: ShopSystems -CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent ...) +CVE-2006-5934 NOT-FOR-US: Estate Agent Manager -CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows ...) +CVE-2006-5933 NOT-FOR-US: UltraSite -CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single ...) +CVE-2006-5932 NOT-FOR-US: Kahua -CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...) +CVE-2006-5931 NOT-FOR-US: Aigaion -CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...) +CVE-2006-5930 NOT-FOR-US: Aigaion -CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...) +CVE-2006-5929 NOT-FOR-US: Phpjobscheduler -CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...) +CVE-2006-5928 NOT-FOR-US: Phpjobscheduler -CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...) +CVE-2006-5927 NOT-FOR-US: ASP Scripter Easy Portal -CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...) +CVE-2006-5926 NOT-FOR-US: Vallheru -CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...) +CVE-2006-5925 {DSA-1240-1 DSA-1228-1 DSA-1226-1} - links 0.99+1.00pre12-1.1 (medium; bug #399188) - elinks 0.11.1-1.2 (medium; bug #399187) - links2 2.1pre25-2 (medium; bug #400718) -CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...) +CVE-2006-5924 NOT-FOR-US: Efficient IP iPmanager (IPm) -CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...) +CVE-2006-5923 NOT-FOR-US: gtcatalog -CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...) +CVE-2006-5922 NOT-FOR-US: Wheatblog -CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...) +CVE-2006-5921 NOT-FOR-US: Wheatblog -CVE-2006-5920 (** DISPUTED ** ...) +CVE-2006-5920 NOT-FOR-US: Exporia -CVE-2006-5919 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5919 NOT-FOR-US: KnowledgeBuilder -CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...) +CVE-2006-5918 NOT-FOR-US: RapidKill -CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...) +CVE-2006-5917 NOT-FOR-US: OmniStar Article Manager -CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...) +CVE-2006-5916 NOT-FOR-US: Intego VirusBarrier -CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...) +CVE-2006-5915 NOT-FOR-US: LandShop -CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...) +CVE-2006-5914 NOT-FOR-US: LandShop -CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...) +CVE-2006-5913 NOT-FOR-US: Microsoft -CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...) +CVE-2006-5912 NOT-FOR-US: Campware Campsite -CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...) +CVE-2006-5911 NOT-FOR-US: Campware Campsite -CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...) +CVE-2006-5910 NOT-FOR-US: Campware Campsite -CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...) +CVE-2006-5909 NOT-FOR-US: Stanford Conference And Research Forum (SCARF) -CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...) +CVE-2006-5908 NOT-FOR-US: Yet Another News System -CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...) +CVE-2006-5907 NOT-FOR-US: SCRIPT BANNIERES -CVE-2006-5906 (** DISPUTED ** ...) +CVE-2006-5906 NOT-FOR-US: SCRIPT BANNIERES -CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...) +CVE-2006-5905 NOT-FOR-US: Web Directory Pro -CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...) +CVE-2006-5904 NOT-FOR-US: MWChat Pro -CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...) +CVE-2006-5903 NOT-FOR-US: GSpace -CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...) +CVE-2006-5902 NOT-FOR-US: viksoe GMail Drive -CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...) +CVE-2006-5901 NOT-FOR-US: Hawking Technology wireless router WR254-CA -CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...) +CVE-2006-5900 NOT-FOR-US: Zend Framework Preview -CVE-2006-5899 (** DISPUTED ** ...) +CVE-2006-5899 NOT-FOR-US: @cid stat -CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...) +CVE-2006-5898 NOT-FOR-US: PhpMyChat -CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...) +CVE-2006-5897 NOT-FOR-US: PhpMyChat Plus -CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...) +CVE-2006-5896 NOT-FOR-US: Web Mech Designer -CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...) +CVE-2006-5895 NOT-FOR-US: EncapsCMS -CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...) +CVE-2006-5894 NOT-FOR-US: Rama CMS -CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...) +CVE-2006-5893 NOT-FOR-US: iWonder Designs Storystream -CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...) +CVE-2006-5892 NOT-FOR-US: The Net Guys ASPired2Poll -CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...) +CVE-2006-5891 NOT-FOR-US: Superfreaker Studios UStore -CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...) +CVE-2006-5890 NOT-FOR-US: Superfreaker Studios UStore -CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...) +CVE-2006-5889 NOT-FOR-US: BrewBlogger -CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...) +CVE-2006-5888 NOT-FOR-US: Superfreaker Studios UPublisher -CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic ...) +CVE-2006-5887 NOT-FOR-US: Dynamic Dataworx NuSchool -CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic ...) +CVE-2006-5886 NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems) -CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows ...) +CVE-2006-5885 NOT-FOR-US: NuStore -CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX ...) +CVE-2006-5884 NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer -CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) +CVE-2006-5883 NOT-FOR-US: cPanel 10 -CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...) +CVE-2006-5882 NOT-FOR-US: Broadcom BCMWL5.SYS -CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx ...) +CVE-2006-5881 NOT-FOR-US: Dynamic Dataworx NuCommunity -CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...) +CVE-2006-5880 NOT-FOR-US: Munch Pro -CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta ...) +CVE-2006-5879 NOT-FOR-US: ASPPortal -CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...) +CVE-2006-5878 {DSA-1209} - trac 0.10.1-1 (bug #397683) -CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, ...) +CVE-2006-5877 - enigmail 2:0.94.2-1 (bug #406604) -CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP ...) +CVE-2006-5876 {DSA-1248-1} - libsoup 2.2.98-2 (bug #405197; medium) -CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...) +CVE-2006-5875 {DSA-1236-1} - enemies-of-carlotta 1.2.4-1 (medium) -CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...) +CVE-2006-5874 {DSA-1232-1} - clamav 0.86-1 -CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...) +CVE-2006-5873 {DSA-1230-1} - l2tpns 2.1.21-1 (medium; bug #401742) NOTE: http://secunia.com/advisories/23230/ -CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...) +CVE-2006-5872 {DSA-1239-1} - sql-ledger 2.6.21-1 -CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...) +CVE-2006-5871 {DSA-1237 DSA-1233} - linux-2.6 (Current Linux versions already implement intended behaviour) -CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...) +CVE-2006-5870 {DSA-1246-1} - openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679) -CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...) +CVE-2006-5869 {DSA-1220} - pstotext 1.9-4 (bug #356988; medium) -CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 ...) +CVE-2006-5868 {DSA-1213} - imagemagick 7:6.2.4.5.dfsg1-0.11 -CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...) +CVE-2006-5867 {DSA-1259-1} - fetchmail 6.3.6-1 (low) -CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...) +CVE-2006-5866 NOT-FOR-US: phpManta -CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...) +CVE-2006-5865 NOT-FOR-US: Script Dowload -CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for ...) +CVE-2006-5863 NOT-FOR-US: LetterIt -CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...) +CVE-2006-5862 NOT-FOR-US: Network Administration Visualized -CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...) +CVE-2006-5861 NOT-FOR-US: Citrix -CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...) +CVE-2006-5860 NOT-FOR-US: Adobe JRun -CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...) +CVE-2006-5859 NOT-FOR-US: Adobe ColdFusion -CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...) +CVE-2006-5858 NOT-FOR-US: Adobe -CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...) +CVE-2006-5857 NOT-FOR-US: Adobe -CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...) +CVE-2006-5856 NOT-FOR-US: Adobe Download Manager -CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...) +CVE-2006-5855 NOT-FOR-US: Tivoli -CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...) +CVE-2006-5854 NOT-FOR-US: Novell Netware -CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...) +CVE-2006-5853 NOT-FOR-US: Immediacy CMS -CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...) +CVE-2006-5852 NOT-FOR-US: OpenBase SQL -CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ...) +CVE-2006-5851 NOT-FOR-US: OpenBase SQL -CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows ...) +CVE-2006-5850 NOT-FOR-US: Essentia Web Server -CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...) +CVE-2006-5849 NOT-FOR-US: IrayoBlog CVE-2006-5848 REJECTED -CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...) +CVE-2006-5847 NOT-FOR-US: FreeWebshop -CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 ...) +CVE-2006-5846 NOT-FOR-US: FreeWebshop -CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...) +CVE-2006-5845 NOT-FOR-US: Speedywiki -CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the ...) +CVE-2006-5844 NOT-FOR-US: Speedywiki -CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki ...) +CVE-2006-5843 NOT-FOR-US: Speedywiki -CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running ...) +CVE-2006-5842 NOT-FOR-US: Unicore -CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...) +CVE-2006-5841 NOT-FOR-US: DodosMail -CVE-2006-5840 (** DISPUTED ** ...) +CVE-2006-5840 NOT-FOR-US: Abarcar Realty Portal -CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...) +CVE-2006-5839 NOT-FOR-US: PHPAdventure -CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in ...) +CVE-2006-5838 NOT-FOR-US: NewP News Publication System -CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the ...) +CVE-2006-5837 NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS -CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the ...) +CVE-2006-5836 NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X -CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes ...) +CVE-2006-5835 NOT-FOR-US: IBM Lotus Notes Domino -CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution ...) +CVE-2006-5834 NOT-FOR-US: OpenSolution Quick.Cms.Lite -CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require ...) +CVE-2006-5833 NOT-FOR-US: GreenBeast CMS -CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote ...) +CVE-2006-5832 NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...) +CVE-2006-5831 NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...) +CVE-2006-5830 NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel ...) +CVE-2006-5829 NOT-FOR-US: All In One Control Panel (AIOCP) -CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...) +CVE-2006-5828 NOT-FOR-US: PHP Classifieds -CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-5827 NOT-FOR-US: phpComasy CMS -CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 ...) +CVE-2006-5826 NOT-FOR-US: Texas Imperial Software WFTPD Pro Server -CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) +CVE-2006-5825 NOT-FOR-US: Kayako SupportSuite -CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...) +CVE-2006-5824 - kfreebsd-5 [etch] - kfreebsd-5 (no security support for freebsd) -CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...) +CVE-2006-5823 {DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.18.dfsg.1-10 (low) -CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...) +CVE-2006-5822 NOT-FOR-US: Symantec Veritas NetBackup -CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...) +CVE-2006-5821 NOT-FOR-US: Citrix -CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...) +CVE-2006-5820 NOT-FOR-US: SuperBuddy ActiveX control -CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...) +CVE-2006-5819 NOT-FOR-US: Verity Ultraseek -CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...) +CVE-2006-5864 {DSA-1243-1 DSA-1214} - gv 1:3.6.2-3 (medium; bug #398292) - evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063) -CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...) +CVE-2006-5818 NOT-FOR-US: Lotus Domino -CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...) +CVE-2006-5817 NOT-FOR-US: Parallels -CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...) +CVE-2006-5816 NOT-FOR-US: Business Card Web Builder -CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...) +CVE-2006-5815 {DSA-1222-1} - proftpd-dfsg 1.3.0-15 (bug #399070; high) -CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...) +CVE-2006-5814 NOT-FOR-US: Novell eDirectory -CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...) +CVE-2006-5813 NOT-FOR-US: Novell eDirectory -CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...) +CVE-2006-5812 NOT-FOR-US: Kerio -CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...) +CVE-2006-5811 NOT-FOR-US: OpenEMR -CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-5810 NOT-FOR-US: XOOPS -CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...) +CVE-2006-5809 NOT-FOR-US: OvBB -CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...) +CVE-2006-5808 NOT-FOR-US: Cisco -CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...) +CVE-2006-5807 NOT-FOR-US: Cisco -CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when ...) +CVE-2006-5806 NOT-FOR-US: Cisco -CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) +CVE-2006-5805 NOT-FOR-US: Microsoft -CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced ...) +CVE-2006-5804 NOT-FOR-US: Advanced Guestbook -CVE-2006-5803 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5803 NOT-FOR-US: mxBB Smartor Album -CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers ...) +CVE-2006-5802 NOT-FOR-US: The Web Drivers Simple Forum -CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not ...) +CVE-2006-5801 NOT-FOR-US: owfs -CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in ...) +CVE-2006-5800 NOT-FOR-US: Xenis.creator -CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) +CVE-2006-5799 NOT-FOR-US: Xenis.creator -CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...) +CVE-2006-5798 NOT-FOR-US: Xenis.creator -CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...) +CVE-2006-5797 NOT-FOR-US: Xenis.creator -CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro ...) +CVE-2006-5796 NOT-FOR-US: Soholaunch Pro -CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...) +CVE-2006-5795 NOT-FOR-US: OpenEMR -CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...) +CVE-2006-5794 - openssh 1:4.3p2-6 (unimportant) NOTE: Not a direct vulnerability -CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...) +CVE-2006-5793 - libpng 1.2.13-0 (low; bug #398706) [sarge] - libpng (Minor issue) CVE-2006-XXXX [obexpushd arbitrary command execution] @@ -3265,105 +3265,105 @@ CVE-2006-XXXX [obexpushd arbitrary command execution] CVE-2006-XXXX [motion insecure tempfile creation] - motion 3.2.3-2 (bug #393846; low) [sarge] - motion (Minor issue) -CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote ...) +CVE-2006-5792 NOT-FOR-US: XLink Omni-NFS Enterprise -CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...) +CVE-2006-5791 {DSA-1242-1} - elog 2.6.2+r1754-1 (medium; bug #392016) -CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ...) +CVE-2006-5790 {DSA-1242-1} - elog 2.6.2+r1754-1 (medium; bug #392016) -CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated ...) +CVE-2006-5789 NOT-FOR-US: WarFTPd -CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) ...) +CVE-2006-5788 NOT-FOR-US: IPrimal Forums -CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote ...) +CVE-2006-5787 NOT-FOR-US: IPrimal Forums -CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and ...) +CVE-2006-5786 NOT-FOR-US: e107 -CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before ...) +CVE-2006-5785 NOT-FOR-US: SAP Web Application Server -CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application ...) +CVE-2006-5784 NOT-FOR-US: SAP Web Application Server -CVE-2006-5783 (** DISPUTED ** ...) +CVE-2006-5783 NOTE: irreproducible firefox issue -CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...) +CVE-2006-5782 NOT-FOR-US: HP OpenView -CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...) +CVE-2006-5781 NOT-FOR-US: iodine -CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...) +CVE-2006-5780 NOT-FOR-US: XLink Omni-NFS -CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of ...) +CVE-2006-5779 - openldap2.2 (bug #397673) - openldap2.3 2.3.29-1 -CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...) +CVE-2006-5777 NOT-FOR-US: Creasito E-Commerce Content Manager -CVE-2006-5776 (** DISPUTED ** ...) +CVE-2006-5776 NOT-FOR-US: Ariadne -CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard ...) +CVE-2006-5775 NOT-FOR-US: FunkBoard -CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...) +CVE-2006-5774 NOT-FOR-US: Hyper NIKKI System -CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 ...) +CVE-2006-5773 NOT-FOR-US: FreeWebshop -CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...) +CVE-2006-5772 NOT-FOR-US: FreeWebshop -CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...) +CVE-2006-5771 NOT-FOR-US: Arkoon SSL360 -CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) +CVE-2006-5770 NOT-FOR-US: Mobile -CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...) +CVE-2006-5769 NOT-FOR-US: admin.tool CMS -CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 ...) +CVE-2006-5768 NOT-FOR-US: Cyberfolio -CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...) +CVE-2006-5767 NOT-FOR-US: Drake CMS -CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article ...) +CVE-2006-5766 NOT-FOR-US: Article System -CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ...) +CVE-2006-5765 NOT-FOR-US: Article Script -CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File ...) +CVE-2006-5764 NOT-FOR-US: Free File Hosting -CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File ...) +CVE-2006-5763 NOT-FOR-US: Free File Hosting -CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...) +CVE-2006-5762 NOT-FOR-US: Free File Hosting -CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix ...) +CVE-2006-5761 NOT-FOR-US: Rhadrix If-CMS -CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite ...) +CVE-2006-5760 NOT-FOR-US: phpDynaSite -CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...) +CVE-2006-5759 NOT-FOR-US: Rhadrix If-CMS -CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...) +CVE-2006-5758 NOT-FOR-US: Microsoft -CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...) +CVE-2006-5757 {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (low) CVE-2006-5756 REJECTED -CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...) +CVE-2006-5755 {DSA-1381-2} - linux-2.6 2.6.18.dfsg.1-10 -CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...) +CVE-2006-5754 {DSA-1304} - linux-2.6 (Fixed before initial upload; 2.6.10) -CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...) +CVE-2006-5753 {DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304} - linux-2.6 2.6.20-1 -CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...) +CVE-2006-5752 - apache2 2.2.4-2 (low) [sarge] - apache2 2.0.54-5sarge2 [etch] - apache2 2.2.3-4+etch2 - apache (low) [etch] - apache 1.3.34-4.1+etch1 -CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...) +CVE-2006-5751 {DSA-1233} - linux-2.6 2.6.18-8 (medium) -CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...) +CVE-2006-5750 NOT-FOR-US: JBoss -CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...) +CVE-2006-5749 - linux-2.6 2.6.18.dfsg.1-10 -CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) +CVE-2006-5748 {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-65 - firefox 45.0-1 (high) @@ -3372,7 +3372,7 @@ CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in - icedove 1.5.0.8-1 (medium) - mozilla (high) - xulrunner 1.8.0.8-1 (high) -CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) +CVE-2006-5747 NOTE: MFSA-2006-65 - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) @@ -3385,98 +3385,98 @@ CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) [sarge] - mozilla (Vulnerable code not present) [sarge] - mozilla-firefox (Vulnerable code not present) [sarge] - mozilla-thunderbird (Vulnerable code not present) -CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not ...) +CVE-2006-5746 NOT-FOR-US: AirMagnet -CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...) +CVE-2006-5745 NOT-FOR-US: Microsoft -CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and ...) +CVE-2006-5744 NOT-FOR-US: Highwall Enterprise -CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall ...) +CVE-2006-5743 NOT-FOR-US: Highwall Enterprise -CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...) +CVE-2006-5742 NOT-FOR-US: AirMagnet Enterprise -CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet ...) +CVE-2006-5741 NOT-FOR-US: AirMagnet Enterprise -CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in ...) +CVE-2006-5739 NOT-FOR-US: communityPortals -CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow ...) +CVE-2006-5738 NOT-FOR-US: PunBB -CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from ...) +CVE-2006-5737 NOT-FOR-US: PunBB -CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...) +CVE-2006-5736 NOT-FOR-US: PunBB -CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB ...) +CVE-2006-5735 NOT-FOR-US: PunBB -CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 ...) +CVE-2006-5734 NOT-FOR-US: ATutor -CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and ...) +CVE-2006-5733 NOT-FOR-US: PostNuke -CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and ...) +CVE-2006-5732 NOT-FOR-US: T.G.S. CMS -CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...) +CVE-2006-5731 NOT-FOR-US: Lithium CMS -CVE-2006-5730 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5730 NOT-FOR-US: Modx CMS -CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum ...) +CVE-2006-5729 NOT-FOR-US: Yazd Discussion Forum -CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...) +CVE-2006-5728 NOT-FOR-US: XM Easy Personal FTP Server -CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...) +CVE-2006-5727 NOT-FOR-US: sazcart -CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to ...) +CVE-2006-5726 NOT-FOR-US: Solaris -CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to ...) +CVE-2006-5725 NOT-FOR-US: AEP Smartgate -CVE-2006-5724 (Heap-based buffer overflow the "Answering Service" function in ICQ ...) +CVE-2006-5724 NOT-FOR-US: ICQ -CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...) +CVE-2006-5723 NOT-FOR-US: DataparkSearch Engine -CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...) +CVE-2006-5722 NOT-FOR-US: Segue CMS -CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) ...) +CVE-2006-5721 NOT-FOR-US: Outpost Firewall PRO -CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the ...) +CVE-2006-5720 NOT-FOR-US: PHP-Nuke -CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...) +CVE-2006-5719 NOT-FOR-US: BytesFall Explorer (bfExplorer) -CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...) +CVE-2006-5718 - phpmyadmin 4:2.9.0.3-1 (low; bug #396638) [sarge] - phpmyadmin (Vulnerable code not present) -CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...) +CVE-2006-5717 NOT-FOR-US: Zend Google Data Client Library (ZendGData) -CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...) +CVE-2006-5716 NOT-FOR-US: FreeNews -CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS ...) +CVE-2006-5715 NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book -CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file ...) +CVE-2006-5714 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...) +CVE-2006-5713 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows ...) +CVE-2006-5712 NOT-FOR-US: Mirapoint WebMail -CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...) +CVE-2006-5711 NOT-FOR-US: ECI Telecom -CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...) +CVE-2006-5710 NOT-FOR-US: Apple Mac OS X -CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...) +CVE-2006-5709 NOT-FOR-US: Alt-N Technologies MDaemon -CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...) +CVE-2006-5708 NOT-FOR-US: Alt-N Technologies MDaemon -CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...) +CVE-2006-5707 NOT-FOR-US: PHPEasyData -CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...) +CVE-2006-5706 - php5 5.2.0-1 (unimportant) - php4 (unimportant) NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy -CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...) +CVE-2006-5705 - wordpress 2.0.5-0.1 -CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...) +CVE-2006-5704 NOT-FOR-US: HP -CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...) +CVE-2006-5703 - tikiwiki 1.9.6+dfsg-1 (low) -CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...) +CVE-2006-5702 - tikiwiki 1.9.6+dfsg-1 (medium) -CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel ...) +CVE-2006-5701 - linux-2.6 (Vulnerable code not present) - squashfs 1:3.1r2-6.1 NOTE: Mounting filesystem partitions should be limited to root @@ -3518,105 +3518,105 @@ CVE-2006-5683 REJECTED CVE-2006-5682 REJECTED -CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...) +CVE-2006-5681 NOT-FOR-US: QuickTime on Mac OS X -CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...) +CVE-2006-5680 - libarchive 1.3.1-1 (unimportant) -CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...) +CVE-2006-5679 - kfreebsd-5 (medium) [etch] - kfreebsd-5 (no security support for freebsd) -CVE-2006-5678 (** DISPUTED ** ...) +CVE-2006-5678 NOT-FOR-US: Les Visiteurs -CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...) +CVE-2006-5677 - torque 2.1.6-1 -CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert ...) +CVE-2006-5676 NOT-FOR-US: PhpLeague -CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...) +CVE-2006-5675 NOT-FOR-US: Pentaho Business Intelligence (BI) Suite -CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...) +CVE-2006-5674 NOT-FOR-US: miniBB -CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB ...) +CVE-2006-5673 NOT-FOR-US: miniBB -CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in ...) +CVE-2006-5672 NOT-FOR-US: MySource CMS -CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image ...) +CVE-2006-5671 NOT-FOR-US: Free Image Hosting -CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...) +CVE-2006-5670 NOT-FOR-US: Free Image Hosting -CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in ...) +CVE-2006-5669 NOT-FOR-US: Gepi -CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when ...) +CVE-2006-5668 NOT-FOR-US: Ampache -CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...) +CVE-2006-5667 NOT-FOR-US: P-Book -CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 ...) +CVE-2006-5666 NOT-FOR-US: E-Annu -CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in ...) +CVE-2006-5665 NOT-FOR-US: phpBB module Spider Friendly -CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...) +CVE-2006-5664 NOT-FOR-US: IBM Informix -CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...) +CVE-2006-5663 NOT-FOR-US: IBM Informix -CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows ...) +CVE-2006-5662 NOT-FOR-US: easy notesManager (eNM) -CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech ...) +CVE-2006-5661 NOT-FOR-US: Netquery -CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 ...) +CVE-2006-5660 NOT-FOR-US: Cisco -CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, ...) +CVE-2006-5659 NOT-FOR-US: PAM_extern -CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ...) +CVE-2006-5658 NOT-FOR-US: BlooMooWeb ActiveX control -CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 ...) +CVE-2006-5657 NOT-FOR-US: Vilistextum -CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum ...) +CVE-2006-5656 NOT-FOR-US: Vilistextum -CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows ...) +CVE-2006-5655 NOT-FOR-US: OpenDocMan -CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in ...) +CVE-2006-5654 NOT-FOR-US: Sun Java System Web Server -CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...) +CVE-2006-5653 NOT-FOR-US: Sun Java System Messenger Express -CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging ...) +CVE-2006-5652 NOT-FOR-US: Sun -CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to ...) +CVE-2006-5651 NOT-FOR-US: DigiOz Guestbook -CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...) +CVE-2006-5650 NOT-FOR-US: ICQPhone.SipxPhoneManager -CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling" ...) +CVE-2006-5649 {DSA-1237 DSA-1233} - linux-2.6 2.6.18-4 -CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...) +CVE-2006-5648 - linux-2.6 2.6.18-1 (low) -CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...) +CVE-2006-5647 NOT-FOR-US: Sophos -CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...) +CVE-2006-5646 NOT-FOR-US: Sophos -CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...) +CVE-2006-5645 NOT-FOR-US: Sophos CVE-2006-5644 RESERVED -CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...) +CVE-2006-5643 NOT-FOR-US: foresite CMS -CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown ...) +CVE-2006-5642 NOT-FOR-US: NmnLogger -CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams ...) +CVE-2006-5641 NOT-FOR-US: Techno Dreams -CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams ...) +CVE-2006-5640 NOT-FOR-US: Techno Dreams -CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ...) +CVE-2006-5639 NOT-FOR-US: OpenWBEM -CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing ...) +CVE-2006-5638 NOT-FOR-US: PHPMyRing -CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq ...) +CVE-2006-5637 NOT-FOR-US: Faq Administrator -CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple ...) +CVE-2006-5636 NOT-FOR-US: Simple Website Software -CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums ...) +CVE-2006-5635 NOT-FOR-US: Web Wiz Forums -CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...) +CVE-2006-5634 NOT-FOR-US: phpProfiles -CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...) +CVE-2006-5633 - firefox 45.0-1 (unimportant) - firefox-esr 45.0esr-1 (unimportant) - iceweasel (unimportant) @@ -3625,366 +3625,366 @@ CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attack - xulrunner (unimportant) - mozilla-firefox (unimportant) - mozilla-thunderbird (unimportant) -CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) +CVE-2006-5632 NOT-FOR-US: iG Shop -CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) +CVE-2006-5631 NOT-FOR-US: iG Shop -CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to ...) +CVE-2006-5630 NOT-FOR-US: Hosting Controller -CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 ...) +CVE-2006-5629 NOT-FOR-US: Hosting Controller -CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management ...) +CVE-2006-5628 NOT-FOR-US: UNISOR Content Management System (CMS) -CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...) +CVE-2006-5627 NOT-FOR-US: QnECMS -CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-5626 NOT-FOR-US: phpFaber -CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...) +CVE-2006-5625 NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS) -CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page ...) +CVE-2006-5624 NOT-FOR-US: Multi-Page Comment System (MPCS) -CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic ...) +CVE-2006-5623 NOT-FOR-US: Electronic Engineering Tool (EE Tool) -CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...) +CVE-2006-5622 NOT-FOR-US: Coppermine Photo Gallery -CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...) +CVE-2006-5621 NOT-FOR-US: ask_rave -CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...) +CVE-2006-5620 NOT-FOR-US: MiniBILL -CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in ...) +CVE-2006-5619 {DSA-1233} - linux-2.6 2.6.18-4 (low) -CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...) +CVE-2006-5618 NOT-FOR-US: Netref -CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...) +CVE-2006-5617 NOT-FOR-US: Thepeak File Upload Manager -CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...) +CVE-2006-5616 NOT-FOR-US: OpenPBS -CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...) +CVE-2006-5615 NOT-FOR-US: Textpattern -CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP ...) +CVE-2006-5614 NOT-FOR-US: Microsoft -CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming ...) +CVE-2006-5613 NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS) -CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...) +CVE-2006-5612 NOT-FOR-US: GestArt -CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ...) +CVE-2006-5611 NOT-FOR-US: Toshiba -CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php ...) +CVE-2006-5610 NOT-FOR-US: Teake Nutma Foing -CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...) +CVE-2006-5609 - torrentflux 2.1-5 (bug #395930; medium) -CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before ...) +CVE-2006-5608 NOT-FOR-US: Extended Tracker (xtracker) for Drupal -CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 ...) +CVE-2006-5607 NOT-FOR-US: INCA IM-204 -CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer ...) +CVE-2006-5606 NOT-FOR-US: BytesFall Explorer (bfExplorer) -CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-5605 NOT-FOR-US: phpCards -CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards ...) +CVE-2006-5604 NOT-FOR-US: phpCards -CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 ...) +CVE-2006-5603 NOT-FOR-US: Snitz Forums -CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores ...) +CVE-2006-5600 NOT-FOR-US: Axalto Protiva -CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) +CVE-2006-5599 NOT-FOR-US: Oracle -CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...) +CVE-2006-5598 NOT-FOR-US: GOOP Gallery -CVE-2006-5597 (join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows ...) +CVE-2006-5597 NOT-FOR-US: MiniHTTP Web Forum -CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate ...) +CVE-2006-5596 NOT-FOR-US: AEP Smartgate -CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark ...) +CVE-2006-5595 - wireshark 0.99.4-1 (bug #396258) -CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British ...) +CVE-2006-5594 NOT-FOR-US: iPeer -CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow ...) +CVE-2006-5593 NOT-FOR-US: Desknet's (niokeru) -CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...) +CVE-2006-5592 NOT-FOR-US: PacPoll -CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll ...) +CVE-2006-5591 NOT-FOR-US: PacPoll -CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach ...) +CVE-2006-5590 NOT-FOR-US: ArticleBeach Script -CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and ...) +CVE-2006-5589 NOT-FOR-US: LedgerSMB (LSMB) -CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 ...) +CVE-2006-5588 NOT-FOR-US: CMS Faethon -CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...) +CVE-2006-5587 NOT-FOR-US: MDweb -CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...) +CVE-2006-5586 NOT-FOR-US: Microsoft GDI -CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...) +CVE-2006-5585 NOT-FOR-US: Microsoft -CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...) +CVE-2006-5584 NOT-FOR-US: Microsoft -CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, ...) +CVE-2006-5583 NOT-FOR-US: Microsoft CVE-2006-5582 REJECTED -CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...) +CVE-2006-5581 NOT-FOR-US: Microsoft CVE-2006-5580 RESERVED -CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute ...) +CVE-2006-5579 NOT-FOR-US: Microsoft -CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to read ...) +CVE-2006-5578 NOT-FOR-US: Microsoft -CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain ...) +CVE-2006-5577 NOT-FOR-US: Microsoft CVE-2006-5576 REJECTED CVE-2006-5575 REJECTED -CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...) +CVE-2006-5574 NOT-FOR-US: Microsoft CVE-2006-5573 REJECTED CVE-2006-5572 REJECTED -CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...) +CVE-2006-5571 NOT-FOR-US: CruiseWorks -CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in ...) +CVE-2006-5570 NOT-FOR-US: CruiseWorks -CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which ...) +CVE-2006-5569 NOT-FOR-US: FtpXQ -CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of ...) +CVE-2006-5568 NOT-FOR-US: FtpXQ -CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before ...) +CVE-2006-5567 NOT-FOR-US: WinAmp -CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script ...) +CVE-2006-5566 NOT-FOR-US: Shop-Script -CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote ...) +CVE-2006-5565 NOT-FOR-US: MAXdev MD-Pro -CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro ...) +CVE-2006-5564 NOT-FOR-US: MAXdev MD-Pro -CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before ...) +CVE-2006-5563 NOT-FOR-US: Yahoo! Messenger -CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in ...) +CVE-2006-5562 NOT-FOR-US: SourceForge (gforge is not affected) -CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...) +CVE-2006-5561 NOT-FOR-US: Discuz! GBK -CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...) +CVE-2006-5560 NOT-FOR-US: ProgSys -CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...) +CVE-2006-5559 NOT-FOR-US: ADODB.Connection 2.7 ActiveX control -CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...) +CVE-2006-5558 NOT-FOR-US: HP-UX -CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify ...) +CVE-2006-5557 NOT-FOR-US: HP-UX -CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other ...) +CVE-2006-5556 NOT-FOR-US: swask -CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in ...) +CVE-2006-5555 NOT-FOR-US: EPNadmin -CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...) +CVE-2006-5554 NOT-FOR-US: Imageview -CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...) +CVE-2006-5553 NOT-FOR-US: Cisco -CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...) +CVE-2006-5552 NOT-FOR-US: RevilloC MailServer -CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...) +CVE-2006-5551 NOT-FOR-US: QK SMTP -CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...) +CVE-2006-5550 - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) -CVE-2006-5549 (** DISPUTED ** ...) +CVE-2006-5549 NOT-FOR-US: Adobe PHP SDK -CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) +CVE-2006-5548 NOT-FOR-US: Open Tibia Server Content Management System -CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) +CVE-2006-5547 NOT-FOR-US: Open Tibia Server Content Management System -CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) +CVE-2006-5546 NOT-FOR-US: Open Tibia Server Content Management System -CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x ...) +CVE-2006-5545 NOT-FOR-US: Symantec -CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 ...) +CVE-2006-5544 NOT-FOR-US: Microsoft -CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...) +CVE-2006-5543 NOT-FOR-US: PHP Generator of Object SQL Database -CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...) +CVE-2006-5542 - postgresql-8.1 8.1.5-1 (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. -CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...) +CVE-2006-5541 - postgresql-7.4 1:7.4.14-1 (unimportant) - postgresql-8.1 8.1.5-1 (unimportant) [sarge] - postgresql (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. -CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...) +CVE-2006-5540 - postgresql-8.1 8.1.5-1 (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. -CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...) +CVE-2006-5539 NOT-FOR-US: UeberProject Management System -CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...) +CVE-2006-5538 NOT-FOR-US: D-Link -CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm ...) +CVE-2006-5537 NOT-FOR-US: D-Link -CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...) +CVE-2006-5536 NOT-FOR-US: D-Link -CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...) +CVE-2006-5535 NOT-FOR-US: WebHostManager cPanel -CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in ...) +CVE-2006-5534 NOT-FOR-US: Zwahlen Online Shop Freeware -CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...) +CVE-2006-5533 NOT-FOR-US: AROUNDMe -CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...) +CVE-2006-5532 NOT-FOR-US: RMSOFT Gallery System -CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended ...) +CVE-2006-5531 NOT-FOR-US: Ascended Guestbook -CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...) +CVE-2006-5530 NOT-FOR-US: SimpNews -CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-5529 NOT-FOR-US: SchoolAlumni Portal -CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal ...) +CVE-2006-5528 NOT-FOR-US: SchoolAlumni Portal -CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in ...) +CVE-2006-5527 NOT-FOR-US: InteliEditor -CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...) +CVE-2006-5526 NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing -CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...) +CVE-2006-5525 NOT-FOR-US: PHP-Nuke -CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...) +CVE-2006-5524 NOT-FOR-US: phplist -CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket ...) +CVE-2006-5523 NOT-FOR-US: EZ-Ticket -CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...) +CVE-2006-5522 NOT-FOR-US: Kawf -CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...) +CVE-2006-5521 NOT-FOR-US: Net_DNS -CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...) +CVE-2006-5520 NOT-FOR-US: PHP Classifieds -CVE-2006-5519 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5519 - egroupware (there is no path variable used to include plugin.php) -CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...) +CVE-2006-5518 NOT-FOR-US: RSSonate -CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...) +CVE-2006-5517 NOT-FOR-US: Open Meetings Filing Application -CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-5516 NOT-FOR-US: WikiNi -CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...) +CVE-2006-5515 NOT-FOR-US: phpPgAds / phpAdsNew -CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...) +CVE-2006-5514 NOT-FOR-US: Web Group Communication -CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...) +CVE-2006-5513 NOT-FOR-US: GeoNetwork opensource -CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...) +CVE-2006-5740 - wireshark 0.99.4-1 (bug #396258; medium) -CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...) +CVE-2006-5602 - xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium) -CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in ...) +CVE-2006-5601 - xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium) CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities] - mysql-dfsg-5.0 5.0.26-1 (low) -CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...) +CVE-2006-5512 NOT-FOR-US: Zwahlen Online Shop -CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...) +CVE-2006-5511 NOT-FOR-US: JaxUltraBB -CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...) +CVE-2006-5510 NOT-FOR-US: Pexplorer -CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...) +CVE-2006-5509 NOT-FOR-US: Burning Book -CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...) +CVE-2006-5508 NOT-FOR-US: Burning Book -CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...) +CVE-2006-5507 NOT-FOR-US: Der Dirigent -CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...) +CVE-2006-5506 NOT-FOR-US: WiClear -CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...) +CVE-2006-5505 NOT-FOR-US: 2BGal -CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) +CVE-2006-5504 NOT-FOR-US: Simple Machines Forum -CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) +CVE-2006-5503 NOT-FOR-US: Simple Machines Forum -CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...) +CVE-2006-5502 NOT-FOR-US: AOL Security Edition -CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...) +CVE-2006-5501 NOT-FOR-US: AOL Security Edition -CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...) +CVE-2006-5500 NOT-FOR-US: XchangeBoard -CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...) +CVE-2006-5499 - serendipity 1.0.2-1 -CVE-2006-5498 (Directory traversal vulnerability in ...) +CVE-2006-5498 NOT-FOR-US: Segue CMS -CVE-2006-5497 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5497 NOT-FOR-US: Segue CMS -CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...) +CVE-2006-5496 NOT-FOR-US: Timothy Claason KnowledgeBank -CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...) +CVE-2006-5495 NOT-FOR-US: Trawler Web CMS -CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...) +CVE-2006-5494 NOT-FOR-US: pandaBB for PHP-Nuke -CVE-2006-5493 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5493 NOT-FOR-US: DigitalHive -CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...) +CVE-2006-5492 NOT-FOR-US: Maarch -CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...) +CVE-2006-5491 NOT-FOR-US: UltraCMS -CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...) +CVE-2006-5490 NOT-FOR-US: Segue CMS -CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...) +CVE-2006-5489 NOT-FOR-US: RIM BlackBerry Enterprise Server -CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...) +CVE-2006-5488 NOT-FOR-US: XchangeBoard -CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, ...) +CVE-2006-5487 NOT-FOR-US: Marshal MailMarshal SMTP -CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...) +CVE-2006-5486 NOT-FOR-US: Sun Java System Messaging Server -CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...) +CVE-2006-5485 NOT-FOR-US: SpeedBerg -CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...) +CVE-2006-5484 NOT-FOR-US: SSH Tectia -CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...) +CVE-2006-5483 - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) -CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...) +CVE-2006-5482 - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) -CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor ...) +CVE-2006-5481 NOT-FOR-US: Castor -CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in 2le.net ...) +CVE-2006-5480 NOT-FOR-US: Castor -CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...) +CVE-2006-5479 NOT-FOR-US: Novell eDirectory -CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x ...) +CVE-2006-5478 NOT-FOR-US: Novell eDirectory -CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...) +CVE-2006-5477 - drupal (Our version of drupal is too old) -CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...) +CVE-2006-5476 - drupal (Our version of drupal is too old) -CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...) +CVE-2006-5475 - drupal (Our version of drupal is too old) -CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ...) +CVE-2006-5474 NOT-FOR-US: OneOrZero Helpdesk -CVE-2006-5473 (** DISPUTED ** ...) +CVE-2006-5473 NOT-FOR-US: Softerra PHP Developer Library -CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...) +CVE-2006-5472 NOT-FOR-US: Softerra PHP Developer Library -CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...) +CVE-2006-5471 NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5470 REJECTED -CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark ...) +CVE-2006-5469 - wireshark 0.99.4-1 (bug #396258; medium) -CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) +CVE-2006-5468 - wireshark 0.99.4-1 (bug #396258; medium) -CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...) +CVE-2006-5467 {DSA-1235-1 DSA-1234-1} - ruby1.8 1.8.5-3 (low; bug #398457) - ruby1.9 1.9.0+20070606-1 (low) [etch] - ruby1.9 (Minor issue) -CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...) +CVE-2006-5466 - rpm 4.4.1-11 (low; bug #397076) [sarge] - rpm (You need to trust the RPMs you're installing) NOTE: Only hypothetical, far-fetched attacks feasible -CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...) +CVE-2006-5465 {DSA-1206-1} - php4 4:4.4.4-4 (high; bug #396764) - php5 5.1.6-6 (high; bug #396766) -CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...) +CVE-2006-5464 {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-65 - firefox 45.0-1 (low) @@ -3993,7 +3993,7 @@ CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozi - icedove 1.5.0.8-1 (low) - mozilla (low) - xulrunner 1.8.0.8-1 (low) -CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) +CVE-2006-5463 {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-67 - firefox 45.0-1 (high) @@ -4002,7 +4002,7 @@ CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) - icedove 1.5.0.8-1 (medium) - mozilla (high) - xulrunner 1.8.0.8-1 (high) -CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) +CVE-2006-5462 {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-66 NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340 @@ -4013,284 +4013,284 @@ CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as - icedove 1.5.0.8-1 (medium) - mozilla (high) - xulrunner 1.8.0.8-1 (high) -CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...) +CVE-2006-5461 - avahi 0.6.15-1 (low) CVE-2006-XXXX [diffmon information leakage] - diffmon 20020222-2.2 (bug #382132) -CVE-2006-5460 (** DISPUTED ** ...) +CVE-2006-5460 NOT-FOR-US: phpht Topsites -CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) +CVE-2006-5459 NOT-FOR-US: Download-Engine -CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) +CVE-2006-5458 NOT-FOR-US: phpht Topsites -CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2006-5457 NOT-FOR-US: Casino Script (Masvet) -CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...) +CVE-2006-5456 {DSA-1213} - graphicsmagick 1.1.7-9 (medium) - imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025) -CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...) +CVE-2006-5455 - bugzilla 2.22.1-1 (bug #395094; low) [sarge] - bugzilla (CSRF infrastructure not present, too intrusive to backport) -CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...) +CVE-2006-5454 - bugzilla 2.22.1-1 (bug #395094; low) [sarge] - bugzilla (Vulnerable code not present) -CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...) +CVE-2006-5453 {DSA-1208-1} - bugzilla 2.22.1-1 (bug #395094; low) -CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...) +CVE-2006-5452 NOT-FOR-US: HP Tru64 -CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...) +CVE-2006-5451 - torrentflux 2.1-5 (bug #395099; low) -CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...) +CVE-2006-5450 NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS -CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...) +CVE-2006-5449 {DSA-1204-1} - ingo1 1.1.2-1 (bug #396099) -CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...) +CVE-2006-5448 NOT-FOR-US: Microsoft -CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...) +CVE-2006-5447 NOT-FOR-US: DEV Web Management System (WMS) -CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...) +CVE-2006-5446 NOT-FOR-US: Casinosoft Casino Script (aka Masvet) -CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...) +CVE-2006-5445 - asterisk 1:1.2.13~dfsg-1 (medium; bug #395080) -CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...) +CVE-2006-5444 {DSA-1229-1} - asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025) -CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...) +CVE-2006-5443 - wims 3.60-1 (bug #395102) -CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...) +CVE-2006-5442 - viewvc 1.0.3-1 (medium; bug #397669) -CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...) +CVE-2006-5441 NOT-FOR-US: Comdev Web Blogger -CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) +CVE-2006-5440 NOT-FOR-US: Comdev Web Blogger -CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) +CVE-2006-5439 NOT-FOR-US: Comdev Web Blogger -CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) +CVE-2006-5438 NOT-FOR-US: Comdev Web Blogger -CVE-2006-5437 (** DISPUTED ** ...) +CVE-2006-5437 NOT-FOR-US: phpAdsNew -CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...) +CVE-2006-5436 NOT-FOR-US: FreeFAQ -CVE-2006-5435 (** DISPUTED ** ...) +CVE-2006-5435 - phpbb2 (not vulnerable) -CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 ...) +CVE-2006-5434 NOT-FOR-US: P-News -CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...) +CVE-2006-5433 NOT-FOR-US: ALiCE-CMS -CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...) +CVE-2006-5432 NOT-FOR-US: phpPowerCards -CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...) +CVE-2006-5431 NOT-FOR-US: PHPOutsourcing Zorum -CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...) +CVE-2006-5430 NOT-FOR-US: db-central (dbc) Enterprise CMS -CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...) +CVE-2006-5429 NOT-FOR-US: BRIM -CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...) +CVE-2006-5428 NOT-FOR-US: Cerberus Helpdesk -CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...) +CVE-2006-5427 NOT-FOR-US: Php AMX -CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...) +CVE-2006-5426 NOT-FOR-US: LoCal Calendar System -CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...) +CVE-2006-5425 NOT-FOR-US: XORP (eXtensible Open Router Platform) -CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...) +CVE-2006-5424 NOT-FOR-US: Justsystem Ichitaro -CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...) +CVE-2006-5423 NOT-FOR-US: Lou Portail -CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...) +CVE-2006-5422 NOT-FOR-US: Lodel -CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...) +CVE-2006-5421 NOT-FOR-US: WSN Forum -CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...) +CVE-2006-5420 NOT-FOR-US: Kerio WinRoute Firewall -CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...) +CVE-2006-5419 NOT-FOR-US: Specimen Image Database (SID) -CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...) +CVE-2006-5418 NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB -CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...) +CVE-2006-5417 NOT-FOR-US: McAfee -CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...) +CVE-2006-5416 NOT-FOR-US: F5 -CVE-2006-5415 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5415 NOT-FOR-US: News Defilante Horizontale -CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...) +CVE-2006-5414 NOT-FOR-US: Barry Nauta BRIM -CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...) +CVE-2006-5413 NOT-FOR-US: SuperMod for YABB (YaBBSM) -CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...) +CVE-2006-5412 NOT-FOR-US: PHP Outburst Easynews -CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...) +CVE-2006-5411 NOT-FOR-US: Free Web Publishing System (FreeWPS) -CVE-2006-5410 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5410 NOT-FOR-US: BoonEx Dolphin -CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...) +CVE-2006-5409 NOT-FOR-US: Highwall Enterprise and Highwall Endpoint -CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...) +CVE-2006-5408 NOT-FOR-US: Highwall Enterprise and Highwall Endpoint -CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...) +CVE-2006-5407 NOT-FOR-US: osTicket -CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...) +CVE-2006-5406 NOT-FOR-US: Passgo Defender -CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...) +CVE-2006-5405 NOT-FOR-US: Toshiba Bluetooth wireless device driver -CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...) +CVE-2006-5404 NOT-FOR-US: Symantec -CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...) +CVE-2006-5403 NOT-FOR-US: Symantec -CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...) +CVE-2006-5402 NOT-FOR-US: PHPMyBibli -CVE-2006-5401 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5401 NOT-FOR-US: AROUNDMe -CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...) +CVE-2006-5400 NOT-FOR-US: CyberBrau -CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...) +CVE-2006-5399 NOT-FOR-US: PHPRecipeBook -CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...) +CVE-2006-5398 NOT-FOR-US: Simplog -CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...) +CVE-2006-5397 - libx11 2:1.0.3-3 (low; bug #398460) -CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...) +CVE-2006-5396 NOT-FOR-US: Sun Solaris -CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...) +CVE-2006-5395 NOT-FOR-US: Microsoft -CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...) +CVE-2006-5394 NOT-FOR-US: Cisco -CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...) +CVE-2006-5393 NOT-FOR-US: Cisco -CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...) +CVE-2006-5392 NOT-FOR-US: OpenDock FullCore -CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...) +CVE-2006-5391 NOT-FOR-US: Xfire -CVE-2006-5390 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5390 NOT-FOR-US: ACP User Registration (MMW) module for phpBB -CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...) +CVE-2006-5389 NOT-FOR-US: PHP-Wyana -CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...) +CVE-2006-5388 NOT-FOR-US: WebSPELL -CVE-2006-5387 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5387 NOT-FOR-US: PlusXL phpBB module -CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...) +CVE-2006-5386 NOT-FOR-US: NuralStorm Webmail -CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...) +CVE-2006-5385 NOT-FOR-US: SpamOborona phpBB module -CVE-2006-5384 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5384 NOT-FOR-US: CDS Agenda -CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...) +CVE-2006-5383 NOT-FOR-US: Def-Blog -CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...) +CVE-2006-5382 NOT-FOR-US: 3Com CVE-2006-XXXX [unspecified steam cache vulnerability] - steam (affects the old steam environment for corporate knowledge management package shipped in lenny and before, not the new Valve steam package) -CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...) +CVE-2006-5381 NOT-FOR-US: Contenido CMS -CVE-2006-5380 (** DISPUTED ** ...) +CVE-2006-5380 NOT-FOR-US: Contenido CMS -CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...) +CVE-2006-5379 - nvidia-graphics-drivers 1.0.8776-1 (bug #393573) [sarge] - nvidia-graphics-drivers (1.0.7174 not affected) NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971 -CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...) +CVE-2006-5378 NOT-FOR-US: EnterpriseOne -CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...) +CVE-2006-5377 NOT-FOR-US: PeopleSoft -CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in ...) +CVE-2006-5376 NOT-FOR-US: PeopleSoft -CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in ...) +CVE-2006-5375 NOT-FOR-US: PeopleSoft -CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...) +CVE-2006-5374 NOT-FOR-US: Oracle -CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle ...) +CVE-2006-5373 NOT-FOR-US: Oracle -CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) +CVE-2006-5372 NOT-FOR-US: Oracle -CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle ...) +CVE-2006-5371 NOT-FOR-US: Oracle -CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) +CVE-2006-5370 NOT-FOR-US: Oracle -CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in ...) +CVE-2006-5369 NOT-FOR-US: Oracle -CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle ...) +CVE-2006-5368 NOT-FOR-US: Oracle -CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...) +CVE-2006-5367 NOT-FOR-US: Oracle -CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) +CVE-2006-5366 NOT-FOR-US: Oracle -CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...) +CVE-2006-5365 NOT-FOR-US: Oracle -CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) +CVE-2006-5364 NOT-FOR-US: Oracle -CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) +CVE-2006-5363 NOT-FOR-US: Oracle -CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) +CVE-2006-5362 NOT-FOR-US: Oracle -CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle ...) +CVE-2006-5361 NOT-FOR-US: Oracle -CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle ...) +CVE-2006-5360 NOT-FOR-US: Oracle -CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer ...) +CVE-2006-5359 NOT-FOR-US: Oracle -CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle ...) +CVE-2006-5358 NOT-FOR-US: Oracle -CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...) +CVE-2006-5357 NOT-FOR-US: Oracle -CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) +CVE-2006-5356 NOT-FOR-US: Oracle -CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) +CVE-2006-5355 NOT-FOR-US: Oracle -CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...) +CVE-2006-5354 NOT-FOR-US: Oracle -CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...) +CVE-2006-5353 NOT-FOR-US: Oracle -CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...) +CVE-2006-5352 NOT-FOR-US: Oracle -CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express ...) +CVE-2006-5351 NOT-FOR-US: Oracle -CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...) +CVE-2006-5350 NOT-FOR-US: Oracle -CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...) +CVE-2006-5349 NOT-FOR-US: Oracle -CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle ...) +CVE-2006-5348 NOT-FOR-US: Oracle -CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...) +CVE-2006-5347 NOT-FOR-US: Oracle -CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in ...) +CVE-2006-5346 NOT-FOR-US: Oracle -CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) +CVE-2006-5345 NOT-FOR-US: Oracle -CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...) +CVE-2006-5344 NOT-FOR-US: Oracle -CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle ...) +CVE-2006-5343 NOT-FOR-US: Oracle -CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) +CVE-2006-5342 NOT-FOR-US: Oracle -CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle ...) +CVE-2006-5341 NOT-FOR-US: Oracle -CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...) +CVE-2006-5340 NOT-FOR-US: Oracle -CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) +CVE-2006-5339 NOT-FOR-US: Oracle -CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2006-5338 NOT-FOR-US: Oracle -CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2006-5337 NOT-FOR-US: Oracle -CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC) ...) +CVE-2006-5336 NOT-FOR-US: Oracle -CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) +CVE-2006-5335 NOT-FOR-US: Oracle -CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) +CVE-2006-5334 NOT-FOR-US: Oracle -CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle ...) +CVE-2006-5333 NOT-FOR-US: Oracle -CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for ...) +CVE-2006-5332 NOT-FOR-US: Oracle -CVE-2006-5331 (The altivec_unavailable_exception function in ...) +CVE-2006-5331 - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/6c4841c2b6c32a134f9f36e5e08857138cc12b10 (2.6.19-rc3) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=213229 -CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and ...) +CVE-2006-5330 - flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium) NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version) NOTE: or not but it's fix in 9.0.31.0.1 for sure. @@ -4298,748 +4298,748 @@ CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 [etch] - flashplugin-nonfree (Contrib not supported, only installer package) CVE-2006-5329 REJECTED -CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...) +CVE-2006-5328 NOT-FOR-US: OpenBase SQL -CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...) +CVE-2006-5327 NOT-FOR-US: OpenBase SQL -CVE-2006-5326 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5326 NOT-FOR-US: Prillian French module for phpBB -CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz ...) +CVE-2006-5325 NOT-FOR-US: dwingmods for phpBB -CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM ...) +CVE-2006-5324 NOT-FOR-US: IBM WebSphere -CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before ...) +CVE-2006-5323 NOT-FOR-US: IBM WebSphere -CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...) +CVE-2006-5322 NOT-FOR-US: phplist -CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...) +CVE-2006-5321 NOT-FOR-US: phplist -CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...) +CVE-2006-5320 NOT-FOR-US: Album Photo Sans Nom -CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...) +CVE-2006-5319 NOT-FOR-US: Foafgen -CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...) +CVE-2006-5318 NOT-FOR-US: Nayco JASmine -CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...) +CVE-2006-5317 NOT-FOR-US: eboli -CVE-2006-5316 (registroTL stores sensitive information under the web root with ...) +CVE-2006-5316 NOT-FOR-US: registroTL -CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...) +CVE-2006-5315 NOT-FOR-US: registroTL -CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...) +CVE-2006-5314 NOT-FOR-US: TribunaLibre -CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...) +CVE-2006-5313 - hastymail -CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...) +CVE-2006-5312 NOT-FOR-US: Ajax Shoutbox -CVE-2006-5311 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5311 NOT-FOR-US: Buzlas -CVE-2006-5310 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5310 NOT-FOR-US: phpMyConferences -CVE-2006-5309 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5309 NOT-FOR-US: Prillian French module for phpBB -CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...) +CVE-2006-5308 NOT-FOR-US: Open Conference Systems -CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...) +CVE-2006-5307 NOT-FOR-US: AFGB GUESTBOOK -CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...) +CVE-2006-5306 NOT-FOR-US: Journals System module for phpBB -CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...) +CVE-2006-5305 NOT-FOR-US: lat2cyr -CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...) +CVE-2006-5304 NOT-FOR-US: IncCMS Core -CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...) +CVE-2006-5303 NOT-FOR-US: Secure Computing SafeWord RemoteAccess -CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...) +CVE-2006-5302 NOT-FOR-US: Redaction System -CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...) +CVE-2006-5301 NOT-FOR-US: SpamBlockerMODv module for phpBB -CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...) +CVE-2006-5300 NOT-FOR-US: HP -CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-5299 NOT-FOR-US: Gcontact -CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...) +CVE-2006-5298 - mutt 1.5.13-1.1 (bug #396104; low) [sarge] - mutt (Minor issue, tmp dirs on NFS cause problems in many scenarios) -CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...) +CVE-2006-5297 - mutt 1.5.13-1.1 (bug #396104; low) [sarge] - mutt (Minor issue, tmp dirs on NFS cause problems in many scenarios) -CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...) +CVE-2006-5296 NOT-FOR-US: Microsoft -CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...) +CVE-2006-5294 NOT-FOR-US: phplist -CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2006-5293 NOT-FOR-US: PhpOutsourcing Noah's Classifieds -CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...) +CVE-2006-5292 NOT-FOR-US: Exhibit Engine -CVE-2006-5291 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5291 NOT-FOR-US: Download-Engine -CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...) +CVE-2006-5290 NOT-FOR-US: Xerox WorkCentre -CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...) +CVE-2006-5289 NOT-FOR-US: Vtiger CRM -CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...) +CVE-2006-5288 NOT-FOR-US: Cisco -CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...) +CVE-2006-5287 NOT-FOR-US: Xeobook -CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...) +CVE-2006-5286 NOT-FOR-US: Novell BorderManager -CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...) +CVE-2006-5285 NOT-FOR-US: XeoPort -CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...) +CVE-2006-5284 NOT-FOR-US: PHP News Reader (aka pnews) -CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...) +CVE-2006-5283 NOT-FOR-US: Minichat -CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...) +CVE-2006-5282 NOT-FOR-US: SH-News -CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...) +CVE-2006-5281 NOT-FOR-US: n@board -CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...) +CVE-2006-5280 NOT-FOR-US: communityPortals CVE-2006-5279 RESERVED -CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...) +CVE-2006-5278 NOT-FOR-US: Cisco -CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...) +CVE-2006-5277 NOT-FOR-US: Cisco -CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...) +CVE-2006-5276 - snort (snort versions 2.3.x do not contain the DCE RPC preprocessor) CVE-2006-5275 RESERVED -CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...) +CVE-2006-5274 NOT-FOR-US: McAfee -CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...) +CVE-2006-5273 NOT-FOR-US: McAfee -CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...) +CVE-2006-5272 NOT-FOR-US: McAfee -CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...) +CVE-2006-5271 NOT-FOR-US: McAfee -CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...) +CVE-2006-5270 NOT-FOR-US: Microsoft -CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) +CVE-2006-5269 NOT-FOR-US: Trend Micro -CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 ...) +CVE-2006-5268 NOT-FOR-US: Trend Micro CVE-2006-5267 RESERVED -CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...) +CVE-2006-5266 NOT-FOR-US: Microsoft issue -CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great ...) +CVE-2006-5265 NOT-FOR-US: Microsoft issue -CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...) +CVE-2006-5264 NOT-FOR-US: MysqlDumper -CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...) +CVE-2006-5263 NOT-FOR-US: phpMyAgenda -CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...) +CVE-2006-5262 - hastymail -CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...) +CVE-2006-5261 NOT-FOR-US: PHPMyNews -CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...) +CVE-2006-5260 NOT-FOR-US: Compteur 2 -CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...) +CVE-2006-5259 NOT-FOR-US: Compteur 2 -CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...) +CVE-2006-5258 NOT-FOR-US: Asbru Web Content Management -CVE-2006-5257 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5257 NOT-FOR-US: Ciamos Content Management System -CVE-2006-5256 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5256 NOT-FOR-US: Claroline -CVE-2006-5255 (** DISPUTED ** ...) +CVE-2006-5255 NOT-FOR-US: gCards -CVE-2006-5254 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5254 NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed -CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana ...) +CVE-2006-5253 NOT-FOR-US: phpOnline (aka PHP-Online) -CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in ...) +CVE-2006-5252 NOT-FOR-US: Webmedia Explorer -CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...) +CVE-2006-5251 NOT-FOR-US: Deep CMS -CVE-2006-5250 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5250 NOT-FOR-US: BlueShoes -CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in ...) +CVE-2006-5249 NOT-FOR-US: TagIt! Tagboard -CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with ...) +CVE-2006-5248 NOT-FOR-US: Eazy Cart -CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...) +CVE-2006-5247 NOT-FOR-US: Eazy Cart -CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...) +CVE-2006-5246 NOT-FOR-US: Eazy Cart -CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...) +CVE-2006-5245 NOT-FOR-US: Eazy Cart -CVE-2006-5244 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...) +CVE-2006-5244 NOT-FOR-US: Easy Blog -CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...) +CVE-2006-5243 NOT-FOR-US: Easy Blog -CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...) +CVE-2006-5242 NOT-FOR-US: Etomite Content Management System -CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...) +CVE-2006-5241 NOT-FOR-US: Easy Gallery -CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in ...) +CVE-2006-5240 NOT-FOR-US: Docmint -CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 ...) +CVE-2006-5239 NOT-FOR-US: eXpBlog -CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley ...) +CVE-2006-5238 NOT-FOR-US: Blue Smiley Organizer -CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 ...) +CVE-2006-5237 NOT-FOR-US: Blue Smiley Organizer -CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows ...) +CVE-2006-5236 NOT-FOR-US: 4images -CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...) +CVE-2006-5235 NOT-FOR-US: Dimension of phpBB -CVE-2006-5234 (** DISPUTED ** ...) +CVE-2006-5234 NOT-FOR-US: phpWebSite -CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version ...) +CVE-2006-5233 NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone -CVE-2006-5232 (** DISPUTED ** ...) +CVE-2006-5232 NOT-FOR-US: iSearch -CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, ...) +CVE-2006-5231 NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone -CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...) +CVE-2006-5230 NOT-FOR-US: FreeForum -CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...) +CVE-2006-5295 {DSA-1196-1} - clamav 0.88.5-1 (high; bug #393445) -CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...) +CVE-2006-5229 NOTE: This issues depends on the stack of selected authentication modules, while NOTE: some are resilient against such timing attacks, some aren't NOTE: This is inside responsibility of an admin -CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...) +CVE-2006-5228 NOT-FOR-US: ackerTodo -CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux ...) +CVE-2006-5227 - torrentflux 2.1-4 (bug #392501; low) -CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in ...) +CVE-2006-5226 NOT-FOR-US: Freenews -CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...) +CVE-2006-5225 NOT-FOR-US: AAIportal -CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php ...) +CVE-2006-5224 NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB -CVE-2006-5223 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5223 NOT-FOR-US: User Viewed Posts Tracker module for phpBB -CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of ...) +CVE-2006-5222 NOT-FOR-US: Dimension of phpBB -CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow ...) +CVE-2006-5221 NOT-FOR-US: Cahier de textes -CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, ...) +CVE-2006-5220 NOT-FOR-US: WebYep -CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...) +CVE-2006-5219 - moodle 1.6.2+20060930-1 (medium; bug #390294) [sarge] - moodle (Vulnerable code not present) -CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...) +CVE-2006-5218 NOT-FOR-US: systrace in OpenBSD and NetBSD -CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...) +CVE-2006-5217 NOT-FOR-US: Emek Portal -CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...) +CVE-2006-5216 NOT-FOR-US: Simple HTTPD -CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...) +CVE-2006-5215 - xdm 1:1.0.5-1 (low) [sarge] - xfree86 (Minor issue) NOTE: probably fixed earlier than 1:1.0.5 -CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...) +CVE-2006-5214 - xdm 1:1.0.5-1 (low) - xorg 1:7.1.0-13 (low) [sarge] - xfree86 (Minor issue) NOTE: probably fixed earlier than 1:1.0.5 -CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient ...) +CVE-2006-5213 NOT-FOR-US: Solaris -CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) +CVE-2006-5212 NOT-FOR-US: Trend Micro OfficeScan -CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) +CVE-2006-5211 NOT-FOR-US: Trend Micro OfficeScan -CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 ...) +CVE-2006-5210 NOT-FOR-US: IronWebMail -CVE-2006-5209 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5209 NOT-FOR-US: Admin Topic Action Logging Mod for phpBB -CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...) +CVE-2006-5208 NOT-FOR-US: PHP Classifieds -CVE-2006-5207 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5207 NOT-FOR-US: phpMyTeam -CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...) +CVE-2006-5206 NOT-FOR-US: Invision Gallery -CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...) +CVE-2006-5205 NOT-FOR-US: Invision Gallery -CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...) +CVE-2006-5204 NOT-FOR-US: Invision Power Board (IPB) -CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...) +CVE-2006-5203 NOT-FOR-US: Invision Power Board (IPB) -CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...) +CVE-2006-5202 NOT-FOR-US: Linksys -CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...) +CVE-2006-5201 - sun-java5 1.5.0-10-1 (bug #393042) NOTE: this is similar to CVE-2006-4339 -CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...) +CVE-2006-5200 NOT-FOR-US: Adobe -CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...) +CVE-2006-5199 NOT-FOR-US: Adobe -CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ...) +CVE-2006-5198 NOT-FOR-US: WinZip -CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...) +CVE-2006-5197 NOT-FOR-US: PDshopPro -CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...) +CVE-2006-5196 NOT-FOR-US: Motorola SURFboard -CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...) +CVE-2006-5195 NOT-FOR-US: Wheatblog -CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...) +CVE-2006-5194 NOT-FOR-US: net2ftp -CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...) +CVE-2006-5193 NOT-FOR-US: WikyBlog -CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...) +CVE-2006-5192 NOT-FOR-US: phpGreetz -CVE-2006-5191 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5191 NOT-FOR-US: Nivisec Static Topics module for phpBB -CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...) +CVE-2006-5190 NOT-FOR-US: osCommerce -CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...) +CVE-2006-5189 NOT-FOR-US: klinza professional cms -CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...) +CVE-2006-5188 NOT-FOR-US: webGENEius GOOP Gallery -CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...) +CVE-2006-5187 NOT-FOR-US: Bulletin Board Ace (BBaCE) -CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...) +CVE-2006-5186 NOT-FOR-US: phpMyProfiler -CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...) +CVE-2006-5185 NOT-FOR-US: HAMweather -CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...) +CVE-2006-5184 NOT-FOR-US: PKR Internet Taskjitsu -CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...) +CVE-2006-5183 NOT-FOR-US: Dayfox Blog -CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...) +CVE-2006-5182 NOT-FOR-US: Travelsized CMS -CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...) +CVE-2006-5181 NOT-FOR-US: phpMyWebmin -CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...) +CVE-2006-5180 NOT-FOR-US: Newswriter SW -CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...) +CVE-2006-5179 NOT-FOR-US: Intoto iGateway -CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...) +CVE-2006-5178 - php5 5.2.0-1 (bug #391281; unimportant) - php4 4:4.4.4-1 (bug #391282; unimportant) NOTE: open_basedir is not supported -CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...) +CVE-2006-5177 NOT-FOR-US: MailEnable Professional -CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...) +CVE-2006-5176 NOT-FOR-US: MailEnable Professional -CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) +CVE-2006-5175 NOT-FOR-US: TeraStation HD-HTGL -CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 ...) +CVE-2006-5174 {DSA-1237 DSA-1233} - linux-2.6 2.6.18-5 NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4 -CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...) +CVE-2006-5173 - linux-2.6 2.6.18-1 -CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...) +CVE-2006-5172 NOT-FOR-US: Computer Associates (CA) Brightstor -CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...) +CVE-2006-5171 NOT-FOR-US: Computer Associates (CA) Brightstor -CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...) +CVE-2006-5170 {DSA-1203-1} - libpam-ldap 180-1.2 (bug #392984; medium) -CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...) +CVE-2006-5169 NOT-FOR-US: PowerPortal -CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...) +CVE-2006-5168 NOT-FOR-US: Pebble CVE-2006-XXXX [zabbix format string vulnerabilities] - zabbix 1:1.1.2-4 (bug #391388) CVE-2006-XXXX [zabbix buffer overflows] - zabbix 1:1.1.2-4 (bug #391388) -CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...) +CVE-2006-5167 NOT-FOR-US: BasiliX -CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...) +CVE-2006-5166 NOT-FOR-US: PHP Web Scripts Easy Banner Free -CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) +CVE-2006-5165 NOT-FOR-US: Skrypty PPA Gallery -CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...) +CVE-2006-5164 NOT-FOR-US: digiSHOP -CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...) +CVE-2006-5163 NOT-FOR-US: IBM -CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...) +CVE-2006-5162 NOT-FOR-US: Microsoft -CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...) +CVE-2006-5161 NOT-FOR-US: IBM -CVE-2006-5160 (** DISPUTED ** ...) +CVE-2006-5160 - firefox (no real issues) -CVE-2006-5159 (** DISPUTED ** ...) +CVE-2006-5159 NOT-FOR-US: Bogus Firefox issue -CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...) +CVE-2006-5158 - linux-2.6 2.6.15 -CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) +CVE-2006-5157 NOT-FOR-US: TrendMicro OfficeScan -CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...) +CVE-2006-5156 NOT-FOR-US: McAfee -CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...) +CVE-2006-5155 NOT-FOR-US: VideoDB -CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...) +CVE-2006-5154 NOT-FOR-US: DeluxeBB -CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...) +CVE-2006-5153 NOT-FOR-US: Kerio Personal Firewall -CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) +CVE-2006-5152 NOT-FOR-US: Microsoft -CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...) +CVE-2006-5151 NOT-FOR-US: HP -CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...) +CVE-2006-5150 NOT-FOR-US: OpenBiblio -CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before ...) +CVE-2006-5149 NOT-FOR-US: OpenBiblio -CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...) +CVE-2006-5148 NOT-FOR-US: Forum82 -CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...) +CVE-2006-5147 NOT-FOR-US: VAMP Webmail -CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...) +CVE-2006-5146 NOT-FOR-US: Yblog -CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...) +CVE-2006-5145 NOT-FOR-US: OlateDownload -CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...) +CVE-2006-5144 NOT-FOR-US: OlateDownload -CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...) +CVE-2006-5143 NOT-FOR-US: Backup Agent RPC Server -CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...) +CVE-2006-5142 NOT-FOR-US: CA BrightStor ARCserver Backup -CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...) +CVE-2006-5141 NOT-FOR-US: Open Geo Targeting (aka geotarget) -CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...) +CVE-2006-5140 NOT-FOR-US: Image Host Script (phpkimagehost) -CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to ...) +CVE-2006-5139 NOT-FOR-US: MkPortal -CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain ...) +CVE-2006-5138 NOT-FOR-US: Groupee UBB.threads -CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee ...) +CVE-2006-5137 NOT-FOR-US: Groupee UBB.threads -CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...) +CVE-2006-5136 NOT-FOR-US: Groupee UBB.threads -CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow ...) +CVE-2006-5135 NOT-FOR-US: A-Blog -CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to ...) +CVE-2006-5134 NOT-FOR-US: Mercury SiteScope -CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...) +CVE-2006-5133 NOT-FOR-US: GuildFTPd -CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...) +CVE-2006-5132 NOT-FOR-US: phpMyAgenda -CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...) +CVE-2006-5131 NOT-FOR-US: just another flat file (JAF) CMS -CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) +CVE-2006-5130 NOT-FOR-US: ust another flat file (JAF) CMS -CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) +CVE-2006-5129 NOT-FOR-US: ust another flat file (JAF) CMS -CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...) +CVE-2006-5128 NOT-FOR-US: ConPresso -CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...) +CVE-2006-5127 NOT-FOR-US: ConPresso -CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...) +CVE-2006-5126 NOT-FOR-US: PowerPortal -CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by ...) +CVE-2006-5125 NOT-FOR-US: phpMyWebmin -CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...) +CVE-2006-5124 NOT-FOR-US: phpMyWebmin -CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht ...) +CVE-2006-5123 NOT-FOR-US: PHProjekt -CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury ...) +CVE-2006-5122 NOT-FOR-US: SiteScope -CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the ...) +CVE-2006-5121 NOT-FOR-US: PostNuke -CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer ...) +CVE-2006-5120 NOT-FOR-US: Red Mombin -CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...) +CVE-2006-5119 NOT-FOR-US: Zen Cart -CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...) +CVE-2006-5118 NOT-FOR-US: PHPSelect Web Development Division -CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...) +CVE-2006-5117 - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant) NOTE: Only path disclosure -CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) +CVE-2006-5116 {DSA-1207-1} - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low) [sarge] - phpmyadmin (Vulnerable code not present) -CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...) +CVE-2006-5115 NOT-FOR-US: KGB -CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...) +CVE-2006-5114 NOT-FOR-US: SAP -CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa ...) +CVE-2006-5113 NOT-FOR-US: Exporia -CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...) +CVE-2006-5112 NOT-FOR-US: NaviCOPA Web Server -CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...) +CVE-2006-5111 - libksba 0.9.14-1 (low; bug #391278) [sarge] - libksba (Minor issue) -CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) +CVE-2006-5110 NOT-FOR-US: PHP Invoice -CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...) +CVE-2006-5109 NOT-FOR-US: CubeCart -CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion ...) +CVE-2006-5108 NOT-FOR-US: CubeCart -CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x ...) +CVE-2006-5107 NOT-FOR-US: CubeCart -CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 ...) +CVE-2006-5106 NOT-FOR-US: FacileForms for Mambo and Joomla! -CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...) +CVE-2006-5105 NOT-FOR-US: SyntaxCMS -CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...) +CVE-2006-5104 NOT-FOR-US: vBulletin -CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...) +CVE-2006-5103 NOT-FOR-US: bbsNew -CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...) +CVE-2006-5102 NOT-FOR-US: Newswriter SW -CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV ...) +CVE-2006-5101 NOT-FOR-US: Comdev CSV Importer -CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...) +CVE-2006-5100 NOT-FOR-US: WEB//NEWS (aka webnews) -CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...) +CVE-2006-5099 - dokuwiki 0.0.20060309-5.2 (bug #391291; medium) -CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...) +CVE-2006-5098 - dokuwiki 0.0.20060309-5.2 (bug #391291; medium) -CVE-2006-5097 (** DISPUTED ** ...) +CVE-2006-5097 NOT-FOR-US: net2ftp -CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-5096 NOT-FOR-US: VirtueMart -CVE-2006-5095 (** DISPUTED ** ...) +CVE-2006-5095 NOT-FOR-US: MyPhotos -CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...) +CVE-2006-5094 NOT-FOR-US: phpBB XS -CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...) +CVE-2006-5093 NOT-FOR-US: TagIt! Tagboard -CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...) +CVE-2006-5092 NOT-FOR-US: A-Blog -CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server ...) +CVE-2006-5091 NOT-FOR-US: HP-UX Samba -CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix ...) +CVE-2006-5090 NOT-FOR-US: Phoenix Evolution CMS (PECMS) -CVE-2006-5089 (** DISPUTED ** ...) +CVE-2006-5089 NOT-FOR-US: My-BIC -CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...) +CVE-2006-5088 NOT-FOR-US: phpMyChat -CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ...) +CVE-2006-5087 NOT-FOR-US: evoBB -CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...) +CVE-2006-5086 NOT-FOR-US: Blog Pixel Motion -CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...) +CVE-2006-5085 NOT-FOR-US: Blog Pixel Motion -CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay ...) +CVE-2006-5084 NOT-FOR-US: Skype -CVE-2006-5083 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5083 NOT-FOR-US: Integrated MODs (IM) Portal -CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...) +CVE-2006-5082 - sugarcrm-ce-5.0 (bug #457876) -CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...) +CVE-2006-5081 NOT-FOR-US: QuickBlogger -CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...) +CVE-2006-5080 NOT-FOR-US: Movable Type -CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt ...) +CVE-2006-5079 NOT-FOR-US: paBugs -CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in ...) +CVE-2006-5078 NOT-FOR-US: Polaring -CVE-2006-5077 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5077 NOT-FOR-US: Minerva -CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...) +CVE-2006-5076 NOT-FOR-US: OpenConcept Back-End -CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris ...) +CVE-2006-5075 NOT-FOR-US: Solaris -CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) +CVE-2006-5074 NOT-FOR-US: PHP Invoice -CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...) +CVE-2006-5073 NOT-FOR-US: Solaris -CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...) +CVE-2006-5072 - mono 1.1.17.1-5 -CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...) +CVE-2006-5071 NOT-FOR-US: eyeOS -CVE-2006-5070 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5070 NOT-FOR-US: faceStones Personal -CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...) +CVE-2006-5069 - typo3-src (only versions 4.0.0+4.0.1 affected) -CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...) +CVE-2006-5068 NOT-FOR-US: BrudaNews -CVE-2006-5067 (** DISPUTED ** ...) +CVE-2006-5067 NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK) -CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...) +CVE-2006-5066 NOT-FOR-US: DanPHPSupport -CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...) +CVE-2006-5065 NOT-FOR-US: ZoomStats -CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...) +CVE-2006-5064 NOT-FOR-US: BirdBlog -CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...) +CVE-2006-5063 {DSA-1242-1} - elog 2.6.2+r1719-1 (bug #389361) -CVE-2006-5062 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5062 NOT-FOR-US: PBLang (PBL) -CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...) +CVE-2006-5061 NOT-FOR-US: Advanced-Clan-Script (AVCX) -CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...) +CVE-2006-5060 NOT-FOR-US: Jamroom -CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...) +CVE-2006-5059 NOT-FOR-US: WWWthreads -CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...) +CVE-2006-5058 NOT-FOR-US: Call of Duty -CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...) +CVE-2006-5057 NOT-FOR-US: PhotoStore -CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...) +CVE-2006-5056 NOT-FOR-US: Opial Audio/Video Download Management -CVE-2006-5055 (PHP remote file inclusion vulnerability in ...) +CVE-2006-5055 NOT-FOR-US: syntaxCMS -CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...) +CVE-2006-5054 NOT-FOR-US: iyzi Forum -CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...) +CVE-2006-5053 NOT-FOR-US: Web-News -CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...) +CVE-2006-5052 [etch] - openssh (Minor issue) - openssh 1:4.6p1-1 (low) -CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...) +CVE-2006-5051 {DSA-1638-1 DSA-1212 DSA-1189-1} - openssh 1:4.6p1-1 (low) - openssh-krb5 (high) NOTE: From my analysis only openssh with Kerberos support should be vulnerable NOTE: However, we'll fix openssh as well just to make sure -CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...) +CVE-2006-5050 - busybox (bug #390555; irreproducible) [sarge] - busybox (Vulnerable code not present) -CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...) +CVE-2006-5049 NOT-FOR-US: Classifieds (com_classifieds) component for Joomla! -CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images ...) +CVE-2006-5048 NOT-FOR-US: Security Images (com_securityimages) component for Joomla! -CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...) +CVE-2006-5047 NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2) -CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...) +CVE-2006-5046 NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2) -CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...) +CVE-2006-5045 NOT-FOR-US: PollXT component (com_pollxt) for Joomla! -CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...) +CVE-2006-5044 NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla! -CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard ...) +CVE-2006-5043 NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla! -CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...) +CVE-2006-5042 NOT-FOR-US: mosMedia (com_mosmedia) for Joomla! -CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...) +CVE-2006-5041 NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla! -CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...) +CVE-2006-5040 NOT-FOR-US: SEF404x (com_sef) for Joomla! -CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...) +CVE-2006-5039 NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla! -CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...) +CVE-2006-5038 NOT-FOR-US: FiWin -CVE-2006-5037 (** DISPUTED ** ...) +CVE-2006-5037 NOT-FOR-US: MySource Matrix -CVE-2006-5036 (** DISPUTED ** ...) +CVE-2006-5036 NOT-FOR-US: MySource Matrix -CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...) +CVE-2006-5035 NOT-FOR-US: vCAP -CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...) +CVE-2006-5034 NOT-FOR-US: vCAP -CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...) +CVE-2006-5033 NOT-FOR-US: vCAP -CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...) +CVE-2006-5032 NOT-FOR-US: PHPartenaire -CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...) +CVE-2006-5031 - cakephp 1.1.13.4450-1 -CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...) +CVE-2006-5030 NOT-FOR-US: exV2 -CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...) +CVE-2006-5029 NOT-FOR-US: WoltLab Burning Board (wBB) -CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...) +CVE-2006-5028 NOT-FOR-US: Plesk -CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...) +CVE-2006-5027 NOT-FOR-US: JevonCMS -CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) +CVE-2006-5026 NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner) -CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) +CVE-2006-5025 NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner) -CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) +CVE-2006-5024 NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner) -CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...) +CVE-2006-5023 NOT-FOR-US: xweblog -CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...) +CVE-2006-5022 NOT-FOR-US: pNews System 1.1.0 (aka PowerNews) -CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...) +CVE-2006-5021 NOT-FOR-US: RedBLoG -CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...) +CVE-2006-5020 NOT-FOR-US: SolidState -CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...) +CVE-2006-5019 NOT-FOR-US: Google Mini -CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...) +CVE-2006-5018 NOT-FOR-US: ContentKeeper -CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...) +CVE-2006-5017 NOT-FOR-US: e-Vision CMS -CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...) +CVE-2006-5016 NOT-FOR-US: e-Vision CMS -CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...) +CVE-2006-5015 NOT-FOR-US: Kietu -CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...) +CVE-2006-5014 NOT-FOR-US: cPanel -CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...) +CVE-2006-5013 NOT-FOR-US: Solaris -CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...) +CVE-2006-5012 NOT-FOR-US: Solaris -CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...) +CVE-2006-5011 NOT-FOR-US: AIX -CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...) +CVE-2006-5010 NOT-FOR-US: AIX -CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...) +CVE-2006-5009 NOT-FOR-US: AIX -CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...) +CVE-2006-5008 NOT-FOR-US: AIX -CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...) +CVE-2006-5007 NOT-FOR-US: AIX -CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...) +CVE-2006-5006 NOT-FOR-US: AIX -CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...) +CVE-2006-5005 NOT-FOR-US: AIX -CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...) +CVE-2006-5004 NOT-FOR-US: AIX -CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...) +CVE-2006-5003 NOT-FOR-US: AIX -CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...) +CVE-2006-5002 NOT-FOR-US: AIX -CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...) +CVE-2006-5001 NOT-FOR-US: WS_FTP -CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...) +CVE-2006-5000 NOT-FOR-US: WS_FTP CVE-2006-4999 RESERVED CVE-2006-4998 RESERVED -CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...) +CVE-2006-4997 {DSA-1237 DSA-1233} - linux-2.6 2.6.18-1 -CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 ...) +CVE-2006-4996 NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla! -CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...) +CVE-2006-4995 NOT-FOR-US: BSQ Sitestats for Joomla! -CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache ...) +CVE-2006-4994 NOT-FOR-US: XAMPP -CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...) +CVE-2006-4993 NOT-FOR-US: AllMyGuests -CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...) +CVE-2006-4992 NOT-FOR-US: JD-WordPress for Joomla! -CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows ...) +CVE-2006-4991 NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager -CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow ...) +CVE-2006-4990 NOT-FOR-US: PhotoPost -CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...) +CVE-2006-4989 NOT-FOR-US: Wili-CMS -CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick ...) +CVE-2006-4988 NOT-FOR-US: Wili-CMS -CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick ...) +CVE-2006-4987 NOT-FOR-US: Wili-CMS -CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive ...) +CVE-2006-4986 NOT-FOR-US: BandSite CMS -CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale ...) +CVE-2006-4985 NOT-FOR-US: BandSite CMS -CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...) +CVE-2006-4984 NOT-FOR-US: BandSite CMS -CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network ...) +CVE-2006-4983 NOT-FOR-US: Cisco -CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device ...) +CVE-2006-4982 NOT-FOR-US: Cisco -CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass ...) +CVE-2006-4981 NOT-FOR-US: Symantec -CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...) +CVE-2006-4980 {DSA-1198-1 DSA-1197-1} - python2.5 2.5-1 (bug #391589) - python2.4 2.4.3-9 (bug #391589) - python2.3 2.3.5-16 (bug #393053) - python2.2 (Compiled without UCS-4 support) -CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php ...) +CVE-2006-4979 NOT-FOR-US: PhpQuiz -CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...) +CVE-2006-4978 NOT-FOR-US: PhpQuiz -CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...) +CVE-2006-4977 NOT-FOR-US: PhpQuiz -CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...) +CVE-2006-4976 - libphp-adodb (unimportant) - gallery2 (unimportant) - phppgadmin (unimportant) @@ -5047,93 +5047,93 @@ CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote - phpwiki (unimportant) - moodle (unimportant) NOTE: full path is known in Debian anyway -CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...) +CVE-2006-4975 NOT-FOR-US: Yahoo! Messenger -CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...) +CVE-2006-4974 NOT-FOR-US: WS_FTP -CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual ...) +CVE-2006-4973 NOT-FOR-US: DotNetNuke -CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-4972 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...) +CVE-2006-4971 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM ...) +CVE-2006-4970 NOT-FOR-US: Pie Cart Pro -CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...) +CVE-2006-4969 NOT-FOR-US: Pie Cart Pro -CVE-2006-4968 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4968 NOT-FOR-US: PNphpBB NOTE: code in phpBB is different and not affected -CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart ...) +CVE-2006-4967 NOT-FOR-US: NextAge Cart -CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in ...) +CVE-2006-4966 NOT-FOR-US: phpQuestionnaire -CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ...) +CVE-2006-4965 NOT-FOR-US: Apple NOTE: also used for related MFSA-2007-28, but still a QuickTime/Windows only issue -CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...) +CVE-2006-4964 NOT-FOR-US: MAXdev MDPro -CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 ...) +CVE-2006-4963 NOT-FOR-US: Exponent CMS -CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...) +CVE-2006-4962 NOT-FOR-US: Php Blue Dragon -CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in ...) +CVE-2006-4961 NOT-FOR-US: Php Blue Dragon -CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon ...) +CVE-2006-4960 NOT-FOR-US: Php Blue Dragon -CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows ...) +CVE-2006-4959 NOT-FOR-US: Sun Secure Global Desktop -CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure ...) +CVE-2006-4958 NOT-FOR-US: Sun Secure Global Desktop -CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...) +CVE-2006-4957 NOT-FOR-US: MyReview -CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in ...) +CVE-2006-4956 NOT-FOR-US: Neon WebMail for Java -CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon ...) +CVE-2006-4955 NOT-FOR-US: Neon WebMail for Java -CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not ...) +CVE-2006-4954 NOT-FOR-US: Neon WebMail for Java -CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...) +CVE-2006-4953 NOT-FOR-US: Neon WebMail for Java -CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows ...) +CVE-2006-4952 NOT-FOR-US: Neon WebMail for Java -CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute ...) +CVE-2006-4951 NOT-FOR-US: Neon WebMail for Java -CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...) +CVE-2006-4950 NOT-FOR-US: Cisco -CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site ...) +CVE-2006-4949 NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal -CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...) +CVE-2006-4948 NOT-FOR-US: TFTPDWIN -CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...) +CVE-2006-4947 NOT-FOR-US: Search Keywords module for Drupal -CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...) +CVE-2006-4946 NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB) -CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...) +CVE-2006-4945 NOT-FOR-US: DigitalWebShop -CVE-2006-4944 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4944 NOT-FOR-US: ProgSys -CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...) +CVE-2006-4943 - moodle 1.6.2-1 [sarge] - moodle (File not present) -CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...) +CVE-2006-4942 - moodle 1.6.2-1 -CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...) +CVE-2006-4941 - moodle 1.6.2-1 -CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote ...) +CVE-2006-4940 - moodle 1.6.2-1 [sarge] - moodle (Function not present) -CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...) +CVE-2006-4939 - moodle 1.6.2-1 (unimportant) NOTE: Path disclosure -CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of ...) +CVE-2006-4938 - moodle 1.6.2-1 (unimportant) NOTE: Path disclosure -CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...) +CVE-2006-4937 - moodle 1.6.2-1 -CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...) +CVE-2006-4936 - moodle 1.6.2-1 -CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle ...) +CVE-2006-4935 - moodle 1.6.2-1 CVE-2006-4934 RESERVED @@ -5149,180 +5149,180 @@ CVE-2006-4929 RESERVED CVE-2006-4928 RESERVED -CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...) +CVE-2006-4927 NOT-FOR-US: Symantec AntiVirus -CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...) +CVE-2006-4926 NOT-FOR-US: Kaspersky Labs -CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...) +CVE-2006-4925 - openssh 1:5.1p1-5 (unimportant) NOTE: That's a non-issue -CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...) +CVE-2006-4924 {DSA-1212 DSA-1189-1} - openssh 1:4.3p2-4 (low; bug #389995) - openssh-krb5 (low) -CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...) +CVE-2006-4923 NOT-FOR-US: eSyndiCat Portal System -CVE-2006-4922 (Unrestricted file upload vulnerability in ...) +CVE-2006-4922 NOT-FOR-US: Site@School -CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 ...) +CVE-2006-4921 NOT-FOR-US: Site@School -CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School ...) +CVE-2006-4920 NOT-FOR-US: Site@School -CVE-2006-4919 (Directory traversal vulnerability in ...) +CVE-2006-4919 NOT-FOR-US: Site@School -CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple ...) +CVE-2006-4918 NOT-FOR-US: Simple Discussion Board -CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News ...) +CVE-2006-4917 NOT-FOR-US: PT News -CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) ...) +CVE-2006-4916 NOT-FOR-US: Tekman Portal -CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate ...) +CVE-2006-4915 NOT-FOR-US: Innovate Portal -CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote ...) +CVE-2006-4914 NOT-FOR-US: A.l-Pifou -CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in ...) +CVE-2006-4913 NOT-FOR-US: AlstraSoft E-friends -CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and ...) +CVE-2006-4912 NOT-FOR-US: PHP DocWriter -CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 ...) +CVE-2006-4911 NOT-FOR-US: Cisco -CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before ...) +CVE-2006-4910 NOT-FOR-US: Cisco -CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS ...) +CVE-2006-4909 NOT-FOR-US: Cisco -CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...) +CVE-2006-4908 NOT-FOR-US: OSU -CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...) +CVE-2006-4907 NOT-FOR-US: OSU -CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...) +CVE-2006-4906 NOT-FOR-US: More.groupware -CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...) +CVE-2006-4905 NOT-FOR-US: Artmedic Links -CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam ...) +CVE-2006-4904 NOT-FOR-US: X-Cart CVE-2006-4903 RESERVED -CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...) +CVE-2006-4902 NOT-FOR-US: Symantec Veritas NetBackup -CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...) +CVE-2006-4901 NOT-FOR-US: CA eTrust -CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...) +CVE-2006-4900 NOT-FOR-US: CA eTrust -CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security ...) +CVE-2006-4899 NOT-FOR-US: CA eTrust -CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...) +CVE-2006-4898 NOT-FOR-US: guanxiCRM -CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...) +CVE-2006-4897 NOT-FOR-US: CMtextS CVE-2006-4896 REJECTED -CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...) +CVE-2006-4895 NOT-FOR-US: IDevSpot NexieAffiliate -CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...) +CVE-2006-4894 NOT-FOR-US: IDevSpot NexieAffiliate -CVE-2006-4893 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4893 NOT-FOR-US: phpBB XS -CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...) +CVE-2006-4892 NOT-FOR-US: Techno Dreams FAQ -CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...) +CVE-2006-4891 NOT-FOR-US: Techno Dreams -CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...) +CVE-2006-4890 NOT-FOR-US: UNAK-CMS -CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...) +CVE-2006-4889 NOT-FOR-US: Telekorn SignKorn Guestbook -CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...) +CVE-2006-4888 NOT-FOR-US: Microsoft -CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...) +CVE-2006-4887 NOT-FOR-US: Apple -CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...) +CVE-2006-4886 NOT-FOR-US: McAfee -CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...) +CVE-2006-4885 NOT-FOR-US: Shadowed Portal -CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) +CVE-2006-4884 NOT-FOR-US: IDevSpot iSupport -CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) +CVE-2006-4883 NOT-FOR-US: IDevSpot BizDirectory -CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...) +CVE-2006-4882 NOT-FOR-US: Cart 3 -CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...) +CVE-2006-4881 NOT-FOR-US: PHP-Post (PHPp) -CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...) +CVE-2006-4880 NOT-FOR-US: PHP-Post (PHPp) -CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...) +CVE-2006-4879 NOT-FOR-US: PHP-Post (PHPp) -CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...) +CVE-2006-4878 NOT-FOR-US: PHP-Post (PHPp) -CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...) +CVE-2006-4877 NOT-FOR-US: PHP-Post (PHPp) -CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...) +CVE-2006-4876 NOT-FOR-US: Jupiter CMS -CVE-2006-4875 (Unrestricted file upload vulnerability in ...) +CVE-2006-4875 NOT-FOR-US: Jupiter CMS -CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...) +CVE-2006-4874 NOT-FOR-US: Jupiter CMS -CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...) +CVE-2006-4873 NOT-FOR-US: Jupiter CMS -CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...) +CVE-2006-4872 NOT-FOR-US: ECardPro -CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...) +CVE-2006-4871 NOT-FOR-US: EShoppingPro -CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...) +CVE-2006-4870 NOT-FOR-US: AEDating -CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...) +CVE-2006-4869 NOT-FOR-US: phpunity.postcard -CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine ...) +CVE-2006-4868 NOT-FOR-US: Microsoft -CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...) +CVE-2006-4867 NOT-FOR-US: GNUTurk -CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...) +CVE-2006-4866 NOT-FOR-US: Apple -CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...) +CVE-2006-4865 NOT-FOR-US: PhpQuiz -CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...) +CVE-2006-4864 NOT-FOR-US: ReviewPost -CVE-2006-4863 (** DISPUTED ** ...) +CVE-2006-4863 NOT-FOR-US: mcLinksCounter -CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...) +CVE-2006-4862 NOT-FOR-US: easypage -CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...) +CVE-2006-4861 NOT-FOR-US: Complain Center -CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...) +CVE-2006-4860 NOT-FOR-US: Limbo -CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...) +CVE-2006-4859 NOT-FOR-US: Limbo -CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...) +CVE-2006-4858 NOT-FOR-US: Serverstat (com_serverstat) component for Mambo -CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...) +CVE-2006-4857 NOT-FOR-US: ClickBlog -CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...) +CVE-2006-4856 NOT-FOR-US: WebLogger -CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) +CVE-2006-4855 NOT-FOR-US: Symantec CVE-2006-4854 REJECTED -CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...) +CVE-2006-4853 NOT-FOR-US: Haberx -CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...) +CVE-2006-4852 NOT-FOR-US: QuadComm Q-Shop -CVE-2006-4851 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4851 NOT-FOR-US: BolinOS -CVE-2006-4850 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4850 NOT-FOR-US: BolinOS -CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...) +CVE-2006-4849 NOT-FOR-US: MobilePublisherPHP -CVE-2006-4848 (** DISPUTED ** ...) +CVE-2006-4848 NOT-FOR-US: Hitweb -CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...) +CVE-2006-4847 NOT-FOR-US: WS_FTP -CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...) +CVE-2006-4846 NOT-FOR-US: Citrix -CVE-2006-4845 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4845 NOT-FOR-US: TeamCal -CVE-2006-4844 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4844 NOT-FOR-US: Claroline -CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) +CVE-2006-4843 NOT-FOR-US: IBM Lotus Domino -CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...) +CVE-2006-4842 - xulrunner 1.8.0.9-1 (low; bug #405062) [sarge] - mozilla (Minor issue) NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary @@ -5331,47 +5331,47 @@ CVE-2006-4841 RESERVED CVE-2006-4840 REJECTED -CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ...) +CVE-2006-4839 NOT-FOR-US: Sophos -CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...) +CVE-2006-4838 NOT-FOR-US: DCP-Portal -CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...) +CVE-2006-4837 NOT-FOR-US: DCP-Portal -CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...) +CVE-2006-4836 NOT-FOR-US: DCP-Portal -CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...) +CVE-2006-4835 NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum) -CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...) +CVE-2006-4834 NOT-FOR-US: phpQuiz -CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...) +CVE-2006-4833 NOT-FOR-US: NetPerformer -CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...) +CVE-2006-4832 NOT-FOR-US: NetPerformer -CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...) +CVE-2006-4831 NOT-FOR-US: IP over DNS is now easy (iodine) -CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...) +CVE-2006-4830 NOT-FOR-US: Blojsom -CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...) +CVE-2006-4829 NOT-FOR-US: Blojsom -CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...) +CVE-2006-4828 NOT-FOR-US: PhotoPost -CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...) +CVE-2006-4827 NOT-FOR-US: Vmist Downstat -CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...) +CVE-2006-4826 NOT-FOR-US: Shadowed Portal -CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-4825 NOT-FOR-US: PHP Event Calendar -CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...) +CVE-2006-4824 NOT-FOR-US: Quicksilver Forums (QSF) -CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...) +CVE-2006-4823 NOT-FOR-US: Magic News -CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-4822 NOT-FOR-US: emuCMS -CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...) +CVE-2006-4821 NOT-FOR-US: Drupal Userreview module -CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...) +CVE-2006-4820 NOT-FOR-US: HP-UX -CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote ...) +CVE-2006-4819 NOT-FOR-US: Opera CVE-2006-4818 RESERVED @@ -5381,43 +5381,43 @@ CVE-2006-4816 RESERVED CVE-2006-4815 RESERVED -CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...) +CVE-2006-4814 {DSA-1503-2 DSA-1503-1 DSA-1304} - linux-2.6 2.6.18.dfsg.1-9 (low) - kernel-patch-openvz 028.18.1 -CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...) +CVE-2006-4813 {DSA-1233} - linux-2.6 2.6.13-1 -CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...) +CVE-2006-4812 - php4 - php5 5.1.6-5 (bug #391586) -CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...) +CVE-2006-4811 {DSA-1200-1} - qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313) - qt4-x11 4.2.1-1 (bug #394192) -CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used ...) +CVE-2006-4810 {DSA-1219} - texinfo 4.8.dfsg.1-4 -CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...) +CVE-2006-4809 - imlib2 1.3.0.0debian1-3 (medium; bug #397371) -CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...) +CVE-2006-4808 - imlib2 1.3.0.0debian1-3 (medium; bug #397371) -CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, ...) +CVE-2006-4807 - imlib2 1.3.0.0debian1-3 (medium; bug #397371) -CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote ...) +CVE-2006-4806 - imlib2 1.3.0.0debian1-3 (medium; bug #397371) -CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...) +CVE-2006-4805 {DSA-1201-1} - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-4804 RESERVED -CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...) +CVE-2006-4803 NOT-FOR-US: Novell Identity Manager -CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...) +CVE-2006-4802 NOT-FOR-US: Symantec -CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...) +CVE-2006-4801 NOT-FOR-US: Roxio Toast -CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...) +CVE-2006-4800 {DSA-1215} - ffmpeg 0.cvs20060329-1 - xmovie @@ -5426,23 +5426,23 @@ CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...) - gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311) - mplayer 1.0~rc1-1 NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg -CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...) +CVE-2006-4799 {DSA-1215} - xine-lib 1.1.2-1 (bug #369876; medium) NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg -CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...) +CVE-2006-4798 - sql-ledger 2.4.5-1 -CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...) +CVE-2006-4797 NOT-FOR-US: CJ Tag Board -CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...) +CVE-2006-4796 NOT-FOR-US: Snitz Forums -CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...) +CVE-2006-4795 NOT-FOR-US: HP-UX -CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...) +CVE-2006-4794 NOT-FOR-US: e107 -CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...) +CVE-2006-4793 NOT-FOR-US: TualBLOG -CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...) +CVE-2006-5778 {DSA-1217} - linux-ftpd 0.17-23 (low; bug #384454) CVE-2006-XXXX [ejabberd HTML code injection] @@ -5451,127 +5451,127 @@ CVE-2006-4792 RESERVED CVE-2006-4791 RESERVED -CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...) +CVE-2006-4789 NOT-FOR-US: Open Movie Editor -CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...) +CVE-2006-4788 NOT-FOR-US: SignKorn Guestbook -CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...) +CVE-2006-4787 NOT-FOR-US: AlphaMail -CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...) +CVE-2006-4786 - moodle 1.6.2-1 (low) -CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ...) +CVE-2006-4785 - moodle 1.6.2-1 (medium; bug #387177) -CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...) +CVE-2006-4784 - moodle 1.6.2-1 (low) -CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...) +CVE-2006-4783 NOT-FOR-US: WebSPELL -CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...) +CVE-2006-4782 NOT-FOR-US: WebSPELL -CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...) +CVE-2006-4781 NOT-FOR-US: FutureSoft TFTP Server -CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...) +CVE-2006-4780 NOT-FOR-US: phpBB XS -CVE-2006-4779 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4779 NOT-FOR-US: Vitrax Premodded phpBB -CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...) +CVE-2006-4778 NOT-FOR-US: Creative Commons Tools ccHost -CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...) +CVE-2006-4777 NOT-FOR-US: DirectAnimation.PathControl -CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...) +CVE-2006-4776 NOT-FOR-US: Cisco -CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...) +CVE-2006-4775 NOT-FOR-US: Cisco -CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...) +CVE-2006-4774 NOT-FOR-US: Cisco -CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...) +CVE-2006-4773 NOT-FOR-US: Sun StorEdge -CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...) +CVE-2006-4772 NOT-FOR-US: HotPlug CMS -CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...) +CVE-2006-4771 NOT-FOR-US: ForumJBC -CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...) +CVE-2006-4770 NOT-FOR-US: MiniPort@l -CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...) +CVE-2006-4769 NOT-FOR-US: p4CMS -CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...) +CVE-2006-4768 NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) -CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...) +CVE-2006-4767 NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) -CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...) +CVE-2006-4766 NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) -CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...) +CVE-2006-4765 NOT-FOR-US: NETGEAR -CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...) +CVE-2006-4764 NOT-FOR-US: WTools -CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's ...) +CVE-2006-4763 NOT-FOR-US: IBM Lotus Domino Web Access -CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...) +CVE-2006-4762 NOT-FOR-US: Ykoon RssReader -CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...) +CVE-2006-4761 NOT-FOR-US: SharpReader -CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...) +CVE-2006-4760 NOT-FOR-US: RSSOwl -CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...) +CVE-2006-4759 NOT-FOR-US: PunBB -CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...) +CVE-2006-4758 {DSA-1488-1} - phpbb2 2.0.21-4 (bug #388120; unimportant) NOTE: Only exploitable by admins, which you'd need to trust -CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...) +CVE-2006-4757 NOT-FOR-US: e107 -CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...) +CVE-2006-4756 NOT-FOR-US: phpMyDirectory -CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...) +CVE-2006-4755 NOT-FOR-US: phpMyDirectory -CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...) +CVE-2006-4754 NOT-FOR-US: PHProg -CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 ...) +CVE-2006-4753 NOT-FOR-US: PHProg -CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote ...) +CVE-2006-4752 NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS -CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu ...) +CVE-2006-4751 NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS -CVE-2006-4750 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4750 NOT-FOR-US: OPENi-CMS -CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...) +CVE-2006-4749 NOT-FOR-US: PHP Advanced Transfer Manager (phpATM) -CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow ...) +CVE-2006-4748 NOT-FOR-US: F-ART BLOG:CMS -CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot ...) +CVE-2006-4747 NOT-FOR-US: IdevSpot TextAds -CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...) +CVE-2006-4746 NOT-FOR-US: Web Server Creator -CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to ...) +CVE-2006-4745 NOT-FOR-US: ScaryBear PocketExpense Pro -CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...) +CVE-2006-4744 NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless -CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...) +CVE-2006-4743 - wordpress 2.0.5-0.1 (unimportant) NOTE: path disclosure only -CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...) +CVE-2006-4742 NOT-FOR-US: PhpLinkExchange -CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...) +CVE-2006-4741 NOT-FOR-US: PhpLinkExchange -CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...) +CVE-2006-4740 NOT-FOR-US: Jetbox CMS -CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...) +CVE-2006-4739 NOT-FOR-US: Jetbox CMS -CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...) +CVE-2006-4738 NOT-FOR-US: Jetbox CMS -CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...) +CVE-2006-4737 NOT-FOR-US: Jetbox CMS -CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...) +CVE-2006-4736 NOT-FOR-US: CMS.R -CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...) +CVE-2006-4735 - magpierss (unimportant) NOTE: path disclosure only -CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...) +CVE-2006-4734 - tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122) -CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...) +CVE-2006-4733 NOT-FOR-US: simple, integrated publishing system (SIPS) -CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...) +CVE-2006-4732 NOT-FOR-US: Microsoft -CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...) +CVE-2006-4731 {DSA-1239-1} - sql-ledger 2.6.19-1 CVE-2006-4730 @@ -5580,57 +5580,57 @@ CVE-2006-4729 RESERVED CVE-2006-4728 RESERVED -CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in ...) +CVE-2006-4727 NOT-FOR-US: Tumbleweed EMF Administration Module -CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...) +CVE-2006-4726 NOT-FOR-US: Adobe -CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...) +CVE-2006-4725 NOT-FOR-US: Adobe -CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ...) +CVE-2006-4724 NOT-FOR-US: Adobe -CVE-2006-4723 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4723 NOT-FOR-US: RaidenHTTPD -CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...) +CVE-2006-4722 NOT-FOR-US: Open Bulletin Board (OpenBB) -CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...) +CVE-2006-4721 NOT-FOR-US: CCleague Pro Sports CMS -CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...) +CVE-2006-4720 NOT-FOR-US: mcGalleryPRO -CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb ...) +CVE-2006-4719 NOT-FOR-US: MyABraCaDaWeb -CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...) +CVE-2006-4718 NOT-FOR-US: KorviBlog -CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module ...) +CVE-2006-4717 NOT-FOR-US: Pubcookie module for Drupal -CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...) +CVE-2006-4716 NOT-FOR-US: Fire Soft Board (FSB) -CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo ...) +CVE-2006-4715 NOT-FOR-US: SpoonLabs Vivvo Article Management CMS -CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs ...) +CVE-2006-4714 NOT-FOR-US: SpoonLabs Vivvo Article Management CMS -CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...) +CVE-2006-4713 NOT-FOR-US: PSYWERKS PUMA -CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 ...) +CVE-2006-4712 - firefox-sage 1.3.6-3 (bug #388149; medium) -CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...) +CVE-2006-4711 - firefox-sage 1.3.6-3 (bug #388149; medium) -CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...) +CVE-2006-4710 NOT-FOR-US: NewsGator FeedDemon -CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...) +CVE-2006-4709 NOT-FOR-US: Vikingboard -CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) +CVE-2006-4708 NOT-FOR-US: Vikingboard -CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...) +CVE-2006-4707 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) +CVE-2006-4706 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...) +CVE-2006-4705 NOT-FOR-US: Timesheet (aka Timesheet.php) -CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker ...) +CVE-2006-4704 NOT-FOR-US: Microsoft CVE-2006-4703 REJECTED -CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft ...) +CVE-2006-4702 NOT-FOR-US: Microsoft CVE-2006-4701 REJECTED @@ -5640,164 +5640,164 @@ CVE-2006-4699 REJECTED CVE-2006-4698 REJECTED -CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) +CVE-2006-4697 NOT-FOR-US: Microsoft -CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...) +CVE-2006-4696 NOT-FOR-US: Microsoft -CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office ...) +CVE-2006-4695 NOT-FOR-US: Microsoft Office -CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...) +CVE-2006-4694 NOT-FOR-US: Microsoft -CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...) +CVE-2006-4693 NOT-FOR-US: Microsoft Word -CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...) +CVE-2006-4692 NOT-FOR-US: Microsoft Word -CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...) +CVE-2006-4691 NOT-FOR-US: Microsoft CVE-2006-4690 REJECTED -CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...) +CVE-2006-4689 NOT-FOR-US: Microsoft -CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...) +CVE-2006-4688 NOT-FOR-US: Microsoft -CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) +CVE-2006-4687 NOT-FOR-US: Microsoft -CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...) +CVE-2006-4686 NOT-FOR-US: Microsoft -CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...) +CVE-2006-4685 NOT-FOR-US: Microsoft -CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...) +CVE-2006-4684 {DSA-1176-1} - zope2.7 - zope2.8 2.8.8-2 -CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...) +CVE-2006-4683 NOT-FOR-US: IBM Director -CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...) +CVE-2006-4682 NOT-FOR-US: IBM Director -CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...) +CVE-2006-4681 NOT-FOR-US: IBM Director -CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...) +CVE-2006-4680 NOT-FOR-US: Canon imageRUNNER -CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...) +CVE-2006-4679 - dokuwiki 0.0.20060309-5.1 (low; bug #388082) -CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...) +CVE-2006-4678 NOT-FOR-US: News Evolution -CVE-2006-4677 (** DISPUTED ** ...) +CVE-2006-4677 NOT-FOR-US: phpopenchat -CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...) +CVE-2006-4676 NOT-FOR-US: TIBCO RendezVous -CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...) +CVE-2006-4675 - dokuwiki 0.0.20060309-5.1 (medium; bug #388082) -CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...) +CVE-2006-4674 - dokuwiki 0.0.20060309-5.1 (medium; bug #388082) -CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...) +CVE-2006-4673 NOT-FOR-US: PHP-Fusion -CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...) +CVE-2006-4672 NOT-FOR-US: ppalCart -CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...) +CVE-2006-4671 NOT-FOR-US: Fantastic News -CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...) +CVE-2006-4670 NOT-FOR-US: PhotoKorn Gallery -CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...) +CVE-2006-4669 NOT-FOR-US: Somery -CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...) +CVE-2006-4668 NOT-FOR-US: AckerTodo -CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...) +CVE-2006-4667 NOT-FOR-US: RunCMS -CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...) +CVE-2006-4666 NOT-FOR-US: Newsscript (aka WM-News) -CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...) +CVE-2006-4665 NOT-FOR-US: MKPortal -CVE-2006-4664 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4664 NOT-FOR-US: Premod Shadow -CVE-2006-4663 (** DISPUTED ** ...) +CVE-2006-4663 NOT-FOR-US: User problem -CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...) +CVE-2006-4662 NOT-FOR-US: AOL ICQ -CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...) +CVE-2006-4661 NOT-FOR-US: AOL ICQ Toolbar -CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...) +CVE-2006-4660 NOT-FOR-US: AOL ICQ Toolbar -CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...) +CVE-2006-4659 NOT-FOR-US: Panda Platinum Internet Security -CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...) +CVE-2006-4658 NOT-FOR-US: Panda Platinum Internet Security -CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...) +CVE-2006-4657 NOT-FOR-US: Panda Platinum Internet Security -CVE-2006-4656 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4656 NOT-FOR-US: Web Provence SL_Site -CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...) +CVE-2006-4655 NOT-FOR-US: X11R6.4 -CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...) +CVE-2006-4654 NOT-FOR-US: Address Book Web Server -CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...) +CVE-2006-4653 NOT-FOR-US: Amazing Little Poll -CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...) +CVE-2006-4652 NOT-FOR-US: Amazing Little Poll -CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...) +CVE-2006-4651 NOT-FOR-US: Php download -CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...) +CVE-2006-4650 NOT-FOR-US: Cisco -CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...) +CVE-2006-4649 NOT-FOR-US: BinGo News -CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...) +CVE-2006-4648 NOT-FOR-US: BinGo News -CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...) +CVE-2006-4647 NOT-FOR-US: Sponge News -CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...) +CVE-2006-4646 NOT-FOR-US: Drupal Pathauto module -CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...) +CVE-2006-4645 NOT-FOR-US: Social BookMarking Engine -CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...) +CVE-2006-4644 NOT-FOR-US: phpFullAnnu -CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...) +CVE-2006-4643 NOT-FOR-US: PhpLeague -CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator ...) +CVE-2006-4642 NOT-FOR-US: AuditWizard -CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...) +CVE-2006-4641 NOT-FOR-US: Muratsoft Haber Portal -CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...) +CVE-2006-4640 - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) -CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...) +CVE-2006-4639 NOT-FOR-US: C-News.fr C-News -CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...) +CVE-2006-4638 NOT-FOR-US: ACGV News -CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...) +CVE-2006-4637 NOT-FOR-US: ACGV News -CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...) +CVE-2006-4636 NOT-FOR-US: PhpCommander -CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...) +CVE-2006-4635 NOT-FOR-US: MySource Classic -CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...) +CVE-2006-4634 NOT-FOR-US: VBZooM -CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...) +CVE-2006-4633 NOT-FOR-US: SoftBB -CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...) +CVE-2006-4632 NOT-FOR-US: SoftBB -CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...) +CVE-2006-4631 NOT-FOR-US: SoftBB -CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...) +CVE-2006-4630 NOT-FOR-US: MySpeach -CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...) +CVE-2006-4629 NOT-FOR-US: C-News.fr C-News -CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...) +CVE-2006-4628 NOT-FOR-US: VCD-db -CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...) +CVE-2006-4627 NOT-FOR-US: System Information ActiveX control -CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...) +CVE-2006-4626 NOT-FOR-US: avast! Anti-virus Engine -CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...) +CVE-2006-4625 - php4 4:4.4.4-1 (bug #391282; unimportant) - php5 5.2.0-1 (bug #391281; unimportant) NOTE: open_basedir violations not supported in Debian's PHP -CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...) +CVE-2006-4624 {DSA-1188-1} - mailman 1:2.1.8-3 -CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...) +CVE-2006-4623 {DSA-1304} - linux-2.6 2.6.18-1 -CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...) +CVE-2006-4790 {DSA-1182-1} NOTE: GNUTLS-SA-2006-4 - gnutls13 1.4.4-1 (high) @@ -5808,426 +5808,426 @@ CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack] - gnutls13 1.4.3-1 (unimportant) - gnutls12 (unimportant) - gnutls11 (unimportant) -CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV ...) +CVE-2006-4622 NOT-FOR-US: AnnonceV -CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...) +CVE-2006-4621 NOT-FOR-US: Pheap -CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...) +CVE-2006-4620 NOT-FOR-US: Alt-N WebAdmin -CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...) +CVE-2006-4619 NOT-FOR-US: Avira -CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...) +CVE-2006-4618 - libphp-adodb (vulnerable code seems to be In-link specific) - egroupware (vulnerable code seems to be In-link specific) - moodle (vulnerable code seems to be In-link specific) - phppgadmin (vulnerable code seems to be In-link specific) - gallery2 (vulnerable code seems to be In-link specific) - phpwiki (vulnerable code seems to be In-link specific) -CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger ...) +CVE-2006-4617 NOT-FOR-US: vtiger CRM -CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise ...) +CVE-2006-4616 NOT-FOR-US: MailEnable -CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...) +CVE-2006-4615 NOT-FOR-US: Shape Services -CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords ...) +CVE-2006-4614 NOT-FOR-US: PDAapps Verichat -CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...) +CVE-2006-4613 NOT-FOR-US: SnapGear -CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows ...) +CVE-2006-4612 NOT-FOR-US: ZIXForum -CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks ...) +CVE-2006-4611 NOT-FOR-US: dsocks -CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda ...) +CVE-2006-4610 NOT-FOR-US: GrapAgenda -CVE-2006-4609 (** DISPUTED ** ...) +CVE-2006-4609 NOT-FOR-US: PHProjekt -CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...) +CVE-2006-4608 NOT-FOR-US: php-Revista -CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote ...) +CVE-2006-4607 NOT-FOR-US: php-Revista -CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista ...) +CVE-2006-4606 NOT-FOR-US: php-Revista -CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...) +CVE-2006-4605 NOT-FOR-US: php-Revista -CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php ...) +CVE-2006-4604 NOT-FOR-US: Lanifex Database of Managed Objects (DMO) -CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass ...) +CVE-2006-4603 NOT-FOR-US: Swift Sound Web Dictate -CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows ...) +CVE-2006-4601 NOT-FOR-US: 1Two -CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...) +CVE-2006-4600 - openldap2.3 2.3.25-1 - openldap2.2 (low) - openldap2 (low) (slapd not built from this version) -CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...) +CVE-2006-4599 NOT-FOR-US: Autentificator -CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 ...) +CVE-2006-4598 NOT-FOR-US: ssLinks -CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...) +CVE-2006-4597 NOT-FOR-US: ICBlogger -CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...) +CVE-2006-4596 NOT-FOR-US: MyBace Light Skrip -CVE-2006-4595 (muforum (µforum) 0.4c stores membres/members.dat under the web ...) +CVE-2006-4595 NOT-FOR-US: muforum -CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...) +CVE-2006-4594 NOT-FOR-US: phpAtm -CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 ...) +CVE-2006-4593 NOT-FOR-US: SoftBB -CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...) +CVE-2006-4592 NOT-FOR-US: Simple Blog -CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft ...) +CVE-2006-4591 NOT-FOR-US: AltraSoft Template Seller -CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...) +CVE-2006-4590 NOT-FOR-US: Jetstat.com JS ASP Faq Manager -CVE-2006-4589 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4589 NOT-FOR-US: DynCMS -CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to ...) +CVE-2006-4588 NOT-FOR-US: vtiger CRM -CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...) +CVE-2006-4587 NOT-FOR-US: vtiger CRM -CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash ...) +CVE-2006-4586 NOT-FOR-US: Tr Forum -CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...) +CVE-2006-4585 NOT-FOR-US: Tr Forum -CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...) +CVE-2006-4584 NOT-FOR-US: Tr Forum -CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...) +CVE-2006-4583 NOT-FOR-US: FlashChat -CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e ...) +CVE-2006-4582 NOT-FOR-US: The Address Book -CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e validates ...) +CVE-2006-4581 NOT-FOR-US: The Address Book -CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to ...) +CVE-2006-4580 NOT-FOR-US: The Address Book -CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book ...) +CVE-2006-4579 NOT-FOR-US: The Address Book -CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...) +CVE-2006-4578 NOT-FOR-US: The Address Book -CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e ...) +CVE-2006-4577 NOT-FOR-US: The Address Book -CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows ...) +CVE-2006-4576 NOT-FOR-US: The Address Book -CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote ...) +CVE-2006-4575 NOT-FOR-US: The Address Book -CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark ...) +CVE-2006-4574 - wireshark 0.99.4-1 (bug #396258; medium) -CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...) +CVE-2006-4573 {DSA-1202-1} - screen 4.0.3-0.1 (bug #395225; bug #395999; medium) -CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...) +CVE-2006-4572 - linux-2.6 2.6.18.dfsg.1-9 (medium) -CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...) +CVE-2006-4571 {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-64 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (high) - xulrunner 1.8.0.7-1 (high) -CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...) +CVE-2006-4570 {DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-63 - thunderbird 1.5.0.7-1 - mozilla -CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...) +CVE-2006-4569 NOTE: MFSA-2006-62 - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (low) - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox (Regression only affecting 1.5) -CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...) +CVE-2006-4568 {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-61 - mozilla (low) - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (low) - thunderbird 1.5.0.7-1 -CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...) +CVE-2006-4567 NOTE: MFSA-2006-58 - firefox 1.5.dfsg+1.5.0.7-1 (unimportant) - thunderbird 1.5.0.7-1 (unimportant) [sarge] - mozilla-firefox (unimportant) [sarge] - mozilla-thunderbird (unimportant) NOTE: The internal update mechanism is disabled in Debian -CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...) +CVE-2006-4566 {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-57 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (high) -CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...) +CVE-2006-4565 {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-57 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - xulrunner 1.8.0.7-1 (high) - thunderbird 1.5.0.7-1 (low) -CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...) +CVE-2006-4564 NOT-FOR-US: Simple Machines Forum -CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before ...) +CVE-2006-4563 NOT-FOR-US: PHP-Nuke -CVE-2006-4562 (** DISPUTED ** ...) +CVE-2006-4562 NOT-FOR-US: Symantec -CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...) +CVE-2006-4561 - xulrunner 1.8.0.7-1 (low) - firefox 1.5.dfsg+1.5.0.7-1 (low) [sarge] - mozilla (Mozilla products from Sarge no longer supported) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) -CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) +CVE-2006-4560 NOT-FOR-US: Internet Explorer -CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...) +CVE-2006-4559 NOT-FOR-US: Yet Another Community System (YACS) CMS -CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...) +CVE-2006-4558 NOT-FOR-US: DeluxeBB -CVE-2006-4557 (** DISPUTED ** ...) +CVE-2006-4557 NOT-FOR-US: Discloser -CVE-2006-4556 (** DISPUTED ** ...) +CVE-2006-4556 NOT-FOR-US: JIM component for Mambo and Joomla! -CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control ...) +CVE-2006-4555 NOT-FOR-US: Miniclip CR64Loader ActiveX control -CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...) +CVE-2006-4554 NOT-FOR-US: BeCubed Compression Plus -CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the ...) +CVE-2006-4553 NOT-FOR-US: com_comprofiler Components for Mambo and Joomla! -CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter ...) +CVE-2006-4552 NOT-FOR-US: CHXO Feedsplitter -CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows ...) +CVE-2006-4551 NOT-FOR-US: CHXO Feedsplitter -CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 ...) +CVE-2006-4550 NOT-FOR-US: CHXO Feedsplitter -CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the ...) +CVE-2006-4549 NOT-FOR-US: CHXO Feedsplitter -CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...) +CVE-2006-4548 NOTE: this should be fixed in PHP (CVE-2006-3017) -CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain ...) +CVE-2006-4547 NOT-FOR-US: Lyris ListManager -CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have ...) +CVE-2006-4546 NOT-FOR-US: Lyris ListManager -CVE-2006-4545 (** DISPUTED ** ...) +CVE-2006-4545 NOT-FOR-US: ModuleBased CMS Pre-Alpha -CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...) +CVE-2006-4544 NOT-FOR-US: ExBB -CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...) +CVE-2006-4543 NOT-FOR-US: HLStats -CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...) +CVE-2006-4542 {DSA-1199-1} - webmin (bug #391284) - usermin -CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...) +CVE-2006-4541 NOT-FOR-US: BlackICE PC Protection -CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...) +CVE-2006-4540 NOT-FOR-US: Learn.com LearnCenter -CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...) +CVE-2006-4539 NOT-FOR-US: Cerberus Helpdesk -CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...) +CVE-2006-4538 {DSA-1237 DSA-1233} - linux-2.6 2.6.17-9 -CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and ...) +CVE-2006-4537 NOT-FOR-US: OpenVMS -CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...) +CVE-2006-4536 NOT-FOR-US: CMS Frogss -CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local ...) +CVE-2006-4535 {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.18-1 -CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...) +CVE-2006-4534 NOT-FOR-US: Microsoft -CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...) +CVE-2006-4533 NOT-FOR-US: Plume CMS -CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...) +CVE-2006-4532 NOT-FOR-US: Yet Another Community System (YACS) CMS -CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...) +CVE-2006-4531 NOT-FOR-US: Pheap CMS -CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in ...) +CVE-2006-4530 NOT-FOR-US: membrepass -CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...) +CVE-2006-4529 NOT-FOR-US: membrepass -CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...) +CVE-2006-4528 NOT-FOR-US: membrepass -CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...) +CVE-2006-4527 NOT-FOR-US: CubeCart -CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in ...) +CVE-2006-4526 NOT-FOR-US: CubeCart -CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and ...) +CVE-2006-4525 NOT-FOR-US: CubeCart -CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...) +CVE-2006-4524 NOT-FOR-US: Digiappz Freekot -CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and ...) +CVE-2006-4523 NOT-FOR-US: 2Wire -CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows ...) +CVE-2006-4522 NOT-FOR-US: IBM AIX CVE-2006-XXXX [hostapd dos] - hostapd 1:0.5.4-1 [sarge] - hostapd (Vulnerable code not present) -CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...) +CVE-2006-4521 NOT-FOR-US: Novell eDirectory -CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...) +CVE-2006-4520 NOT-FOR-US: Novell eDirectory -CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...) +CVE-2006-4519 {DSA-1335-1} - gimp 2.2.16-1 (medium) NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression -CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...) +CVE-2006-4518 NOT-FOR-US: Qbik WinGate -CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...) +CVE-2006-4517 NOT-FOR-US: Novell iManager -CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...) +CVE-2006-4516 - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-4515 RESERVED -CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in ...) +CVE-2006-4514 {DSA-1221-1} - libgsf 1.14.2-1 -CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...) +CVE-2006-4513 - wv 1.2.4-1 (bug #396256; medium) - abiword 2.4.6-1 [sarge] - abiword 2.4.6-1.1 (bug #396360) NOTE: exact abiword fixed version not known, but <= 2.4.6-1 CVE-2006-4512 RESERVED -CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...) +CVE-2006-4511 NOT-FOR-US: Novell GroupWise -CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...) +CVE-2006-4510 NOT-FOR-US: Novell eDirectory -CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...) +CVE-2006-4509 NOT-FOR-US: Novell eDirectory -CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...) +CVE-2006-4508 - tor 0.1.1.23-1 -CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...) +CVE-2006-4507 NOT-FOR-US: Sony NOTE: According to the original advisory, this is just CVE-2006-3459 -CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...) +CVE-2006-4506 NOT-FOR-US: Novell Identity Manager -CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...) +CVE-2006-4505 NOT-FOR-US: NX5Linx -CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...) +CVE-2006-4504 NOT-FOR-US: NX5Linx -CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...) +CVE-2006-4503 NOT-FOR-US: NX5Linx -CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...) +CVE-2006-4502 NOT-FOR-US: ezPortal/ztml CMS -CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...) +CVE-2006-4501 NOT-FOR-US: ezPortal/ztml CMS -CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...) +CVE-2006-4500 NOT-FOR-US: ezPortal/ztml CMS -CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...) +CVE-2006-4499 NOT-FOR-US: ModernBill -CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...) +CVE-2006-4498 NOT-FOR-US: PortailPHP -CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...) +CVE-2006-4497 NOT-FOR-US: IwebNegar -CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...) +CVE-2006-4496 NOT-FOR-US: IwebNegar -CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) +CVE-2006-4495 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...) +CVE-2006-4494 NOT-FOR-US: Microsoft -CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...) +CVE-2006-4493 NOT-FOR-US: xbiff2 NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc -CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...) +CVE-2006-4492 NOT-FOR-US: Cybozu Office -CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...) +CVE-2006-4491 NOT-FOR-US: Cybozu Collaborex -CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...) +CVE-2006-4490 NOT-FOR-US: Cybozu Office -CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...) +CVE-2006-4489 NOT-FOR-US: MiniBill -CVE-2006-4488 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4488 NOT-FOR-US: ExBB Italia -CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...) +CVE-2006-4487 NOT-FOR-US: DUpoll -CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, ...) +CVE-2006-4486 {DSA-1331-1} - php5 5.1.6-1 - php4 4:4.4.4-1 -CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...) +CVE-2006-4485 - php5 5.1.6-1 - php4 (Vulnerable function doesn't exist) -CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...) +CVE-2006-4484 - libgd2 2.0.33-5.1 (medium; bug #384838) - xloadimage (unimportant; bug #384841) NOTE: xloadimage is a crasher only, not a security problem -CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...) +CVE-2006-4483 - php5 5.1.6-1 (unimportant) - php4 4:4.4.4-1 (unimportant) NOTE: Safe mode violations not supported, insufficient measure -CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...) +CVE-2006-4482 {DSA-1206-1} - php5 5.1.6-1 (medium) - php4 4:4.4.4-1 (medium) -CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...) +CVE-2006-4481 - php5 5.1.6-1 (unimportant) - php4 4:4.4.4-1 (unimportant) NOTE: Basedir violations not supported -CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...) +CVE-2006-4480 NOT-FOR-US: Nuked-Klan -CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...) +CVE-2006-4479 NOT-FOR-US: ezContents -CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...) +CVE-2006-4478 NOT-FOR-US: ezContents -CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...) +CVE-2006-4477 NOT-FOR-US: ezContents -CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) +CVE-2006-4476 NOT-FOR-US: Joomla! -CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...) +CVE-2006-4475 NOT-FOR-US: Joomla! -CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) +CVE-2006-4474 NOT-FOR-US: Joomla! -CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...) +CVE-2006-4473 NOT-FOR-US: Joomla! -CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...) +CVE-2006-4472 NOT-FOR-US: Joomla! -CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...) +CVE-2006-4471 NOT-FOR-US: Joomla! -CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...) +CVE-2006-4470 NOT-FOR-US: Joomla! -CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...) +CVE-2006-4469 NOT-FOR-US: Joomla! -CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) +CVE-2006-4468 NOT-FOR-US: Joomla! -CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...) +CVE-2006-4467 NOT-FOR-US: Simple Machines Forum -CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...) +CVE-2006-4466 NOT-FOR-US: Joomla! -CVE-2006-4465 (** DISPUTED ** ...) +CVE-2006-4465 NOT-FOR-US: Microsoft -CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...) +CVE-2006-4464 NOT-FOR-US: Nokia -CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...) +CVE-2006-4463 NOT-FOR-US: JS ASP Faq Manager -CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...) +CVE-2006-4462 NOT-FOR-US: LinksCaffe -CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...) +CVE-2006-4461 NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian) -CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...) +CVE-2006-4460 NOT-FOR-US: iAddressBook -CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...) +CVE-2006-4459 NOT-FOR-US: AnywhereUSB/5 -CVE-2006-4458 (Directory traversal vulnerability in ...) +CVE-2006-4458 - phpgroupware 0.9.16.011-1 (bug #386061; medium) -CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...) +CVE-2006-4457 NOT-FOR-US: phpECard -CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...) +CVE-2006-4456 NOT-FOR-US: phpECard -CVE-2006-4455 (** DISPUTED ** ...) +CVE-2006-4455 - xchat (not reproducible) -CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...) +CVE-2006-4454 NOT-FOR-US: HLstats -CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...) +CVE-2006-4453 NOT-FOR-US: PmWiki -CVE-2006-4452 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4452 NOT-FOR-US: Web3news -CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...) +CVE-2006-4451 NOT-FOR-US: Tag Board -CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...) +CVE-2006-4450 - phpbb2 2.0.21-1 (unimportant) NOTE: That's by design and even disabled by default -CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...) +CVE-2006-4449 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...) +CVE-2006-4448 NOT-FOR-US: interact -CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...) +CVE-2006-4447 {DSA-1193-1} - xbase-clients 1:7.1.ds-2 (unimportant) - xtrans 1.0.0-6 (unimportant) @@ -6235,318 +6235,318 @@ CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, - libx11 2:1.0.0-7 (unimportant) - xdm 1:1.0.5-1 (unimportant) - xterm (unimportant) -CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...) +CVE-2006-4446 NOT-FOR-US: Microsoft -CVE-2006-4445 (** DISPUTED ** ...) +CVE-2006-4445 NOT-FOR-US: CuteNews -CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...) +CVE-2006-4444 NOT-FOR-US: Cybozu Garoon -CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...) +CVE-2006-4443 NOT-FOR-US: AlstraSoft Video Share Enterprise -CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...) +CVE-2006-4442 NOT-FOR-US: iAddressBook -CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...) +CVE-2006-4441 NOT-FOR-US: Ay System Solutions CMS -CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...) +CVE-2006-4440 NOT-FOR-US: Ay System Solutions CMS -CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...) +CVE-2006-4439 NOT-FOR-US: Solaris -CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux ...) +CVE-2006-4438 NOT-FOR-US: SpIDer for Dr.Web Scanner -CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...) +CVE-2006-4437 NOT-FOR-US: Tagger LE -CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...) +CVE-2006-4602 - tikiwiki 1.9.4+dfsg2-3 -CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...) +CVE-2006-4436 {DSA-1175-1} - isakmpd 20041012-4 (bug #385894; medium) -CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...) +CVE-2006-4435 NOT-FOR-US: OpenBSD -CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...) +CVE-2006-4434 {DSA-1164} - sendmail 8.13.8-1 (bug #385054; medium) -CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...) +CVE-2006-4433 - php4 4:4.4.4-1 (unimportant) - php5 5.1.4-0.1 (unimportant) NOTE: Sanitising this is an application's job -CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...) +CVE-2006-4432 NOT-FOR-US: Zend Platform -CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...) +CVE-2006-4431 NOT-FOR-US: Zend Platform -CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...) +CVE-2006-4430 NOT-FOR-US: Cisco -CVE-2006-4429 (** DISPUTED ** ...) +CVE-2006-4429 NOT-FOR-US: PHlyMail Lite -CVE-2006-4428 (** DISPUTED ** ...) +CVE-2006-4428 NOT-FOR-US: Jupiter CMS -CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...) +CVE-2006-4427 NOT-FOR-US: eFiction -CVE-2006-4426 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4426 NOT-FOR-US: AlberT-EasySite -CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...) +CVE-2006-4425 NOT-FOR-US: phpCOIN -CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...) +CVE-2006-4424 NOT-FOR-US: phpCOIN -CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...) +CVE-2006-4423 NOT-FOR-US: Bigace -CVE-2006-4422 (** DISPUTED ** ...) +CVE-2006-4422 NOT-FOR-US: Jetbox CMS -CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-4421 NOT-FOR-US: Yet Another PHP Image Gallery -CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...) +CVE-2006-4420 NOT-FOR-US: Phaos -CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...) +CVE-2006-4419 NOT-FOR-US: ProManager -CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...) +CVE-2006-4418 NOT-FOR-US: Wikepage -CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...) +CVE-2006-4417 NOT-FOR-US: Xoops -CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...) +CVE-2006-4416 NOT-FOR-US: IBM AIX CVE-2006-4415 RESERVED CVE-2006-4414 RESERVED -CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...) +CVE-2006-4413 NOT-FOR-US: Apple Remote Desktop -CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...) +CVE-2006-4412 NOT-FOR-US: Apple Mac OS X -CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x ...) +CVE-2006-4411 NOT-FOR-US: Apple Mac OS X -CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before ...) +CVE-2006-4410 NOT-FOR-US: Apple Mac OS X -CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...) +CVE-2006-4409 NOT-FOR-US: Apple Mac OS X -CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows ...) +CVE-2006-4408 NOT-FOR-US: Apple Mac OS X -CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...) +CVE-2006-4407 NOT-FOR-US: Apple Mac OS X -CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and ...) +CVE-2006-4406 NOT-FOR-US: Apple Mac OS X CVE-2006-4405 RESERVED -CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when ...) +CVE-2006-4404 NOT-FOR-US: Apple Mac OS X -CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access ...) +CVE-2006-4403 NOT-FOR-US: Apple Mac OS X -CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...) +CVE-2006-4402 NOT-FOR-US: Apple Mac OS X -CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier ...) +CVE-2006-4401 NOT-FOR-US: Apple Mac OS X -CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...) +CVE-2006-4400 NOT-FOR-US: Apple Mac OS X -CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...) +CVE-2006-4399 NOT-FOR-US: Mac OS -CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in ...) +CVE-2006-4398 NOT-FOR-US: Apple Mac OS X -CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...) +CVE-2006-4397 NOT-FOR-US: Mac OS -CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier ...) +CVE-2006-4396 NOT-FOR-US: Apple Mac OS X -CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...) +CVE-2006-4395 NOT-FOR-US: Mac OS -CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...) +CVE-2006-4394 NOT-FOR-US: Mac OS -CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 ...) +CVE-2006-4393 NOT-FOR-US: Mac OS -CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X ...) +CVE-2006-4392 NOT-FOR-US: Mac OS -CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...) +CVE-2006-4391 NOT-FOR-US: Mac OS -CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows ...) +CVE-2006-4390 NOT-FOR-US: Mac OS -CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...) +CVE-2006-4389 NOT-FOR-US: Apple QuickTime -CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) +CVE-2006-4388 NOT-FOR-US: Apple QuickTime -CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...) +CVE-2006-4387 NOT-FOR-US: Mac OS -CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) +CVE-2006-4386 NOT-FOR-US: Apple QuickTime -CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) +CVE-2006-4385 NOT-FOR-US: Apple QuickTime -CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...) +CVE-2006-4384 NOT-FOR-US: Apple QuickTime CVE-2006-4383 RESERVED -CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...) +CVE-2006-4382 NOT-FOR-US: Apple QuickTime -CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) +CVE-2006-4381 NOT-FOR-US: Apple QuickTime -CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...) +CVE-2006-4380 {DSA-1169} - mysql-dfsg-5.0 (only 4.1 affected) - mysql-dfsg (only 4.1 affected) - mysql-dfsg-4.1 -CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...) +CVE-2006-4379 NOT-FOR-US: Ipswitch Collaboration 2006 Suite -CVE-2006-4378 (** DISPUTED ** ...) +CVE-2006-4378 NOT-FOR-US: Rssxt component for Joomla! (com_rssxt) -CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...) +CVE-2006-4377 NOT-FOR-US: Eichhorn Portal -CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...) +CVE-2006-4376 NOT-FOR-US: Eichhorn Portal -CVE-2006-4375 (** DISPUTED ** ...) +CVE-2006-4375 NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd) -CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...) +CVE-2006-4374 NOT-FOR-US: IrfanView -CVE-2006-4373 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4373 NOT-FOR-US: pSlash -CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...) +CVE-2006-4372 NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo -CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...) +CVE-2006-4371 NOT-FOR-US: Alt-N WebAdmin -CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...) +CVE-2006-4370 NOT-FOR-US: Alt-N WebAdmin -CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...) +CVE-2006-4369 NOT-FOR-US: IntegraMOD Portal -CVE-2006-4368 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4368 NOT-FOR-US: IntegraMOD Portal -CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...) +CVE-2006-4367 NOT-FOR-US: All Topics Hack for phpBB -CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...) +CVE-2006-4366 NOT-FOR-US: RedBLoG -CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...) +CVE-2006-4365 NOT-FOR-US: VistaBB -CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...) +CVE-2006-4364 NOT-FOR-US: Alt-N Technologies MDaemon -CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...) +CVE-2006-4363 NOT-FOR-US: CropImage component (com_cropimage) for Mambo -CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...) +CVE-2006-4362 NOT-FOR-US: Diesel Paid Mail -CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-4361 NOT-FOR-US: Diesel Job Site -CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...) +CVE-2006-4360 NOT-FOR-US: E-commerce for Drupal -CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...) +CVE-2006-4359 NOT-FOR-US: PowerZip -CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...) +CVE-2006-4358 NOT-FOR-US: Diesel Pay -CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...) +CVE-2006-4357 NOT-FOR-US: Diesel Smart Traffic -CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...) +CVE-2006-4356 NOT-FOR-US: Easylinks Module for Drupal -CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...) +CVE-2006-4355 NOT-FOR-US: Easylinks Module for Drupal -CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...) +CVE-2006-4354 NOT-FOR-US: Phome Empire CMS -CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...) +CVE-2006-4353 NOT-FOR-US: Sun Java System Content Delivery Server -CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...) +CVE-2006-4352 NOT-FOR-US: Cisco -CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...) +CVE-2006-4351 NOT-FOR-US: OneOrZero -CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...) +CVE-2006-4350 NOT-FOR-US: OneOrZero -CVE-2006-4349 (** DISPUTED ** ...) +CVE-2006-4349 NOT-FOR-US: ToendaCMS -CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...) +CVE-2006-4348 NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla! -CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...) +CVE-2006-4347 NOT-FOR-US: Cool Manager -CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...) +CVE-2006-4346 - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060) -CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...) +CVE-2006-4345 - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060) -CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...) +CVE-2006-4344 NOT-FOR-US: CGI-Rescue Mail F/W System -CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL ...) +CVE-2006-4343 {DSA-1195-1 DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 - openssl096 -CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...) +CVE-2006-4342 - linux-2.6 (Flaw specific to Red Hat backport) CVE-2006-4341 REJECTED -CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) +CVE-2006-4340 {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (high) - xulrunner 1.8.0.7-1 (high) -CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...) +CVE-2006-4339 {DSA-1174-1 DSA-1173-1} - openssl 0.9.8b-3 (medium) - openssl097 0.9.7i-2 (medium) - openssl096 -CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...) +CVE-2006-4338 {DSA-1181-1} - gzip 1.3.5-15 (medium) - lha 1.14i-10.1 (medium; bug #401301) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) -CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...) +CVE-2006-4337 {DSA-1181-1} - gzip 1.3.5-15 (high) - lha 1.14i-10.1 (high; bug #401301) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) -CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...) +CVE-2006-4336 {DSA-1181-1} - gzip 1.3.5-15 (high) -CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...) +CVE-2006-4335 {DSA-1181-1} - gzip 1.3.5-15 (high) - lha 1.14i-10.1 (high; bug #401301) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) -CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...) +CVE-2006-4334 {DSA-1974-1 DSA-1181-1} - gzip 1.3.5-15 (high) -CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...) +CVE-2006-4333 {DSA-1171} - wireshark 0.99.2-5.1 (low; bug #384529) - ethereal (low; bug #384528) -CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...) +CVE-2006-4332 - wireshark (windows only) - ethereal (windows only) -CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...) +CVE-2006-4331 - wireshark 0.99.2-5.1 (medium; bug #384529) - ethereal (only wireshark 0.99.2 affected) -CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...) +CVE-2006-4330 - wireshark 0.99.2-5 (medium; bug #384529) - ethereal (only wireshark 0.99.2 affected) -CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...) +CVE-2006-4329 NOT-FOR-US: Shadows Rising -CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...) +CVE-2006-4328 NOT-FOR-US: CloudNine -CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...) +CVE-2006-4327 NOT-FOR-US: CloudNine -CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...) +CVE-2006-4326 NOT-FOR-US: Ichitaro -CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...) +CVE-2006-4325 NOT-FOR-US: Doika -CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...) +CVE-2006-4324 NOT-FOR-US: CityForFree -CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...) +CVE-2006-4323 NOT-FOR-US: CityForFree -CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...) +CVE-2006-4322 NOT-FOR-US: Mambo -CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...) +CVE-2006-4321 NOT-FOR-US: Mambo -CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...) +CVE-2006-4320 NOT-FOR-US: OpenSEF for Joomla -CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...) +CVE-2006-4319 NOT-FOR-US: Solaris -CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...) +CVE-2006-4318 NOT-FOR-US: WFTPD -CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...) +CVE-2006-4317 NOT-FOR-US: WoltLab -CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...) +CVE-2006-4316 NOT-FOR-US: SSH Tectia Management Agent -CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...) +CVE-2006-4315 NOT-FOR-US: SSH Tectia Management Agent -CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...) +CVE-2006-4314 NOT-FOR-US: Symantec -CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...) +CVE-2006-4313 NOT-FOR-US: Cisco -CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...) +CVE-2006-4312 NOT-FOR-US: Cisco -CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...) +CVE-2006-4311 NOT-FOR-US: Sonium Enterprise Adressbook -CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...) +CVE-2006-4310 {DSA-1227-1 DSA-1225-1 DSA-1224-1} - firefox 45.0-1 - firefox-esr 45.0esr-1 @@ -6554,124 +6554,124 @@ CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial - mozilla - mozilla-firefox - xulrunner 1.8.0.8-1 -CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...) +CVE-2006-4309 NOT-FOR-US: AK-Systems Windows Terminal -CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...) +CVE-2006-4308 NOT-FOR-US: Blackboard Learning System -CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...) +CVE-2006-4307 NOT-FOR-US: Solaris -CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...) +CVE-2006-4306 NOT-FOR-US: Solaris -CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...) +CVE-2006-4305 {DSA-1190-1} - maxdb-7.5.00 7.5.00.34-5 (high; bug #386182) -CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...) +CVE-2006-4304 - kfreebsd-5 5.4-18 (bug #391289) [etch] - kfreebsd-5 (Etch doesn't have security support for the FreeBSD kernel) -CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...) +CVE-2006-4303 NOT-FOR-US: Solaris -CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...) +CVE-2006-4302 - sun-java5 1.5.0-07-1 -CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) +CVE-2006-4301 NOT-FOR-US: Microsoft -CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...) +CVE-2006-4300 NOT-FOR-US: SimpleBlog -CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...) +CVE-2006-4299 - tikiwiki 1.9.4+dfsg2-2 (low; bug #384796) -CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...) +CVE-2006-4298 NOT-FOR-US: osCommerce -CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...) +CVE-2006-4297 NOT-FOR-US: osCommerce -CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...) +CVE-2006-4296 NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo -CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...) +CVE-2006-4295 NOT-FOR-US: Panda ActiveScan -CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...) +CVE-2006-4294 - twiki 1:4.0.4-3 (bug #389267; low) -CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) +CVE-2006-4293 NOT-FOR-US: cPanel -CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...) +CVE-2006-4292 - honeyd 1.5b-1 (low; bug #384806) [sarge] - honeyd (Minor issue) -CVE-2006-4291 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4291 NOT-FOR-US: PHlyMail Lite -CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...) +CVE-2006-4290 NOT-FOR-US: Sony -CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...) +CVE-2006-4289 NOT-FOR-US: Sony -CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...) +CVE-2006-4288 NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo -CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...) +CVE-2006-4287 NOT-FOR-US: NES Game and NES System -CVE-2006-4286 (** DISPUTED ** ...) +CVE-2006-4286 NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo -CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...) +CVE-2006-4285 NOT-FOR-US: Fantastic News -CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...) +CVE-2006-4284 NOT-FOR-US: LBlog -CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...) +CVE-2006-4283 NOT-FOR-US: SOLMETRA SPAW Editor -CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...) +CVE-2006-4282 NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla! -CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...) +CVE-2006-4281 NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo -CVE-2006-4280 (** DISPUTED ** ...) +CVE-2006-4280 NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo -CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...) +CVE-2006-4279 NOT-FOR-US: XennoBB -CVE-2006-4278 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4278 NOT-FOR-US: SportsPHool -CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...) +CVE-2006-4277 NOT-FOR-US: Tutti Nova -CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...) +CVE-2006-4276 NOT-FOR-US: Tutti Nova -CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...) +CVE-2006-4275 NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop) CVE-2006-4274 REJECTED -CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...) +CVE-2006-4273 NOT-FOR-US: Jelsoft vBulletin -CVE-2006-4272 (** DISPUTED ** ...) +CVE-2006-4272 NOT-FOR-US: Jelsoft vBulletin -CVE-2006-4271 (** DISPUTED ** ...) +CVE-2006-4271 NOT-FOR-US: Jelsoft vBulletin -CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...) +CVE-2006-4270 NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo -CVE-2006-4269 (** DISPUTED ** ...) +CVE-2006-4269 NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla! -CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...) +CVE-2006-4268 NOT-FOR-US: CubeCart -CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...) +CVE-2006-4267 NOT-FOR-US: CubeCart -CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...) +CVE-2006-4266 NOT-FOR-US: Symantec -CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...) +CVE-2006-4265 NOT-FOR-US: Kaspersky -CVE-2006-4264 (** DISPUTED ** ...) +CVE-2006-4264 NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo -CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...) +CVE-2006-4263 NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla! -CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...) +CVE-2006-4262 {DSA-1186-1} - cscope 15.5+cvs20060902-1 (low; bug #385893) CVE-2006-4261 REJECTED -CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...) +CVE-2006-4260 NOT-FOR-US: Fotopholder -CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...) +CVE-2006-4259 NOT-FOR-US: Fotopholder -CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...) +CVE-2006-4258 NOT-FOR-US: Anti-Spam SMTP Proxy -CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...) +CVE-2006-4257 NOT-FOR-US: IBM DB2 -CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...) +CVE-2006-4256 {DSA-1406-1} - horde3 3.1.3-1 (low; bug #383416) -CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...) +CVE-2006-4255 - imp4 4.1.3-1 (low; bug #383416) -CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...) +CVE-2006-4254 NOT-FOR-US: IBM AIX -CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...) +CVE-2006-4253 NOTE: MFSA-2006-59 - xulrunner 1.8.0.7-1 (medium) - firefox 1.5.dfsg+1.5.0.7-1 (medium) @@ -6681,231 +6681,231 @@ CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier [sarge] - mozilla (unimportant) [sarge] - mozilla-thunderbird (unimportant) NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al. -CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...) +CVE-2006-4252 - pdns-recursor 3.1.4-1 (bug #398559) - pdns (Recursor module has been moved to pdns-recursor) -CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...) +CVE-2006-4251 {DSA-1211} - pdns-recursor 3.1.4-1 (bug #398557; high) - pdns 2.9.20-4 NOTE: Recursor module has been moved to pdns-recursor -CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...) +CVE-2006-4250 {DSA-1278-1} - man-db 2.4.3-5 -CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...) +CVE-2006-4249 - zope-cmfplone 2.5.1-3 (bug #401796) [sarge] - zope-cmfplone (Vulnerable code not present) -CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...) +CVE-2006-4248 {DSA-1205-1} - thttpd 2.23beta1-5 (bug #396277) -CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on ...) +CVE-2006-4247 [sarge] - zope-cmfplone (Vulnerable code not present) - zope-cmfplone 2.5.1-1 -CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...) +CVE-2006-4246 {DSA-1177-1} - usermin (bug #374609) CVE-2006-4245 RESERVED - archivemail 0.6.2-2 (bug #385253) -CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...) +CVE-2006-4244 {DSA-1239-1} - sql-ledger 2.6.18-1 (medium; bug #386519) CVE-2006-4243 [linux vserver priviledge escalation in remount code] RESERVED - linux-2.6 2.6.17-9 -CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...) +CVE-2006-4242 NOT-FOR-US: JIM component for Joomla or Mambo -CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...) +CVE-2006-4241 NOT-FOR-US: Reporter Mambo component (com_reporter) -CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...) +CVE-2006-4240 NOT-FOR-US: Fusion News -CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...) +CVE-2006-4239 NOT-FOR-US: Outreach Project Tool -CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...) +CVE-2006-4238 NOT-FOR-US: WebTorrent (WTcom) -CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...) +CVE-2006-4237 NOT-FOR-US: Invisionix Roaming System Remote (IRSR) -CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...) +CVE-2006-4236 NOT-FOR-US: POWERGAP -CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...) +CVE-2006-4235 NOT-FOR-US: Sony -CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...) +CVE-2006-4234 NOT-FOR-US: dotProject -CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...) +CVE-2006-4233 NOT-FOR-US: Globus Toolkit -CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...) +CVE-2006-4232 NOT-FOR-US: Globus Toolkit -CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...) +CVE-2006-4231 NOT-FOR-US: IrfanView -CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) +CVE-2006-4230 NOT-FOR-US: Lizge Web Portal -CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...) +CVE-2006-4229 NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla! -CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...) +CVE-2006-4228 NOT-FOR-US: Symantec -CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...) +CVE-2006-4227 - mysql-dfsg-5.0 5.0.24-3 (low; bug #384798) -CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...) +CVE-2006-4226 {DSA-1169} - mysql-dfsg-5.0 5.0.24-3 (low; bug #384798) [sarge] - mysql-dfsg (Vulnerable code not present) CVE-2006-4225 REJECTED -CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...) +CVE-2006-4224 NOT-FOR-US: Virtual War -CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows ...) +CVE-2006-4223 NOT-FOR-US: IBM WebSphere Application -CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) +CVE-2006-4222 NOT-FOR-US: IBM WebSphere Application -CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...) +CVE-2006-4221 NOT-FOR-US: IBM -CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in ...) +CVE-2006-4220 NOT-FOR-US: Novell GroupWise WebAccess -CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...) +CVE-2006-4219 NOT-FOR-US: Terminal Services COM object -CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...) +CVE-2006-4218 NOT-FOR-US: Zen Cart -CVE-2006-4217 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4217 NOT-FOR-US: WEBInsta CMS CVE-2006-4216 REJECTED -CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...) +CVE-2006-4215 NOT-FOR-US: Zen Cart -CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...) +CVE-2006-4214 NOT-FOR-US: Zen Cart -CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...) +CVE-2006-4213 NOT-FOR-US: Thatware -CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...) +CVE-2006-4212 NOT-FOR-US: Owl Intranet Engine -CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...) +CVE-2006-4211 NOT-FOR-US: Owl Intranet Engine -CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...) +CVE-2006-4210 NOT-FOR-US: phPay -CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...) +CVE-2006-4209 NOT-FOR-US: WEBInsta Mailing List Manager -CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...) +CVE-2006-4208 - wordpress 2.0.5-0.1 (unimportant; bug #384800) NOTE: Only exploitable by admin users, someone with the privilege to backup NOTE: your data must be trustworthy -CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...) +CVE-2006-4207 NOT-FOR-US: Discloser -CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...) +CVE-2006-4206 NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition -CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...) +CVE-2006-4205 NOT-FOR-US: WebDynamite ProjectButler -CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 ...) +CVE-2006-4204 NOT-FOR-US: PHProjekt -CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...) +CVE-2006-4203 NOT-FOR-US: MMP Component (com_mmp) for Mambo -CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...) +CVE-2006-4202 NOT-FOR-US: Spidey Blog Script -CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...) +CVE-2006-4201 NOT-FOR-US: HP OpenView Storage Data Protector -CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...) +CVE-2006-4200 NOT-FOR-US: 04WebServer -CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...) +CVE-2006-4199 NOT-FOR-US: 04WebServer -CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...) +CVE-2006-4198 NOT-FOR-US: Wheatblog -CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...) +CVE-2006-4197 {DSA-1162} - libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030) - libmusicbrainz-2.0 (medium; bug #383031) -CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...) +CVE-2006-4196 NOT-FOR-US: WEBInsta CMS -CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...) +CVE-2006-4195 NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook) CVE-2006-XXXX [gallery2 session ID disclosure] - gallery2 2.1.2-1 CVE-2006-XXXX [insecure filehandling in mysql_upgrade] - mysql-dfsg-5.0 5.0.24-1 NOTE: mysql_upgrade not in 4.x -CVE-2006-4194 (** DISPUTED ** ...) +CVE-2006-4194 NOT-FOR-US: Cisco -CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...) +CVE-2006-4193 NOT-FOR-US: MS IE -CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...) +CVE-2006-4192 - libmodplug 1:0.7-5.2 (medium; bug #383574) - gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956) -CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...) +CVE-2006-4191 NOT-FOR-US: XMB -CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...) +CVE-2006-4190 NOT-FOR-US: PHP-Nuke module AutoHTML -CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 ...) +CVE-2006-4189 NOT-FOR-US: Dolphin -CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, ...) +CVE-2006-4188 NOT-FOR-US: HP-UX -CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...) +CVE-2006-4187 NOT-FOR-US: HP-UX -CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes ...) +CVE-2006-4186 NOT-FOR-US: Novell eDirectory -CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory ...) +CVE-2006-4185 NOT-FOR-US: Novell eDirectory -CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce ...) +CVE-2006-4184 NOT-FOR-US: SmartLine DeviceLock -CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) ...) +CVE-2006-4183 NOT-FOR-US: Microsoft -CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...) +CVE-2006-4182 {DSA-1196-1} - clamav 0.88.5-1 (high; bug #393445) -CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...) +CVE-2006-4181 NOT-FOR-US: GNU Radius CVE-2006-4180 REJECTED CVE-2006-4179 RESERVED -CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...) +CVE-2006-4178 - kfreebsd-5 (bug #391289; low) [etch] - kfreebsd-5 (Etch doesn't have security support for the FreeBSD kernel) -CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...) +CVE-2006-4177 NOT-FOR-US: Novell eDirectory CVE-2006-4176 RESERVED -CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...) +CVE-2006-4175 NOT-FOR-US: Sun Java System Directory Server CVE-2006-4174 RESERVED CVE-2006-4173 RESERVED -CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...) +CVE-2006-4172 - kfreebsd-5 (bug #391289; low) [etch] - kfreebsd-5 (Etch doesn't have security support for the FreeBSD kernel) CVE-2006-4171 RESERVED CVE-2006-4170 REJECTED -CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...) +CVE-2006-4169 NOT-FOR-US: G/PGP (GPG) plugin for Squirrelmail -CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...) +CVE-2006-4168 {DSA-1310-1} - libexif 0.6.16-1 (bug #430012) CVE-2006-4167 RESERVED -CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...) +CVE-2006-4166 NOT-FOR-US: TinyWebGallery -CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and ...) +CVE-2006-4165 NOT-FOR-US: NetCommons -CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in ...) +CVE-2006-4164 NOT-FOR-US: phpPrintAnalyzer -CVE-2006-4163 (** DISPUTED ** ...) +CVE-2006-4163 NOT-FOR-US: miniBloggie -CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...) +CVE-2006-4162 NOT-FOR-US: Dragonfly CMS -CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...) +CVE-2006-4161 NOT-FOR-US: XennoBB -CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...) +CVE-2006-4160 NOT-FOR-US: MVCnPHP -CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...) +CVE-2006-4159 NOT-FOR-US: Chaussette -CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...) +CVE-2006-4158 NOT-FOR-US: Spaminator -CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another ...) +CVE-2006-4157 NOT-FOR-US: Yet another Bulletin Board (YaBB) -CVE-2006-4156 (** DISPUTED ** ...) +CVE-2006-4156 NOT-FOR-US: pearlabs mafia moblog -CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...) +CVE-2006-4155 NOT-FOR-US: Invision Power Board (IPB) -CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x ...) +CVE-2006-4154 NOT-FOR-US: mod_tcl CVE-2006-4153 RESERVED @@ -6921,166 +6921,166 @@ CVE-2006-4148 RESERVED CVE-2006-4147 RESERVED -CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...) +CVE-2006-4146 - gdb 7.3-1 (unimportant) NOTE: Every sensible use of gdb involves executing the debugged binary NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=204841 NOTE: https://bugs.launchpad.net/ubuntu/+source/gdb/+bug/62695 -CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...) +CVE-2006-4145 {DSA-1184-2} - linux-2.6 2.6.17-7 -CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to ...) +CVE-2006-4143 NOT-FOR-US: Netgear -CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...) +CVE-2006-4142 NOT-FOR-US: Virtual War (VWar) -CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...) +CVE-2006-4141 NOT-FOR-US: Virtual War (VWar) -CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...) +CVE-2006-4140 NOT-FOR-US: IPCheck Server Monitor -CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...) +CVE-2006-4139 NOT-FOR-US: Solaris -CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...) +CVE-2006-4138 NOT-FOR-US: Microsoft -CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...) +CVE-2006-4137 NOT-FOR-US: IBM WebSphere -CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) +CVE-2006-4136 NOT-FOR-US: IBM WebSphere -CVE-2006-4135 (** DISPUTED ** ...) +CVE-2006-4135 NOT-FOR-US: Calendarix -CVE-2006-4134 (Unspecified vulnerability related to a "design flaw" in SAP Internet ...) +CVE-2006-4134 NOT-FOR-US: SAP -CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...) +CVE-2006-4133 NOT-FOR-US: SAP -CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...) +CVE-2006-4132 NOT-FOR-US: ArcSoft MMS Composer -CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...) +CVE-2006-4131 NOT-FOR-US: ArcSoft MMS Composer -CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...) +CVE-2006-4130 NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla! -CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...) +CVE-2006-4129 NOT-FOR-US: Webring Component (com_webring) for Joomla! -CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...) +CVE-2006-4128 NOT-FOR-US: Symantec VERITAS -CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...) +CVE-2006-4127 NOT-FOR-US: DConnect Daemon (dcd) -CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...) +CVE-2006-4126 NOT-FOR-US: DConnect Daemon (dcd) -CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...) +CVE-2006-4125 NOT-FOR-US: DConnect Daemon (dcd) -CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...) +CVE-2006-4124 - lesstif2 1:0.94.4-1 (bug #382411; medium) -CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...) +CVE-2006-4123 NOT-FOR-US: Boite de News -CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...) +CVE-2006-4122 NOT-FOR-US: Simple one-file guestbook -CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...) +CVE-2006-4121 NOT-FOR-US: See-Commerce -CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...) +CVE-2006-4120 NOT-FOR-US: Recipe module (recipe.module) for Drupal -CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...) +CVE-2006-4119 NOT-FOR-US: GeheimChaos -CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...) +CVE-2006-4118 NOT-FOR-US: GeheimChaos -CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...) +CVE-2006-4117 NOT-FOR-US: Solaris -CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...) +CVE-2006-4116 NOT-FOR-US: Lhaz -CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...) +CVE-2006-4115 NOT-FOR-US: PgMarket -CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...) +CVE-2006-4114 NOT-FOR-US: PHPMyRing -CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...) +CVE-2006-4113 NOT-FOR-US: hitweb -CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution mechanism" in ...) +CVE-2006-4112 - rails 1.1.6-1 (bug #382255; medium) -CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...) +CVE-2006-4111 - rails 1.1.5-1 (bug #382255; medium) -CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...) +CVE-2006-4110 - apache2 (Affects Apache on Windows only) -CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...) +CVE-2006-4109 NOT-FOR-US: Bibliography (biblio.module) for Drupal -CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...) +CVE-2006-4108 NOT-FOR-US: Bibliography (biblio.module) for Drupal -CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...) +CVE-2006-4107 NOT-FOR-US: Job Search module (job.module) for Drupal -CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...) +CVE-2006-4106 NOT-FOR-US: blur6ex -CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...) +CVE-2006-4105 NOT-FOR-US: Fill Threads Database -CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...) +CVE-2006-4104 NOT-FOR-US: mojoGallery -CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...) +CVE-2006-4103 NOT-FOR-US: phNNTP -CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...) +CVE-2006-4102 NOT-FOR-US: SQLiteWebAdmin CVE-2006-4101 RESERVED CVE-2006-4100 RESERVED -CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...) +CVE-2006-4099 NOT-FOR-US: Business Objects -CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...) +CVE-2006-4098 NOT-FOR-US: Cisco -CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...) +CVE-2006-4097 NOT-FOR-US: Cisco -CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...) +CVE-2006-4096 {DSA-1172-1} - bind (Not vulnerable according to CERT advisory) - bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237) -CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...) +CVE-2006-4095 {DSA-1172-1} - bind (Not vulnerable according to CERT advisory) - bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237) CVE-2006-4094 RESERVED -CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...) +CVE-2006-4093 {DSA-1184-2 DSA-1237} - linux-2.6 2.6.17-7 -CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...) +CVE-2006-4092 NOT-FOR-US: Simpliciti Locked Browser -CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...) +CVE-2006-4091 NOT-FOR-US: Archangel Weblog -CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...) +CVE-2006-4090 NOT-FOR-US: Webligo BlogHoster -CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...) +CVE-2006-4089 {DSA-1179-1} - alsaplayer 0.99.76-9 (medium; bug #382842) -CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...) +CVE-2006-4088 NOT-FOR-US: CivicSpace -CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...) +CVE-2006-4087 NOT-FOR-US: mojoGallery -CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...) +CVE-2006-4086 NOT-FOR-US: Online Zone Journals (OZJournals) -CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...) +CVE-2006-4085 NOT-FOR-US: The Search Engine Project (TSEP) -CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...) +CVE-2006-4084 NOT-FOR-US: phpAutoMembersArea (phpAMA) -CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...) +CVE-2006-4083 NOT-FOR-US: myEvent -CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...) +CVE-2006-4082 NOT-FOR-US: Barracuda Spam Firewall -CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...) +CVE-2006-4081 NOT-FOR-US: Barracuda Spam Firewall -CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...) +CVE-2006-4080 NOT-FOR-US: DeluxeBB -CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...) +CVE-2006-4079 NOT-FOR-US: DeluxeBB -CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...) +CVE-2006-4078 NOT-FOR-US: DeluxeBB -CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...) +CVE-2006-4077 NOT-FOR-US: Comet WebFileManager -CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...) +CVE-2006-4076 NOT-FOR-US: docpile: wim's edition -CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...) +CVE-2006-4075 NOT-FOR-US: docpile: wim's edition -CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...) +CVE-2006-4074 NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla! -CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...) +CVE-2006-4073 NOT-FOR-US: phpCC -CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...) +CVE-2006-4072 NOT-FOR-US: Club-Nuke [XP] -CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...) +CVE-2006-4144 {DSA-1213} - imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314) - graphicsmagick 1.1.7-7 (medium; bug #383333) @@ -7090,100 +7090,100 @@ CVE-2006-XXXX [crash in the certificate verification logic] - gnutls12 1.2.11-3 (unimportant) - gnutls13 1.4.2-1 (unimportant) NOTE: Normal bug, no reliable denial of service potential -CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...) +CVE-2006-4071 NOT-FOR-US: Microsoft -CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...) +CVE-2006-4070 NOT-FOR-US: Imendio Planner -CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...) +CVE-2006-4069 NOT-FOR-US: Online Zone Journals (OZJournals) -CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...) +CVE-2006-4068 NOT-FOR-US: pswd.js -CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...) +CVE-2006-4067 - cakephp 1.1.13.4450-1 -CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...) +CVE-2006-4066 NOT-FOR-US: Microsoft -CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...) +CVE-2006-4065 NOT-FOR-US: SAPID Gallery -CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...) +CVE-2006-4064 NOT-FOR-US: YenerTurk Haber Script -CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...) +CVE-2006-4063 NOT-FOR-US: SAPID Blog -CVE-2006-4062 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4062 NOT-FOR-US: SAPID Shop -CVE-2006-4061 (** DISPUTED ** ...) +CVE-2006-4061 NOT-FOR-US: phpPrintAnalyzer -CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...) +CVE-2006-4060 NOT-FOR-US: Visual Events Calendar -CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...) +CVE-2006-4059 NOT-FOR-US: USOLVED NEWSolved Lite -CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...) +CVE-2006-4058 NOT-FOR-US: Simplog -CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...) +CVE-2006-4057 NOT-FOR-US: Eremove -CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...) +CVE-2006-4056 NOT-FOR-US: katzlbt The Address Book -CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...) +CVE-2006-4055 NOT-FOR-US: The Search Engine Project (TSEP) -CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...) +CVE-2006-4054 NOT-FOR-US: ME Download System -CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...) +CVE-2006-4053 NOT-FOR-US: ME Download System -CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) +CVE-2006-4052 NOT-FOR-US: Turnkey Web Tools PHP Simple Shop -CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...) +CVE-2006-4051 NOT-FOR-US: Turnkey Web Tools PHP Live Helper -CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...) +CVE-2006-4050 NOT-FOR-US: phpAutoMembersArea (phpAMA) -CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...) +CVE-2006-4049 NOT-FOR-US: Sun -CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...) +CVE-2006-4048 NOT-FOR-US: Netious CMS -CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...) +CVE-2006-4047 NOT-FOR-US: Netious CMS -CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...) +CVE-2006-4045 NOT-FOR-US: Torbstoff News -CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...) +CVE-2006-4044 NOT-FOR-US: phpCodeCabinet -CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...) +CVE-2006-4043 NOT-FOR-US: myWebland myBloggie -CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...) +CVE-2006-4042 NOT-FOR-US: myWebland myBloggie -CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...) +CVE-2006-4041 - pike7.6 7.6.86-1 [sarge] - pike7.6 (unimportant; bug #382607; bug #383766) [sarge] - pike7.2 (unimportant; bug #382607; bug #383766) NOTE: No applications using pike+postgres in Sarge, fix provides NOTE: new functions for proper quoting -CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...) +CVE-2006-4040 NOT-FOR-US: myWebland myEvent -CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...) +CVE-2006-4039 NOT-FOR-US: GaesteChaos -CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...) +CVE-2006-4038 NOT-FOR-US: GaesteChaos -CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...) +CVE-2006-4037 NOT-FOR-US: Fenestrae Faxination Server -CVE-2006-4036 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4036 NOT-FOR-US: ZoneX Publishers -CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...) +CVE-2006-4035 NOT-FOR-US: CounterChaos -CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...) +CVE-2006-4034 NOT-FOR-US: ModernGigabyte ModernBill -CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...) +CVE-2006-4033 NOT-FOR-US: Lhaplus -CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...) +CVE-2006-4032 NOT-FOR-US: Cisco -CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...) +CVE-2006-4031 - mysql-dfsg-5.0 5.0.24-1 (bug #382415; low) - mysql-dfsg (bug #380271; low) [sarge] - mysql-dfsg-4.1 (Now documented design error, no real fix feasible) [sarge] - mysql-dfsg (Now documented design error, no real fix feasible) -CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...) +CVE-2006-4030 {DSA-1148-1} - gallery 1.5.3-1 - gallery2 (vulnerable code not present) -CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...) +CVE-2006-4029 NOT-FOR-US: AGEphone -CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...) +CVE-2006-4028 - wordpress 2.0.4-1 CVE-2006-4027 RESERVED @@ -7191,13 +7191,13 @@ CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root] - realtime-lsm 0.8.7-2 (bug #382161; low) [sarge] - realtime-lsm NOTE: only to user 1017 or group 1001 and only while root is building the module -CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...) +CVE-2006-4026 NOT-FOR-US: SAPID CMS -CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...) +CVE-2006-4025 NOT-FOR-US: XennoBB -CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...) +CVE-2006-4024 - festalon (vuln. code introduced in 0.5.0) -CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...) +CVE-2006-4023 - php5 (unimportant; bug #382257) - php4 (unimportant; bug #382270) NOTE: Not every lack of protection of programmer's flaws is a vulnerability @@ -7207,325 +7207,325 @@ CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly val NOTE: > and i tend to agree based on the php.net documentation, which NOTE: > states: "ip2long() should not be used as the sole form of IP NOTE: > validation. Combine it with long2ip()". -CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...) +CVE-2006-4022 NOT-FOR-US: Intel Windows driver -CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...) +CVE-2006-4021 NOT-FOR-US: ScatterChat -CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...) +CVE-2006-4020 - php5 5.1.6-1 (unimportant; bug #382256; bug #382262) - php4 4:4.4.4-1 (unimportant; bug #382261) NOTE: Only exploitable by malicious, local user -CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...) +CVE-2006-4019 {DSA-1154} - squirrelmail 2:1.4.8-1 (bug #382621) -CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...) +CVE-2006-4018 {DSA-1153} - clamav 0.88.4-1 (high; bug #382004; bug #382007) -CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...) +CVE-2006-4017 NOT-FOR-US: Inter Network Marketing (INM) CMS G3 -CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS ...) +CVE-2006-4016 NOT-FOR-US: toendaCMS -CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...) +CVE-2006-4015 NOT-FOR-US: Hewlett-Packard -CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control ...) +CVE-2006-4014 NOT-FOR-US: Symantec -CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail ...) +CVE-2006-4013 NOT-FOR-US: Symantec -CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...) +CVE-2006-4012 NOT-FOR-US: circeOS SaveWeb -CVE-2006-4011 (PHP remote file inclusion vulnerability in ...) +CVE-2006-4011 NOT-FOR-US: Kayako eSupport -CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...) +CVE-2006-4010 NOT-FOR-US: Virtual War -CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War ...) +CVE-2006-4009 NOT-FOR-US: Virtual War -CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) +CVE-2006-4008 NOT-FOR-US: Knusperleicht Guestbook -CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) +CVE-2006-4007 NOT-FOR-US: Knusperleicht Faq -CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and ...) +CVE-2006-4006 {DSA-1180-1} - bomberclone 0.11.7-1 (bug #382082; medium) -CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...) +CVE-2006-4005 {DSA-1180-1} - bomberclone 0.11.7-1 (bug #382082; medium) -CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...) +CVE-2006-4004 NOT-FOR-US: vbPortal -CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 ...) +CVE-2006-4003 NOT-FOR-US: Henrik Storner Hobbit monitor -CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...) +CVE-2006-4002 {DSA-1147-1} - drupal 4.5.8-2 (bug #382087; medium) -CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...) +CVE-2006-4001 NOT-FOR-US: Barracuda Spam Firewall -CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in ...) +CVE-2006-4000 NOT-FOR-US: Barracuda Spam Firewall -CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ...) +CVE-2006-3999 NOT-FOR-US: ISS BlackICE -CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...) +CVE-2006-3998 NOT-FOR-US: WoWRoster -CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster ...) +CVE-2006-3997 NOT-FOR-US: WoWRoster -CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and ...) +CVE-2006-3996 NOT-FOR-US: ATutor -CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) +CVE-2006-3995 NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo -CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in ...) +CVE-2006-3994 NOT-FOR-US: XMB (aka extreme message board) -CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf ...) +CVE-2006-3993 NOT-FOR-US: The Search Engine Project -CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) ...) +CVE-2006-3992 NOT-FOR-US: Intel -CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...) +CVE-2006-3991 NOT-FOR-US: Voodoo chat -CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...) +CVE-2006-3990 - egroupware NOTE: According to upstream egroupware is not affected, see #382207 -CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) +CVE-2006-3989 NOT-FOR-US: Knusperleicht -CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) +CVE-2006-3988 NOT-FOR-US: Knusperleicht -CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) +CVE-2006-3987 NOT-FOR-US: Knusperleicht -CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) +CVE-2006-3986 NOT-FOR-US: Knusperleicht -CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware ...) +CVE-2006-3985 NOT-FOR-US: ConeXware -CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...) +CVE-2006-3984 NOT-FOR-US: Phpauction -CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...) +CVE-2006-3983 NOT-FOR-US: php(Reactor) -CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...) +CVE-2006-3982 NOT-FOR-US: Knusperleicht -CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...) +CVE-2006-3981 NOT-FOR-US: Mambo Gallery Manager for Mambo -CVE-2006-3980 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3980 NOT-FOR-US: Mambo Gallery Manager for Mambo -CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...) +CVE-2006-3979 NOT-FOR-US: ColdFusion MX -CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...) +CVE-2006-3978 NOT-FOR-US: Adobe ColdFusion MX -CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...) +CVE-2006-3977 NOT-FOR-US: CA eTrust Antivirus WebScan -CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...) +CVE-2006-3976 NOT-FOR-US: CA eTrust Antivirus WebScan -CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...) +CVE-2006-3975 NOT-FOR-US: CA eTrust Antivirus WebScan -CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com ...) +CVE-2006-3974 NOT-FOR-US: 3Com -CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is ...) +CVE-2006-3973 NOT-FOR-US: My Firewall Plus -CVE-2006-3972 (Directory traversal vulnerability in ...) +CVE-2006-3972 NOT-FOR-US: Ajax Chat -CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-3971 NOT-FOR-US: Ajax Chat CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8] - libxml-parser-perl 2.34-4.2 (bug #378411; medium) CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting] - libxml-parser-perl 2.34-4.1 (bug #378412; medium) -CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...) +CVE-2006-3970 NOT-FOR-US: LMO for joomla -CVE-2006-3969 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3969 NOT-FOR-US: Colophon for joomla -CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...) +CVE-2006-3968 NOT-FOR-US: Solaris -CVE-2006-3967 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3967 NOT-FOR-US: moskool -CVE-2006-3966 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3966 NOT-FOR-US: MyNewsGroups -CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...) +CVE-2006-3965 NOT-FOR-US: Banex PHP MySQL Banner Exchange -CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...) +CVE-2006-3964 NOT-FOR-US: Banex PHP MySQL Banner Exchange -CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...) +CVE-2006-3963 NOT-FOR-US: Banex PHP MySQL Banner Exchange -CVE-2006-3962 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3962 NOT-FOR-US: com_bayesiannaivefilter for mambo -CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee ...) +CVE-2006-3961 NOT-FOR-US: McAfee -CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably ...) +CVE-2006-3960 NOT-FOR-US: X-Scripts X-Poll -CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...) +CVE-2006-3959 NOT-FOR-US: X-Scripts X-Protection -CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-3958 NOT-FOR-US: Taskjitsu -CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...) +CVE-2006-3957 NOT-FOR-US: BosDates -CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...) +CVE-2006-3956 NOT-FOR-US: Advanced Webhost Billing System -CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...) +CVE-2006-3955 NOT-FOR-US: MiniBB Forum -CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...) +CVE-2006-3954 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...) +CVE-2006-3953 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...) +CVE-2006-3952 NOT-FOR-US: EFS Software Easy File Sharing FTP -CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...) +CVE-2006-3951 NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo -CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...) +CVE-2006-3950 NOT-FOR-US: X-Statistics -CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...) +CVE-2006-3949 NOT-FOR-US: com_artlinks for Mambo -CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...) +CVE-2006-3948 NOT-FOR-US: php-nuke -CVE-2006-3947 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3947 NOT-FOR-US: Mambatstaff -CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...) +CVE-2006-3946 NOT-FOR-US: Apple Safari 2.0.4 NOTE: konqueror 3.5.x is not affected NOTE: PoC http://web.archive.org/web/20130701013045/http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html -CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...) +CVE-2006-3945 NOT-FOR-US: Opera -CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) +CVE-2006-3944 NOT-FOR-US: Microsoft -CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...) +CVE-2006-3943 NOT-FOR-US: Microsoft -CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...) +CVE-2006-3942 NOT-FOR-US: Microsoft -CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...) +CVE-2006-3941 NOT-FOR-US: N1 Grid Engine -CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) +CVE-2006-3940 NOT-FOR-US: phpbb-Auction -CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...) +CVE-2006-3939 NOT-FOR-US: ScriptsCenter ezUpload Pro -CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...) +CVE-2006-3938 NOT-FOR-US: DotClear -CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...) +CVE-2006-3937 NOT-FOR-US: x_atrix xGuestBook -CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...) +CVE-2006-3936 NOT-FOR-US: Alkacon OpenCms -CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...) +CVE-2006-3935 NOT-FOR-US: Alkacon OpenCms -CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...) +CVE-2006-3934 NOT-FOR-US: Alkacon OpenCms -CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...) +CVE-2006-3933 NOT-FOR-US: OpenCms -CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...) +CVE-2006-3932 NOT-FOR-US: LinksCaffe -CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...) +CVE-2006-3931 NOT-FOR-US: Midirecord -CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...) +CVE-2006-3930 NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1 -CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...) +CVE-2006-3929 NOT-FOR-US: Zyxel -CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...) +CVE-2006-3928 NOT-FOR-US: WMNews -CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...) +CVE-2006-3927 NOT-FOR-US: PhpProBid -CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...) +CVE-2006-3926 NOT-FOR-US: PhpProBid -CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...) +CVE-2006-3925 NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control -CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...) +CVE-2006-3924 NOT-FOR-US: Dokeos -CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...) +CVE-2006-3923 NOT-FOR-US: Fire-Mouse Toplist -CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...) +CVE-2006-3922 NOT-FOR-US: PortailPHP -CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...) +CVE-2006-3921 NOT-FOR-US: Sun Java System Application Server -CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...) +CVE-2006-3920 NOT-FOR-US: Sun Solaris -CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...) +CVE-2006-3919 NOT-FOR-US: SD Studio CMS -CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...) +CVE-2006-3918 {DSA-1167-1} - apache2 2.0.55-4.1 (bug #381376; low) [sarge] - apache2 2.0.54-5sarge2 - apache 1.3.34-3 (bug #381381; medium) -CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...) +CVE-2006-3917 NOT-FOR-US: PHP Forge -CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...) +CVE-2006-3916 NOT-FOR-US: Solucija News -CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) +CVE-2006-3915 NOT-FOR-US: Microsoft -CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...) +CVE-2006-3914 NOT-FOR-US: Academic Suite -CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...) +CVE-2006-3913 {DSA-1142-1} - freeciv 2.0.8-3 (bug #381378; medium) -CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...) +CVE-2006-3912 NOT-FOR-US: WinRAR -CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...) +CVE-2006-3911 NOT-FOR-US: PHP Live -CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...) +CVE-2006-3910 NOT-FOR-US: Microsoft -CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...) +CVE-2006-3909 NOT-FOR-US: WWWthreads -CVE-2006-3908 (Format string vulnerability in the flush_output function in ...) +CVE-2006-3908 - gnelib 0.75+svn20091130-1 NOTE: issue was fixed back in 2006 but there hasn't been any NOTE: release since 0.70 which is affected -CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...) +CVE-2006-3907 NOT-FOR-US: Siemens -CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...) +CVE-2006-3906 NOT-FOR-US: Cisco -CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...) +CVE-2006-3905 NOT-FOR-US: Webland MyBloggie -CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...) +CVE-2006-3904 NOT-FOR-US: Etomite CMS -CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...) +CVE-2006-3903 NOT-FOR-US: Webland MyBloggie -CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...) +CVE-2006-3902 NOT-FOR-US: phpFaber TopSites -CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...) +CVE-2006-3901 NOT-FOR-US: Tumbleweed Email Firewall -CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...) +CVE-2006-3900 NOT-FOR-US: TP-Book -CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...) +CVE-2006-3899 NOT-FOR-US: Microsoft -CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...) +CVE-2006-3898 NOT-FOR-US: Microsoft -CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...) +CVE-2006-3897 NOT-FOR-US: Microsoft -CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...) +CVE-2006-3896 NOT-FOR-US: NeoScale Systems CryptoStor CVE-2006-3895 RESERVED -CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...) +CVE-2006-3894 NOT-FOR-US: RSA BSAFE -CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...) +CVE-2006-3893 NOT-FOR-US: Newtone ImageKit -CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...) +CVE-2006-3892 NOT-FOR-US: EMC NetWorker CVE-2006-3891 RESERVED -CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...) +CVE-2006-3890 NOT-FOR-US: Sky Software FileView ActiveX CVE-2006-3889 RESERVED -CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...) +CVE-2006-3888 NOT-FOR-US: AOL -CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX ...) +CVE-2006-3887 NOT-FOR-US: AOL -CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...) +CVE-2006-3886 NOT-FOR-US: Shalwan MusicBox -CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...) +CVE-2006-3885 NOT-FOR-US: Check Point Firewall-1 -CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...) +CVE-2006-3884 NOT-FOR-US: Gonafish LinksCaffe -CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...) +CVE-2006-3883 NOT-FOR-US: Gonafish LinksCaffe -CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...) +CVE-2006-3882 NOT-FOR-US: Shalwan MusicBox -CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...) +CVE-2006-3881 NOT-FOR-US: Shalwan MusicBox -CVE-2006-3880 (** DISPUTED ** ...) +CVE-2006-3880 NOT-FOR-US: Zen Cart -CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...) +CVE-2006-3879 - libmikmod (Debian's 3.1.1 version doesn't have GT2 support) -CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...) +CVE-2006-3878 NOT-FOR-US: Opsware Network Automation System -CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...) +CVE-2006-3877 NOT-FOR-US: Microsoft -CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...) +CVE-2006-3876 NOT-FOR-US: Microsoft -CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) +CVE-2006-3875 NOT-FOR-US: Microsoft CVE-2006-3874 REJECTED -CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) +CVE-2006-3873 NOT-FOR-US: Microsoft CVE-2006-3872 REJECTED @@ -7533,70 +7533,70 @@ CVE-2006-3871 REJECTED CVE-2006-3870 REJECTED -CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) +CVE-2006-3869 NOT-FOR-US: Microsoft -CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...) +CVE-2006-3868 NOT-FOR-US: Microsoft -CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) +CVE-2006-3867 NOT-FOR-US: Microsoft CVE-2006-3866 REJECTED CVE-2006-3865 REJECTED -CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...) +CVE-2006-3864 NOT-FOR-US: Microsoft CVE-2006-3863 REJECTED -CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...) +CVE-2006-3862 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) +CVE-2006-3861 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) +CVE-2006-3860 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...) +CVE-2006-3859 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before ...) +CVE-2006-3858 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...) +CVE-2006-3857 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) +CVE-2006-3856 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) ...) +CVE-2006-3855 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, ...) +CVE-2006-3854 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 ...) +CVE-2006-3853 NOT-FOR-US: IBM Informix Dynamic Server -CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...) +CVE-2006-3852 NOT-FOR-US: Micro GuestBook -CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...) +CVE-2006-3851 NOT-FOR-US: X7 Chat -CVE-2006-3850 (** DISPUTED ** ...) +CVE-2006-3850 NOT-FOR-US: Vanilla CMS -CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...) +CVE-2006-3849 NOT-FOR-US: Warzone -CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...) +CVE-2006-3848 - ipcalc 0.41-1 (bug #381469; low) [sarge] - ipcalc (No exploit potential) -CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...) +CVE-2006-3847 NOT-FOR-US: MoSpray -CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...) +CVE-2006-3846 NOT-FOR-US: MultiBanners -CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...) +CVE-2006-3845 NOT-FOR-US: WinRAR -CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...) +CVE-2006-3844 NOT-FOR-US: Quick 'n Easy FTP Server -CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...) +CVE-2006-3843 NOT-FOR-US: Calendar Mambo Module -CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...) +CVE-2006-3842 NOT-FOR-US: Zoho Virtual Office -CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...) +CVE-2006-3841 NOT-FOR-US: WebScarab -CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...) +CVE-2006-3840 NOT-FOR-US: various ISS products CVE-2006-3839 RESERVED -CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...) +CVE-2006-3838 NOT-FOR-US: eIQnetworks Enterprise CVE-2006-XXXX [syslog-ng dos] - syslog-ng 2.0rc1-2 (low) @@ -7604,65 +7604,65 @@ CVE-2006-XXXX [syslog-ng dos] CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure] - courier-authlib 0.58-3.1 (bug #378571; medium) [sarge] - courier-authlib (bug #378571; medium) -CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...) +CVE-2006-4046 - ocp 0.1.10rc6-1 (medium; bug #381098) CVE-2006-XXXX [uqwk buffer overflow] - uqwk 2.21-13 (bug #376577; low) [sarge] - uqwk (Minor issue) -CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...) +CVE-2006-3837 NOT-FOR-US: Professional Home Page Tools Guestbook -CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...) +CVE-2006-3836 NOT-FOR-US: UNIDOmedia Chameleon -CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...) +CVE-2006-3835 - tomcat5 (bug #380361; maintainter can't reproduce) - tomcat5.5 (bug #380376; maintainer can't reproduce) -CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...) +CVE-2006-3834 NOT-FOR-US: EJ3 TOPo -CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...) +CVE-2006-3833 NOT-FOR-US: EJ3 TOPo -CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...) +CVE-2006-3832 NOT-FOR-US: Gerrit van Aaken Loudblog -CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...) +CVE-2006-3831 NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) -CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...) +CVE-2006-3830 NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) -CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...) +CVE-2006-3829 NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) -CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...) +CVE-2006-3828 NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) -CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...) +CVE-2006-3827 NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) -CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...) +CVE-2006-3826 NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) -CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...) +CVE-2006-3825 NOT-FOR-US: Solaris -CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...) +CVE-2006-3824 NOT-FOR-US: Solaris -CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...) +CVE-2006-3823 NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic -CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...) +CVE-2006-3822 NOT-FOR-US: GeodesicSolutions GeoAuctions -CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...) +CVE-2006-3821 NOT-FOR-US: ATutor -CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...) +CVE-2006-3820 NOT-FOR-US: Loudblog -CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...) +CVE-2006-3819 - twiki (only 4.0.x is affected) -CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...) +CVE-2006-3818 NOT-FOR-US: Novell GroupWise WebAccess -CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...) +CVE-2006-3817 NOT-FOR-US: Novell GroupWise WebAccess -CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...) +CVE-2006-3816 - krusader (bug #380063; file in directory with 0700 permissions) -CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...) +CVE-2006-3815 {DSA-1128} - heartbeat 1.2.4-13 (bug #379904; bug #380289) -CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...) +CVE-2006-3814 {DSA-1166} - cheesetracker 0.9.9-6 (bug #380364; low) -CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...) +CVE-2006-3813 NOT-FOR-US: Perl in Red Hat Enterprise Linux 4 -CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) +CVE-2006-3812 NOTE: MFSA-2006-56 [sarge] - mozilla - mozilla (medium) @@ -7671,7 +7671,7 @@ CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and . - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 (unimportant) [sarge] - mozilla-thunderbird (unimportant) -CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...) +CVE-2006-3811 {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-55 - mozilla (high) @@ -7680,7 +7680,7 @@ CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) -CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...) +CVE-2006-3810 {DSA-1159} NOTE: MFSA-2006-54 - mozilla (mozilla 1.7 not affected) @@ -7688,7 +7688,7 @@ CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 b - mozilla-firefox (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) -CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) +CVE-2006-3809 {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-53 - mozilla (medium) @@ -7697,7 +7697,7 @@ CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and . - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) -CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...) +CVE-2006-3808 {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-52 - mozilla (medium) @@ -7705,7 +7705,7 @@ CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows - mozilla-firefox (medium) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 -CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) +CVE-2006-3807 {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-51 - mozilla (high) @@ -7714,7 +7714,7 @@ CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and . - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) -CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...) +CVE-2006-3806 {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-50 - mozilla (high) @@ -7723,7 +7723,7 @@ CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Fi - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) -CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...) +CVE-2006-3805 {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-50 - mozilla (high) @@ -7732,14 +7732,14 @@ CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderb - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) -CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...) +CVE-2006-3804 NOTE: MFSA-2006-49 - mozilla-firefox (only firefox >= 1.5) [sarge] - mozilla (mozilla 1.7 not affected) - mozilla (high) - thunderbird 1.5.0.5-1 (high) - mozilla-thunderbird (high) -CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...) +CVE-2006-3803 NOTE: MFSA-2006-48 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) @@ -7747,7 +7747,7 @@ CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Fi - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird -CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) +CVE-2006-3802 NOTE: MFSA-2006-47 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (medium) @@ -7755,7 +7755,7 @@ CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and . - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird -CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...) +CVE-2006-3801 NOTE: MFSA-2006-44 - mozilla-firefox (only firefox >= 1.5) - mozilla-thunderbird (only firefox >= 1.5) @@ -7763,144 +7763,144 @@ CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 doe - firefox 1.5.dfsg+1.5.0.5-1 (high) - xulrunner 1.8.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) -CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...) +CVE-2006-3800 NOT-FOR-US: AFCommerce -CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...) +CVE-2006-3799 NOT-FOR-US: DeluxeBB -CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...) +CVE-2006-3798 NOT-FOR-US: DeluxeBB -CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...) +CVE-2006-3797 NOT-FOR-US: DeluxeBB -CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...) +CVE-2006-3796 NOT-FOR-US: DeluxeBB -CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...) +CVE-2006-3795 NOT-FOR-US: DeluxeBB -CVE-2006-3794 (** DISPUTED ** ...) +CVE-2006-3794 NOT-FOR-US: AFCommerce -CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...) +CVE-2006-3793 NOT-FOR-US: SiteDepth -CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...) +CVE-2006-3792 NOT-FOR-US: UFO2000 -CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) +CVE-2006-3791 NOT-FOR-US: UFO2000 -CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) +CVE-2006-3790 NOT-FOR-US: UFO2000 -CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...) +CVE-2006-3789 NOT-FOR-US: UFO2000 -CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...) +CVE-2006-3788 NOT-FOR-US: UFO2000 -CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...) +CVE-2006-3787 NOT-FOR-US: Sunbelt Kerio Personal Firewall -CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...) +CVE-2006-3786 NOT-FOR-US: Symantec pcAnywhere -CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...) +CVE-2006-3785 NOT-FOR-US: Symantec pcAnywhere -CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...) +CVE-2006-3784 NOT-FOR-US: Symantec pcAnywhere -CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...) +CVE-2006-3783 NOT-FOR-US: Solaris -CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...) +CVE-2006-3782 NOT-FOR-US: Solaris -CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...) +CVE-2006-3781 NOT-FOR-US: Solaris -CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...) +CVE-2006-3780 NOT-FOR-US: Keyifweb Keyif Portal -CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...) +CVE-2006-3779 NOT-FOR-US: Citrix -CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...) +CVE-2006-3778 NOT-FOR-US: IBM -CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...) +CVE-2006-3777 NOT-FOR-US: IDevSpot PhpLinkExchange -CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...) +CVE-2006-3776 NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 -CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...) +CVE-2006-3775 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...) +CVE-2006-3774 NOT-FOR-US: perForms component (com_performs) for Joomla! -CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...) +CVE-2006-3773 NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo -CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...) +CVE-2006-3772 NOT-FOR-US: PHP-Post -CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...) +CVE-2006-3771 NOT-FOR-US: iManage CMS -CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...) +CVE-2006-3770 NOT-FOR-US: phpFaber TopSites -CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...) +CVE-2006-3769 NOT-FOR-US: Top XL -CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...) +CVE-2006-3768 NOT-FOR-US: FileCOPA FTP Server -CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...) +CVE-2006-3767 NOT-FOR-US: Darren's $5 Script Archive osDate -CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...) +CVE-2006-3766 NOT-FOR-US: Darren's $5 Script Archive osDate -CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...) +CVE-2006-3765 NOT-FOR-US: uttenlocher Webdesign hwdeGUEST -CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...) +CVE-2006-3764 NOT-FOR-US: phpPolls -CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...) +CVE-2006-3763 NOT-FOR-US: Diesel Joke Site -CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...) +CVE-2006-3762 NOT-FOR-US: Touch Control ActiveX control -CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) +CVE-2006-3761 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) +CVE-2006-3760 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...) +CVE-2006-3759 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...) +CVE-2006-3758 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...) +CVE-2006-3757 NOT-FOR-US: Zen Cart -CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...) +CVE-2006-3756 NOT-FOR-US: Geeklog -CVE-2006-3755 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3755 NOT-FOR-US: FlushCMS -CVE-2006-3754 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3754 NOT-FOR-US: FlushCMS -CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page ...) +CVE-2006-3753 NOT-FOR-US: Professional Home Page Tools Guestbook -CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...) +CVE-2006-3752 NOT-FOR-US: Professional Home Page Tools Guestbook -CVE-2006-3751 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3751 NOT-FOR-US: HTMLArea3 -CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...) +CVE-2006-3750 NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla -CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...) +CVE-2006-3749 NOT-FOR-US: Sitemap component (com_sitemap) for Mambo -CVE-2006-3748 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3748 NOT-FOR-US: LoudMouth Component for Mambo -CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...) +CVE-2006-3747 {DSA-1132-1 DSA-1131-1} - apache 1.3.34-3 (medium; bug #380231) - apache2 2.0.55-4.1 (medium; bug #380182) -CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...) +CVE-2006-3746 {DSA-1141-1 DSA-1140-1} - gnupg 1.4.5-1 (medium; bug #381204) - gnupg2 1.9.20-2 (medium) -CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...) +CVE-2006-3745 {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.17-7 -CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...) +CVE-2006-3744 {DSA-1168-1} - imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062) - graphicsmagick 1.1.7-7 -CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...) +CVE-2006-3743 {DSA-1168-1} - imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062) - graphicsmagick 1.1.7-8 -CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...) +CVE-2006-3742 - kdebase NOTE: only in Fedora -CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...) +CVE-2006-3741 {DSA-1233} - linux-2.6 2.6.18-1 -CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...) +CVE-2006-3740 {DSA-1193-1} - libxfont 1:1.2.2-1 -CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...) +CVE-2006-3739 {DSA-1193-1} - libxfont 1:1.2.2-1 -CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...) +CVE-2006-3738 {DSA-1195-1 DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 @@ -7913,131 +7913,131 @@ CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling i CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords] - ldap-account-manager 1.0.3-1 (bug #375453; medium) [sarge] - ldap-account-manager -CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-3737 NOT-FOR-US: Plesk -CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...) +CVE-2006-3736 NOT-FOR-US: VideoDB for Mambo -CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...) +CVE-2006-3735 NOT-FOR-US: Mail2Forum -CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...) +CVE-2006-3734 NOT-FOR-US: Cisco -CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...) +CVE-2006-3733 NOT-FOR-US: Cisco -CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) +CVE-2006-3732 NOT-FOR-US: Cisco -CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...) +CVE-2006-3731 - firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low) [sarge] - mozilla-firefox (Unreproducible on Sarge) -CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...) +CVE-2006-3730 NOT-FOR-US: MSIE -CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...) +CVE-2006-3729 NOT-FOR-US: MSIE -CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch ...) +CVE-2006-3728 NOT-FOR-US: Solaris -CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow ...) +CVE-2006-3727 NOT-FOR-US: Eskolar CMS -CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th ...) +CVE-2006-3726 NOT-FOR-US: FileCOPA FTP Server -CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a ...) +CVE-2006-3725 NOT-FOR-US: Norton Personal Firewall -CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle ...) +CVE-2006-3724 NOT-FOR-US: Oracle -CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...) +CVE-2006-3723 NOT-FOR-US: Oracle -CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...) +CVE-2006-3722 NOT-FOR-US: Oracle -CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...) +CVE-2006-3721 NOT-FOR-US: Oracle -CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle ...) +CVE-2006-3720 NOT-FOR-US: Oracle -CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise ...) +CVE-2006-3719 NOT-FOR-US: Oracle -CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle ...) +CVE-2006-3718 NOT-FOR-US: Oracle -CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-3717 NOT-FOR-US: Oracle -CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-3716 NOT-FOR-US: Oracle -CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite ...) +CVE-2006-3715 NOT-FOR-US: Oracle -CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3714 NOT-FOR-US: Oracle -CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3713 NOT-FOR-US: Oracle -CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3712 NOT-FOR-US: Oracle -CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3711 NOT-FOR-US: Oracle -CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3710 NOT-FOR-US: Oracle -CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3709 NOT-FOR-US: Oracle -CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3708 NOT-FOR-US: Oracle -CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3707 NOT-FOR-US: Oracle -CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server ...) +CVE-2006-3706 NOT-FOR-US: Oracle -CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...) +CVE-2006-3705 NOT-FOR-US: Oracle -CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle ...) +CVE-2006-3704 NOT-FOR-US: Oracle -CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, ...) +CVE-2006-3703 NOT-FOR-US: Oracle -CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...) +CVE-2006-3702 NOT-FOR-US: Oracle -CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle ...) +CVE-2006-3701 NOT-FOR-US: Oracle -CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and ...) +CVE-2006-3700 NOT-FOR-US: Oracle -CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2006-3699 NOT-FOR-US: Oracle -CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...) +CVE-2006-3698 NOT-FOR-US: Oracle -CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) ...) +CVE-2006-3697 NOT-FOR-US: Outpost Firewall Pro -CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...) +CVE-2006-3696 NOT-FOR-US: Outpost Firewall Pro -CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...) +CVE-2006-3694 {DSA-1157 DSA-1139-1} - ruby1.8 1.8.4-3 (bug #378029; medium) - ruby1.9 1.9.0+20060609-1 (medium) -CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...) +CVE-2006-3693 NOT-FOR-US: Rocks Clusters -CVE-2006-3692 (** DISPUTED ** ...) +CVE-2006-3692 NOT-FOR-US: ListMessenger -CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...) +CVE-2006-3691 NOT-FOR-US: VBZooM -CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...) +CVE-2006-3690 NOT-FOR-US: MiniBB -CVE-2006-3689 (** DISPUTED ** ...) +CVE-2006-3689 NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite] -CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...) +CVE-2006-3688 NOT-FOR-US: Francisco Charrua Photo-Gallery -CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...) +CVE-2006-3687 NOT-FOR-US: D-Link -CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 ...) +CVE-2006-3686 NOT-FOR-US: HP OpenVMS -CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...) +CVE-2006-3685 NOT-FOR-US: CzarNews -CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...) +CVE-2006-3684 NOT-FOR-US: SoftComplex PHP Event Calendar -CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll ...) +CVE-2006-3683 NOT-FOR-US: Flipper Poll -CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...) +CVE-2006-3682 - awstats 6.5-2 (bug #378960; low) [sarge] - awstats 6.4-1sarge3 NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective -CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...) +CVE-2006-3681 - awstats 6.5-2 (bug #378960; unimportant) NOTE: Path disclosure is not an issue for Debian -CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...) +CVE-2006-3680 NOT-FOR-US: Photocycle -CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...) +CVE-2006-3679 NOT-FOR-US: FatWire Content Server -CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...) +CVE-2006-3678 NOT-FOR-US: TippingPoint -CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...) +CVE-2006-3677 NOTE: MFSA-2006-45 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) @@ -8045,74 +8045,74 @@ CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 all - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird - mozilla-thunderbird -CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...) +CVE-2006-3676 NOT-FOR-US: planetGallery -CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...) +CVE-2006-3675 NOT-FOR-US: Password Safe NOTE: mypasswordsafe and pwsafe might use code from Password Safe, NOTE: but the problematic functionality is not present -CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) +CVE-2006-3674 - armagetron 0.2.8.2.1-1 (bug #379062; low) [sarge] - armagetron (Minor game DoS) [etch] - armagetron (Minor game DoS) -CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) +CVE-2006-3673 - armagetron 0.2.8.2.1-1 (bug #379062; low) [sarge] - armagetron (Minor game DoS) [etch] - armagetron (Minor game DoS) -CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...) +CVE-2006-3672 - kdelibs 4:3.5.4-1 (bug #378962; unimportant) -CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...) +CVE-2006-3671 {DTSA-31-1} - hyperestraier 1.3.3-1 (bug #379060; low) -CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...) +CVE-2006-3670 NOT-FOR-US: Winlpd -CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...) +CVE-2006-3669 NOT-FOR-US: Mercury Messenger -CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...) +CVE-2006-3668 {DSA-1123} - libdumb 1:0.9.3-5 (bug #379064; medium) -CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...) +CVE-2006-3667 NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite -CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...) +CVE-2006-3666 NOT-FOR-US: AjaxPortal -CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...) +CVE-2006-3665 - squirrelmail 2:1.4.7-1 (unimportant) NOTE: Operation with registers_globals not supported -CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...) +CVE-2006-3664 NOT-FOR-US: Sun Solaris -CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...) +CVE-2006-3663 NOT-FOR-US: Finjan Appliance -CVE-2006-3662 (** DISPUTED ** ...) +CVE-2006-3662 NOT-FOR-US: ATutor -CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...) +CVE-2006-3661 NOT-FOR-US: CuteNews -CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown ...) +CVE-2006-3660 NOT-FOR-US: Microsoft PowerPoint -CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3659 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3658 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3657 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows ...) +CVE-2006-3656 NOT-FOR-US: Microsoft PowerPoint -CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 ...) +CVE-2006-3655 NOT-FOR-US: Microsoft PowerPoint -CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...) +CVE-2006-3654 NOT-FOR-US: Microsoft Works Spreadsheet -CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote ...) +CVE-2006-3653 NOT-FOR-US: Microsoft Works Spreadsheet -CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...) +CVE-2006-3652 NOT-FOR-US: Microsoft Internet Security and Acceleration Server -CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...) +CVE-2006-3651 NOT-FOR-US: Microsoft -CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...) +CVE-2006-3650 NOT-FOR-US: Microsoft -CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...) +CVE-2006-3649 NOT-FOR-US: Microsoft -CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...) +CVE-2006-3648 NOT-FOR-US: Microsoft -CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...) +CVE-2006-3647 NOT-FOR-US: Microsoft CVE-2006-3646 REJECTED @@ -8120,1161 +8120,1161 @@ CVE-2006-3645 REJECTED CVE-2006-3644 REJECTED -CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...) +CVE-2006-3643 NOT-FOR-US: Microsoft CVE-2006-3642 REJECTED CVE-2006-3641 REJECTED -CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...) +CVE-2006-3640 NOT-FOR-US: Microsoft -CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...) +CVE-2006-3639 NOT-FOR-US: Microsoft -CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...) +CVE-2006-3638 NOT-FOR-US: Microsoft -CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...) +CVE-2006-3637 NOT-FOR-US: Microsoft -CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...) +CVE-2006-3636 {DSA-1188-1} - mailman 1:2.1.8-3 -CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local users ...) +CVE-2006-3635 - linux (Fixed before initial rename to src:linux) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440 NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5) -CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...) +CVE-2006-3634 - linux-2.6 2.6.17-1 (medium) -CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...) +CVE-2006-3633 NOT-FOR-US: shiela -CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...) +CVE-2006-3632 {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) -CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...) +CVE-2006-3631 {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) -CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...) +CVE-2006-3630 {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) -CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...) +CVE-2006-3629 {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) -CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...) +CVE-2006-3628 {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) -CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...) +CVE-2006-3627 - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) [sarge] - ethereal (Vulnerable code not present) -CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...) +CVE-2006-3625 NOT-FOR-US: FLV Players -CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...) +CVE-2006-3624 NOT-FOR-US: FLV Players -CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in ...) +CVE-2006-3623 NOT-FOR-US: McAfee ePolicy Orchestrator -CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to ...) +CVE-2006-3622 NOT-FOR-US: Koobi Pro CMS -CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS ...) +CVE-2006-3621 NOT-FOR-US: Koobi Pro CMS -CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...) +CVE-2006-3620 NOT-FOR-US: Koobi Pro CMS -CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...) +CVE-2006-3619 {DSA-1170} - gcc-4.1 4.1.1-11 (bug #368397; low) - gcc-3.4 3.4.4-0 NOTE: gcc-3.4 no longer builds the fastjar package -CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...) +CVE-2006-3618 NOT-FOR-US: Pixelated By Lev (PBL) Guestbook -CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...) +CVE-2006-3617 NOT-FOR-US: Pixelated By Lev (PBL) Guestbook -CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize ...) +CVE-2006-3616 NOT-FOR-US: Carbonize Lazarus Guestbook -CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, ...) +CVE-2006-3615 NOT-FOR-US: Phorum -CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...) +CVE-2006-3614 NOT-FOR-US: Orbitcoders OrbitMATRIX -CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland ...) +CVE-2006-3613 NOT-FOR-US: Chamberland Technology ezWaiter -CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows ...) +CVE-2006-3612 NOT-FOR-US: Phorum -CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...) +CVE-2006-3611 NOT-FOR-US: Phorum -CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...) +CVE-2006-3610 NOT-FOR-US: Orbitcoders OrbitMATRIX -CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders ...) +CVE-2006-3609 NOT-FOR-US: Orbitcoders OrbitMATRIX -CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when ...) +CVE-2006-3608 NOT-FOR-US: Simone Vellei Flatnuke -CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...) +CVE-2006-3607 NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script) -CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...) +CVE-2006-3606 NOTE: Sun Solaris -CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3605 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...) +CVE-2006-3604 NOT-FOR-US: FlexWATCH Network Camera -CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...) +CVE-2006-3603 NOT-FOR-US: FlexWATCH Network Camera -CVE-2006-3602 (Directory traversal vulnerability in ...) +CVE-2006-3602 NOTE: this is CVE-2005-4600 NOT-FOR-US: Farsinews -CVE-2006-3601 (** UNVERIFIABLE ** ...) +CVE-2006-3601 NOT-FOR-US: DotNetNuke -CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...) +CVE-2006-3600 {DSA-1135-1} - libtunepimp 0.4.2-4 (bug #378091; medium) -CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...) +CVE-2006-3599 NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke -CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...) +CVE-2006-3598 NOT-FOR-US: Sections module for PHP-Nuke -CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...) +CVE-2006-3597 - shadow (fix for a mistake in the Ubuntu installer) -CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...) +CVE-2006-3596 NOT-FOR-US: Cisco -CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...) +CVE-2006-3595 NOT-FOR-US: Cisco -CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through ...) +CVE-2006-3594 NOT-FOR-US: Cisco -CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) ...) +CVE-2006-3593 NOT-FOR-US: Cisco -CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...) +CVE-2006-3592 NOT-FOR-US: Cisco -CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3591 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...) +CVE-2006-3626 {DSA-1111} - linux-2.6 2.6.17-4 (bug #378324; high) CVE-2006-XXXX [insufficient form variable escaping] - webauth 3.5.2-1 -CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...) +CVE-2006-3590 NOT-FOR-US: Microsoft PowerPoint -CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...) +CVE-2006-3589 NOT-FOR-US: VMware -CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) +CVE-2006-3588 - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) -CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) +CVE-2006-3587 - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) -CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) +CVE-2006-3586 NOT-FOR-US: Jetbox CMS -CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...) +CVE-2006-3585 NOT-FOR-US: Jetbox CMS -CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...) +CVE-2006-3584 NOT-FOR-US: Jetbox CMS -CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) +CVE-2006-3583 NOT-FOR-US: Jetbox CMS -CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...) +CVE-2006-3582 - adplug 2.0.1-1 (bug #378279; medium) -CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...) +CVE-2006-3581 - adplug 2.0.1-1 (bug #378279; medium) -CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...) +CVE-2006-3580 NOT-FOR-US: ASP Stats Generator -CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...) +CVE-2006-3579 NOT-FOR-US: Fujitsu ServerView -CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to ...) +CVE-2006-3578 NOT-FOR-US: Fujitsu ServerView -CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows ...) +CVE-2006-3577 NOT-FOR-US: LifeType -CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense ...) +CVE-2006-3576 NOT-FOR-US: SenseSites CommonSense -CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee ...) +CVE-2006-3575 NOT-FOR-US: McAfee VirusScan Enterprise -CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) +CVE-2006-3574 NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing -CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...) +CVE-2006-3573 NOT-FOR-US: Milan Mimica Sparklet -CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...) +CVE-2006-3572 NOT-FOR-US: Papoo -CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-3571 NOT-FOR-US: Papoo -CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...) +CVE-2006-3570 - drupal (webform module is not in Debian Drupal 4.5 package) -CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...) +CVE-2006-3569 NOT-FOR-US: IBM Data ONTAP -CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...) +CVE-2006-3568 NOT-FOR-US: Fantastic Guestbook -CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration ...) +CVE-2006-3567 NOT-FOR-US: Juniper -CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...) +CVE-2006-3566 NOT-FOR-US: HiveMail -CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...) +CVE-2006-3565 NOT-FOR-US: HiveMail -CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...) +CVE-2006-3564 NOT-FOR-US: HiveMail -CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in ...) +CVE-2006-3563 NOT-FOR-US: Winged Gallery -CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow ...) +CVE-2006-3562 NOT-FOR-US: Plume CMS -CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and ...) +CVE-2006-3561 NOT-FOR-US: BT Voyager -CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...) +CVE-2006-3560 NOT-FOR-US: Blue Dojo Graffiti Forums -CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...) +CVE-2006-3559 NOT-FOR-US: auraCMS -CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...) +CVE-2006-3558 NOT-FOR-US: auraCMS -CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...) +CVE-2006-3557 NOT-FOR-US: MT Orumcek Toplist -CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...) +CVE-2006-3556 NOT-FOR-US: Mohamed Moujami ExtCalendar -CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...) +CVE-2006-3555 NOT-FOR-US: PHP-Fusion -CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...) +CVE-2006-3554 NOT-FOR-US: MKPortal -CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...) +CVE-2006-3553 NOT-FOR-US: planetNews -CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...) +CVE-2006-3552 NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium -CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and ...) +CVE-2006-3551 NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell) -CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...) +CVE-2006-3550 NOT-FOR-US: F5 Netowrks FirePass -CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...) +CVE-2006-3549 {DSA-1406-1} - horde3 3.1.2-1 (bug #378281; low) -CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) +CVE-2006-3548 {DSA-1406-1} - horde3 3.1.2-1 (bug #378281; low) -CVE-2006-3547 (** DISPUTED ** ...) +CVE-2006-3547 NOT-FOR-US: EMC VMware Player -CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote ...) +CVE-2006-3546 NOT-FOR-US: Patrice Freydiere ImgSvr -CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote ...) +CVE-2006-3545 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3544 (** DISPUTED ** ...) +CVE-2006-3544 NOT-FOR-US: Invision Power Board -CVE-2006-3543 (** DISPUTED ** ...) +CVE-2006-3543 NOT-FOR-US: Invision Power Board -CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...) +CVE-2006-3542 NOT-FOR-US: Garry Glendown Shopping Cart -CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ...) +CVE-2006-3541 NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help -CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, ...) +CVE-2006-3540 NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite -CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com ...) +CVE-2006-3539 NOT-FOR-US: DKScript.com Dragon's Kingdom Script -CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in ...) +CVE-2006-3538 NOT-FOR-US: BeatificFaith Eprayer -CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop ...) +CVE-2006-3537 NOT-FOR-US: Randshop -CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php ...) +CVE-2006-3536 NOT-FOR-US: EJ3 TOPo -CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...) +CVE-2006-3535 NOT-FOR-US: Nullsoft SHOUTcast DSP -CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...) +CVE-2006-3534 NOT-FOR-US: Nullsoft SHOUTcast DSP -CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...) +CVE-2006-3533 - pivot (bug #305786) -CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot ...) +CVE-2006-3532 - pivot (bug #305786) -CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...) +CVE-2006-3531 - pivot (bug #305786) -CVE-2006-3530 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3530 NOT-FOR-US: PccookBook Component for Mambo and Joomla -CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...) +CVE-2006-3529 NOT-FOR-US: Juniper JUNOS -CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...) +CVE-2006-3528 NOT-FOR-US: Simpleboard Mambo module -CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...) +CVE-2006-3527 NOT-FOR-US: BosClassifieds Classified Ads -CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...) +CVE-2006-3526 NOT-FOR-US: Sport-slo Advanced Guestbook -CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...) +CVE-2006-3525 NOT-FOR-US: PHCDownload -CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...) +CVE-2006-3524 NOT-FOR-US: SIPfoundry sipXtapi -CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...) +CVE-2006-3523 NOT-FOR-US: Clearswift MIMEsweeper -CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...) +CVE-2006-3522 NOT-FOR-US: Clearswift MIMEsweeper -CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-3521 NOT-FOR-US: SiteForge Collaborative Development Platform -CVE-2006-3520 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3520 NOT-FOR-US: Sabdrimer Pro -CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...) +CVE-2006-3519 NOT-FOR-US: The Banner Engine -CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...) +CVE-2006-3518 NOT-FOR-US: Webvizyon Portal -CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...) +CVE-2006-3517 NOT-FOR-US: RW::Download -CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...) +CVE-2006-3516 NOT-FOR-US: FreeHost -CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...) +CVE-2006-3515 NOT-FOR-US: AjaxPortal -CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-3514 NOT-FOR-US: PHP-Blogger -CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...) +CVE-2006-3513 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...) +CVE-2006-3512 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...) +CVE-2006-3511 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...) +CVE-2006-3510 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple ...) +CVE-2006-3509 NOT-FOR-US: Apple -CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...) +CVE-2006-3508 NOT-FOR-US: Apple -CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver ...) +CVE-2006-3507 NOT-FOR-US: Apple -CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...) +CVE-2006-3506 NOT-FOR-US: Mac OS X -CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...) +CVE-2006-3505 NOT-FOR-US: Apple Mac OS -CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...) +CVE-2006-3504 NOT-FOR-US: Apple Mac OS -CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...) +CVE-2006-3503 NOT-FOR-US: Apple Mac OS -CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...) +CVE-2006-3502 NOT-FOR-US: Apple Mac OS -CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...) +CVE-2006-3501 NOT-FOR-US: Apple Mac OS -CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...) +CVE-2006-3500 NOT-FOR-US: Apple Mac OS -CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...) +CVE-2006-3499 NOT-FOR-US: Apple Mac OS -CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...) +CVE-2006-3498 NOT-FOR-US: Apple Mac OS -CVE-2006-3497 (Unspecified vulnerability in the "compression state handling" in Bom ...) +CVE-2006-3497 NOT-FOR-US: Apple Mac OS -CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...) +CVE-2006-3496 NOT-FOR-US: Apple Mac OS -CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...) +CVE-2006-3495 NOT-FOR-US: Apple Mac OS -CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...) +CVE-2006-3494 NOT-FOR-US: Buddy Zone -CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...) +CVE-2006-3493 NOT-FOR-US: Microsoft Office -CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...) +CVE-2006-3492 NOT-FOR-US: MICO -CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...) +CVE-2006-3491 NOT-FOR-US: Kaillera Server -CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...) +CVE-2006-3490 NOT-FOR-US: F-Secure Anti-Virus -CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...) +CVE-2006-3489 NOT-FOR-US: F-Secure Anti-Virus -CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...) +CVE-2006-3488 NOT-FOR-US: VirtuaStore -CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...) +CVE-2006-3487 NOT-FOR-US: VirtuaStore -CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...) +CVE-2006-3485 NOT-FOR-US: AstroDog Press Some Chess -CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...) +CVE-2006-3484 NOT-FOR-US: ATutor -CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...) +CVE-2006-3483 NOT-FOR-US: PHPMailList -CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...) +CVE-2006-3482 NOT-FOR-US: PHPMailList -CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...) +CVE-2006-3481 NOT-FOR-US: Joomla! -CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) +CVE-2006-3480 NOT-FOR-US: Joomla! -CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...) +CVE-2006-3479 NOT-FOR-US: Nuked-Klan -CVE-2006-3478 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3478 NOT-FOR-US: MyPHP CMS -CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...) +CVE-2006-3477 NOT-FOR-US: Stalker CommuniGate Pro -CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...) +CVE-2006-3476 NOT-FOR-US: PhpWebGallery -CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...) +CVE-2006-3475 NOT-FOR-US: QBoard -CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...) +CVE-2006-3474 NOT-FOR-US: Belchior Foundry vCard PRO -CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...) +CVE-2006-3473 - drupal (form_mail Module not in debian) -CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...) +CVE-2006-3472 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...) +CVE-2006-3471 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...) +CVE-2006-3470 NOT-FOR-US: Dell Openmanage CD -CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...) +CVE-2006-3469 {DSA-1112} - mysql-dfsg-5.0 5.0.22-1 (bug #375694) -CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...) +CVE-2006-3468 {DSA-1184-2} - linux-2.6 2.6.17-6 -CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...) +CVE-2006-3467 {DSA-1193-1 DSA-1178-1} - freetype 2.2.1-5 (bug #379920; medium) - libxfont 1:1.2.0-2 (medium; bug #383353) CVE-2006-3466 REJECTED -CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...) +CVE-2006-3465 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...) +CVE-2006-3464 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...) +CVE-2006-3463 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...) +CVE-2006-3462 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...) +CVE-2006-3461 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...) +CVE-2006-3460 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...) +CVE-2006-3459 {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) -CVE-2006-3486 (** DISPUTED ** ...) +CVE-2006-3486 - mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102) [sarge] - mysql-dfsg-4.1 (Vulnerable code not present) [sarge] - mysql-dfsg (Vulnerable code not present) NOTE: Only DoS possible, only root can trigger this -> non-issue -CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...) +CVE-2006-3457 NOT-FOR-US: Symantec -CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka ...) +CVE-2006-3456 NOT-FOR-US: Symantec -CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...) +CVE-2006-3455 NOT-FOR-US: Symantec -CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...) +CVE-2006-3454 NOT-FOR-US: Symantec -CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...) +CVE-2006-3453 NOT-FOR-US: Adobe acrobat -CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...) +CVE-2006-3452 NOT-FOR-US: Adobe acrobat -CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...) +CVE-2006-3451 NOT-FOR-US: Microsoft -CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...) +CVE-2006-3450 NOT-FOR-US: Microsoft -CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...) +CVE-2006-3449 NOT-FOR-US: Microsoft -CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...) +CVE-2006-3448 NOT-FOR-US: Microsoft CVE-2006-3447 REJECTED CVE-2006-3446 REJECTED -CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...) +CVE-2006-3445 NOT-FOR-US: Microsoft -CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) +CVE-2006-3444 NOT-FOR-US: Microsoft -CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...) +CVE-2006-3443 NOT-FOR-US: Microsoft -CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in ...) +CVE-2006-3442 NOT-FOR-US: Microsoft -CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...) +CVE-2006-3441 NOT-FOR-US: Microsoft -CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...) +CVE-2006-3440 NOT-FOR-US: Microsoft -CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...) +CVE-2006-3439 NOT-FOR-US: Microsoft -CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...) +CVE-2006-3438 NOT-FOR-US: Microsoft CVE-2006-3437 REJECTED -CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...) +CVE-2006-3436 NOT-FOR-US: Microsoft -CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...) +CVE-2006-3435 NOT-FOR-US: Microsoft -CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...) +CVE-2006-3434 NOT-FOR-US: Microsoft CVE-2006-3433 REJECTED CVE-2006-3432 REJECTED -CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...) +CVE-2006-3431 NOT-FOR-US: Microsoft Excel -CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...) +CVE-2006-3430 NOT-FOR-US: Novell PatchLink Update Server -CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) +CVE-2006-3429 NOT-FOR-US: TTCalc -CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) +CVE-2006-3428 NOT-FOR-US: TTCalc -CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3427 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...) +CVE-2006-3426 NOT-FOR-US: Novell PatchLink Update Server -CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...) +CVE-2006-3425 NOT-FOR-US: Novell PatchLink Update Server -CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...) +CVE-2006-3424 NOT-FOR-US: WebEx Downloader ActiveX Control -CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...) +CVE-2006-3423 NOT-FOR-US: WebEx Downloader ActiveX Control -CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...) +CVE-2006-3422 NOT-FOR-US: WonderEdit Pro CMS -CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...) +CVE-2006-3421 NOT-FOR-US: SmartSiteCMS -CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...) +CVE-2006-3420 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...) +CVE-2006-3419 - tor 0.1.1.20-1 -CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...) +CVE-2006-3418 - tor 0.1.1.20-1 -CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...) +CVE-2006-3417 - tor 0.1.1.20-1 -CVE-2006-3416 (** DISPUTED ** ...) +CVE-2006-3416 - tor 0.1.1.20-1 -CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" ...) +CVE-2006-3415 - tor 0.1.1.20-1 -CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...) +CVE-2006-3414 - tor 0.1.1.20-1 -CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...) +CVE-2006-3413 - tor 0.1.1.20-1 -CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...) +CVE-2006-3412 - tor 0.1.1.20-1 -CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...) +CVE-2006-3411 - tor 0.1.1.20-1 -CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting ...) +CVE-2006-3410 - tor 0.1.1.20-1 -CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...) +CVE-2006-3409 - tor 0.1.1.20-1 -CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...) +CVE-2006-3408 - tor 0.1.1.20-1 -CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...) +CVE-2006-3407 - tor 0.1.1.20-1 -CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...) +CVE-2006-3406 NOT-FOR-US: QTOFileManager -CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...) +CVE-2006-3405 NOT-FOR-US: QTOFileManager -CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...) +CVE-2006-3403 {DSA-1110} - samba 3.0.23a-1 (bug #378070) -CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...) +CVE-2006-3402 NOT-FOR-US: VirtuaStore -CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...) +CVE-2006-3401 NOT-FOR-US: Quake 3 -CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...) +CVE-2006-3400 NOT-FOR-US: Soldier of Fortune 2 -CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...) +CVE-2006-3399 NOT-FOR-US: MoniWiki -CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes ...) +CVE-2006-3398 NOT-FOR-US: Taskjitsu -CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...) +CVE-2006-3397 NOT-FOR-US: Taskjitsu -CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...) +CVE-2006-3396 NOT-FOR-US: Galleria Mambo Module -CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...) +CVE-2006-3395 NOT-FOR-US: SiteBuilder-FX -CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...) +CVE-2006-3394 NOT-FOR-US: BXCP -CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...) +CVE-2006-3393 NOT-FOR-US: Papyrus NASCAR Racing -CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...) +CVE-2006-3392 {DSA-1199-1} - webmin (medium; bug #381537) -CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...) +CVE-2006-3391 NOT-FOR-US: iMBCContents -CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...) +CVE-2006-3390 - wordpress 2.0.4-1 (unimportant) NOTE: http://wordpress.org/news/2006/07/wordpress-204/ -CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...) +CVE-2006-3389 - wordpress 2.0.4-1 (unimportant) NOTE: http://wordpress.org/news/2006/07/wordpress-204/ -CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...) +CVE-2006-3388 - phpmyadmin 4:2.8.2-0.1 (bug #377748; low) [sarge] - phpmyadmin (Vulnerable code not present) -CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...) +CVE-2006-3387 NOT-FOR-US: Fusion News -CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...) +CVE-2006-3386 NOT-FOR-US: Vincent Leclercq News -CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...) +CVE-2006-3385 NOT-FOR-US: Vincent Leclercq News -CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...) +CVE-2006-3384 NOT-FOR-US: Vincent Leclercq News -CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...) +CVE-2006-3383 NOT-FOR-US: mAds -CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...) +CVE-2006-3382 NOT-FOR-US: mAds -CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...) +CVE-2006-3381 NOT-FOR-US: SturGeoN -CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...) +CVE-2006-3380 NOT-FOR-US: FreeStyle Wiki -CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...) +CVE-2006-3379 {DSA-1119} - hiki 0.8.6-1 (bug #378059; low) -CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...) +CVE-2006-3378 {DSA-1150-1} - shadow 1:4.0.14-1 (bug #379174) -CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...) +CVE-2006-3377 NOT-FOR-US: JMB Software AutoRank PHP -CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...) +CVE-2006-3376 {DSA-1194-1} - libwmf 0.2.8.4-2 (bug #381538; medium) -CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) +CVE-2006-3375 NOT-FOR-US: Randshop -CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...) +CVE-2006-3374 NOT-FOR-US: Randshop -CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...) +CVE-2006-3373 NOT-FOR-US: Hobbit -CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...) +CVE-2006-3372 NOT-FOR-US: Apple Safari -CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...) +CVE-2006-3371 NOT-FOR-US: Eupla Foros -CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...) +CVE-2006-3370 NOT-FOR-US: Blueboy -CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...) +CVE-2006-3369 NOT-FOR-US: Kamikaze-QSCM -CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...) +CVE-2006-3368 NOT-FOR-US: Efone -CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...) +CVE-2006-3367 NOT-FOR-US: Mp3NetBox -CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...) +CVE-2006-3366 NOT-FOR-US: V3 Chat -CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via ...) +CVE-2006-3365 NOT-FOR-US: V3 Chat -CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...) +CVE-2006-3364 NOT-FOR-US: BLOG:CMS -CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...) +CVE-2006-3363 NOT-FOR-US: Glossaire for Xoops -CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connector.php ...) +CVE-2006-3362 - knowledgeroot (fixed before first upload; see bug #381912) -CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...) +CVE-2006-3361 NOT-FOR-US: Stud.IP -CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...) +CVE-2006-3360 - phpsysinfo (unimportant) - egroupware (unimportant) - phpgroupware (unimportant) NOTE: Only the existence of files inside the WWW root is leaked. If this is NOTE: a threat to your setup you most probably shouldn't install a script which NOTE: exposes all your system data, either. -CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...) +CVE-2006-3359 NOT-FOR-US: NewsPHP -CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-3358 NOT-FOR-US: NewsPHP -CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...) +CVE-2006-3357 NOT-FOR-US: HTML Help ActiveX control -CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...) +CVE-2006-3356 NOT-FOR-US: Apple -CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...) +CVE-2006-3355 - mpg123 0.60-1 (bug #377264; medium) [sarge] - mpg123 (Non-free not supported) -CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) +CVE-2006-3354 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) +CVE-2006-3353 NOT-FOR-US: Opera -CVE-2006-3352 (** DISPUTED ** ...) +CVE-2006-3352 NOTE: firefox, but invalid -CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...) +CVE-2006-3351 NOT-FOR-US: Windows Explorer -CVE-2006-3695 (Trac before 0.9.6 does not disable the "raw" or "include" commands ...) +CVE-2006-3695 {DSA-1152} - trac 0.9.6-1 (medium) [sarge] - trac 0.8.1-3sarge5 -CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does ...) +CVE-2006-3458 {DSA-1113} - zope2.7 (bug #377285; medium) - zope2.8 2.8.7-2 (bug #377277; medium) - zope2.9 2.9.3-3 (bug #377286; medium) -CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...) +CVE-2006-3404 {DSA-1116} - gimp 2.2.11-3.1 (bug #377049; medium) -CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...) +CVE-2006-3350 NOT-FOR-US: AutoVue SolidModel Professional Desktop -CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...) +CVE-2006-3349 NOT-FOR-US: SmS Script -CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...) +CVE-2006-3348 NOT-FOR-US: HSPcomplete -CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP ...) +CVE-2006-3347 NOT-FOR-US: deV!Lz Clanportal DZCP -CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows ...) +CVE-2006-3346 NOT-FOR-US: MyNewsGroups -CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...) +CVE-2006-3345 NOT-FOR-US: AliPAGER -CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...) +CVE-2006-3344 NOT-FOR-US: Siemens Speedstream Wireless Router -CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in ...) +CVE-2006-3343 NOT-FOR-US: CrisoftRicette -CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...) +CVE-2006-3342 NOT-FOR-US: Arctic -CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...) +CVE-2006-3341 NOT-FOR-US: MyAds module for Xoops -CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...) +CVE-2006-3340 NOT-FOR-US: Pearl For Mambo -CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...) +CVE-2006-3339 NOT-FOR-US: Atlassian -CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...) +CVE-2006-3338 NOT-FOR-US: Atlassian -CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-3337 NOT-FOR-US: cPanel (not the Chinese language tool in Debian) -CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...) +CVE-2006-3336 - twiki 1:4.0.4-3 (low; bug #381907) NOTE: only in some server configurations -CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...) +CVE-2006-3335 NOT-FOR-US: HP-UX -CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...) +CVE-2006-3334 - libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant) NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow NOTE: cannot overwrite other memory sections -CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...) +CVE-2006-3333 NOT-FOR-US: Zorum Forum -CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...) +CVE-2006-3332 NOT-FOR-US: Zorum Forum -CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...) +CVE-2006-3331 NOT-FOR-US: Opera -CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...) +CVE-2006-3330 NOT-FOR-US: PHP/MySQL Classifieds -CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...) +CVE-2006-3329 NOT-FOR-US: PHP/MySQL Classifieds -CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...) +CVE-2006-3328 NOT-FOR-US: Hostflow -CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...) +CVE-2006-3327 NOT-FOR-US: Custom dating biz dating script -CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...) +CVE-2006-3326 NOT-FOR-US: QuickZip -CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...) +CVE-2006-3325 - ioquake3 1.36+svn1788j-1 - tremulous 1.1.0-6 (bug #660834) [squeeze] - tremulous 1.1.0-7~squeeze1 -CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...) +CVE-2006-3324 - ioquake3 1.36+svn1788j-1 - tremulous 1.1.0-6 (bug #660832) [squeeze] - tremulous 1.1.0-7~squeeze1 -CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...) +CVE-2006-3323 NOT-FOR-US: MF Piadas -CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...) +CVE-2006-3322 NOT-FOR-US: phpRaid -CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...) +CVE-2006-3321 NOT-FOR-US: OpenForum -CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...) +CVE-2006-3320 {DSA-1130-1} - sitebar 3.3.8-1.1 (bug #377299; low) -CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...) +CVE-2006-3319 NOT-FOR-US: PHP iCalendar -CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...) +CVE-2006-3318 NOT-FOR-US: phpRaid -CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...) +CVE-2006-3317 NOT-FOR-US: phpRaid -CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...) +CVE-2006-3316 NOT-FOR-US: phpRaid -CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...) +CVE-2006-3315 NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop" -CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...) +CVE-2006-3314 NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop" -CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...) +CVE-2006-3313 NOT-FOR-US: Netsoft smartNet -CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...) +CVE-2006-3312 NOT-FOR-US: QaTraq -CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...) +CVE-2006-3311 - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) CVE-2006-3310 RESERVED -CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...) +CVE-2006-3309 NOT-FOR-US: Scout Portal -CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ...) +CVE-2006-3308 NOT-FOR-US: bbsengine -CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...) +CVE-2006-3307 NOT-FOR-US: bbsengine -CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring function ...) +CVE-2006-3306 NOT-FOR-US: bbsengine -CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...) +CVE-2006-3305 NOT-FOR-US: UebiMiau -CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier ...) +CVE-2006-3304 NOT-FOR-US: DeluxeBB -CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in ...) +CVE-2006-3303 NOT-FOR-US: DeluxeBB -CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS ...) +CVE-2006-3302 NOT-FOR-US: CBSMS Mambo module -CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin ...) +CVE-2006-3301 - phpqladmin (bug #376442; low) -CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in ...) +CVE-2006-3300 NOT-FOR-US: phpmysms -CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...) +CVE-2006-3299 NOT-FOR-US: Usenet Script -CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to ...) +CVE-2006-3298 NOT-FOR-US: Offical Yahoo! Messenger client -CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau ...) +CVE-2006-3297 NOT-FOR-US: UebiMiau -CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows ...) +CVE-2006-3296 NOT-FOR-US: Open Guestbook -CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open ...) +CVE-2006-3295 NOT-FOR-US: Open Guestbook -CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in ...) +CVE-2006-3294 NOT-FOR-US: CBSMS Mambo module -CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...) +CVE-2006-3293 NOT-FOR-US: EnergyMech -CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...) +CVE-2006-3292 NOT-FOR-US: Jaws -CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on ...) +CVE-2006-3291 NOT-FOR-US: Cisco -CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and ...) +CVE-2006-3290 NOT-FOR-US: Cisco -CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...) +CVE-2006-3289 NOT-FOR-US: Cisco -CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...) +CVE-2006-3288 NOT-FOR-US: Cisco -CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and ...) +CVE-2006-3287 NOT-FOR-US: Cisco -CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...) +CVE-2006-3286 NOT-FOR-US: Cisco -CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...) +CVE-2006-3285 NOT-FOR-US: Cisco -CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 ...) +CVE-2006-3284 NOT-FOR-US: Dating Agent PRO -CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote ...) +CVE-2006-3283 NOT-FOR-US: Dating Agent PRO -CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...) +CVE-2006-3282 NOT-FOR-US: Dating Agent PRO -CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...) +CVE-2006-3281 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows ...) +CVE-2006-3280 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...) +CVE-2006-3279 NOT-FOR-US: aeDating -CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...) +CVE-2006-3278 NOT-FOR-US: H-Sphere -CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...) +CVE-2006-3277 NOT-FOR-US: MailEnable -CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...) +CVE-2006-3276 NOT-FOR-US: Helix DNA Server -CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...) +CVE-2006-3275 NOT-FOR-US: YaBB -CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...) +CVE-2006-3274 - webmin (only windows) -CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...) +CVE-2006-3273 NOT-FOR-US: Some Chess -CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...) +CVE-2006-3272 NOT-FOR-US: Some Chess -CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow ...) +CVE-2006-3271 NOT-FOR-US: Softbiz Dating -CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows ...) +CVE-2006-3270 NOT-FOR-US: THoRCMS -CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...) +CVE-2006-3269 NOT-FOR-US: THoRCMS -CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...) +CVE-2006-3268 NOT-FOR-US: Novell GroupWise -CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...) +CVE-2006-3267 NOT-FOR-US: Infinite Core Technologies -CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...) +CVE-2006-3266 NOT-FOR-US: Bee-hive -CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-3265 NOT-FOR-US: Qdig -CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...) +CVE-2006-3264 NOT-FOR-US: Namo DeepSearch -CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...) +CVE-2006-3263 - mambo 4.5.3h-2 (medium) -CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...) +CVE-2006-3262 - mambo 4.5.3h-2 (medium) -CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...) +CVE-2006-3261 NOT-FOR-US: Trend Micro Control Manager -CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...) +CVE-2006-3260 NOT-FOR-US: vlbook -CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...) +CVE-2006-3259 NOT-FOR-US: e107 -CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...) +CVE-2006-3258 NOT-FOR-US: BNBT TrinEdit and EasyTracker -CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...) +CVE-2006-3257 NOT-FOR-US: Claroline -CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board ...) +CVE-2006-3256 NOT-FOR-US: Woltlab Burning Board -CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ...) +CVE-2006-3255 NOT-FOR-US: Woltlab Burning Board -CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...) +CVE-2006-3254 NOT-FOR-US: Woltlab Burning Board -CVE-2006-3253 (** DISPUTED ** ...) +CVE-2006-3253 NOT-FOR-US: vBulletin -CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...) +CVE-2006-3252 NOT-FOR-US: Algorithmic Research PrivateWire VPN -CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...) +CVE-2006-3251 {DSA-1114} - hashcash 1.21 (bug #376444) -CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...) +CVE-2006-3250 NOT-FOR-US: Windows Live Messenger -CVE-2006-3249 (** DISPUTED ** ...) +CVE-2006-3249 NOT-FOR-US: Phorum CVE-2006-3248 REJECTED -CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...) +CVE-2006-3247 NOT-FOR-US: GL-SH Deaf Forum -CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf ...) +CVE-2006-3246 NOT-FOR-US: GL-SH Deaf Forum -CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...) +CVE-2006-3245 NOT-FOR-US: mvnForum -CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier ...) +CVE-2006-3244 NOT-FOR-US: Anthill -CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) ...) +CVE-2006-3243 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in ...) +CVE-2006-3242 {DSA-1108} - mutt 1.5.11+cvs20060403-2 (low; bug #375828) -CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB ...) +CVE-2006-3241 NOT-FOR-US: XennoBB -CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in ...) +CVE-2006-3240 NOT-FOR-US: dotProject -CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...) +CVE-2006-3239 NOT-FOR-US: VBZooM -CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier ...) +CVE-2006-3238 NOT-FOR-US: VBZooM -CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise ...) +CVE-2006-3237 NOT-FOR-US: Enterprise Groupware System -CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier ...) +CVE-2006-3236 NOT-FOR-US: thinkWMS -CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-3235 NOT-FOR-US: FineShop -CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 ...) +CVE-2006-3234 NOT-FOR-US: FineShop -CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in ...) +CVE-2006-3233 NOT-FOR-US: OpenWebMail -CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...) +CVE-2006-3232 NOT-FOR-US: IBM WebSphere -CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) +CVE-2006-3231 NOT-FOR-US: IBM WebSphere -CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...) +CVE-2006-3230 NOT-FOR-US: Azureus plugin that isn't distributed by default -CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, ...) +CVE-2006-3229 NOT-FOR-US: OpenWebMail -CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including ...) +CVE-2006-3228 NOT-FOR-US: WinAmp -CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...) +CVE-2006-3227 NOT-FOR-US: Internet Explorer -CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...) +CVE-2006-3226 NOT-FOR-US: Cisco -CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...) +CVE-2006-3225 NOT-FOR-US: Sun ONE Application Server -CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...) +CVE-2006-3224 NOT-FOR-US: Apple Safari -CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...) +CVE-2006-3223 NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) -CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...) +CVE-2006-3222 NOT-FOR-US: Fortinet FortiOS -CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...) +CVE-2006-3221 NOT-FOR-US: DataLife -CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...) +CVE-2006-3220 NOT-FOR-US: Woltlab Burning Board -CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...) +CVE-2006-3219 NOT-FOR-US: Woltlab Burning Board -CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...) +CVE-2006-3218 NOT-FOR-US: Woltlab Burning Board -CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...) +CVE-2006-3217 NOT-FOR-US: JaguarEditControl -CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...) +CVE-2006-3216 NOT-FOR-US: MAILsweeper -CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...) +CVE-2006-3215 NOT-FOR-US: MAILsweeper -CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...) +CVE-2006-3214 NOT-FOR-US: Hitachi Groupmax -CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...) +CVE-2006-3213 NOT-FOR-US: WeBBoA Hosting -CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...) +CVE-2006-3212 NOT-FOR-US: cjGuestbook -CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...) +CVE-2006-3211 NOT-FOR-US: cjGuestbook -CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...) +CVE-2006-3210 NOT-FOR-US: Ralf Image Gallery -CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...) +CVE-2006-3209 NOT-FOR-US: Microsoft Windows -CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...) +CVE-2006-3208 NOT-FOR-US: Ultimate PHP Board -CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...) +CVE-2006-3207 NOT-FOR-US: Ultimate PHP Board -CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...) +CVE-2006-3206 NOT-FOR-US: Ultimate PHP Board -CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...) +CVE-2006-3205 NOT-FOR-US: Ultimate PHP Board -CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...) +CVE-2006-3204 NOT-FOR-US: Ultimate PHP Board -CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...) +CVE-2006-3203 NOT-FOR-US: Ultimate PHP Board -CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...) +CVE-2006-3202 NOT-FOR-US: NetBSD's KAME stack -CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...) +CVE-2006-3201 NOT-FOR-US: HP-UX -CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...) +CVE-2006-3200 NOT-FOR-US: Internet Explorer -CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) +CVE-2006-3199 NOT-FOR-US: Opera -CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...) +CVE-2006-3198 NOT-FOR-US: Opera -CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) +CVE-2006-3197 NOT-FOR-US: Invision Power Board -CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...) +CVE-2006-3196 NOT-FOR-US: singapore -CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) +CVE-2006-3195 NOT-FOR-US: singapore -CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...) +CVE-2006-3194 NOT-FOR-US: singapore -CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...) +CVE-2006-3193 NOT-FOR-US: BandSite -CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...) +CVE-2006-3192 NOT-FOR-US: Ad Manager -CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...) +CVE-2006-3191 NOT-FOR-US: MPCS -CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...) +CVE-2006-3190 NOT-FOR-US: HotPlug CMS -CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-3189 NOT-FOR-US: HotPlug CMS -CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...) +CVE-2006-3188 NOT-FOR-US: Sharky e-shop -CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...) +CVE-2006-3187 NOT-FOR-US: Sharky e-shop -CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...) +CVE-2006-3186 NOT-FOR-US: CMS Faethon -CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...) +CVE-2006-3185 NOT-FOR-US: CMS Faethon -CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...) +CVE-2006-3184 NOT-FOR-US: ASP Stats Generator -CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...) +CVE-2006-3183 NOT-FOR-US: Mobile Space Community -CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...) +CVE-2006-3182 NOT-FOR-US: Mobile Space Community -CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...) +CVE-2006-3181 NOT-FOR-US: Mobile Space Community -CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...) +CVE-2006-3180 NOT-FOR-US: Confixx Pro -CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...) +CVE-2006-3179 NOT-FOR-US: Confixx Pro -CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...) +CVE-2006-3178 {DSA-1144-1} - chmlib 0.38-1 (bug #374085; low) -CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...) +CVE-2006-3177 NOT-FOR-US: The Bible Portal Project -CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...) +CVE-2006-3176 NOT-FOR-US: xarancms -CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...) +CVE-2006-3175 NOT-FOR-US: mcGuestbook -CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...) +CVE-2006-3174 - squirrelmail 2:1.4.7-1 (bug #375782; unimportant) NOTE: Operation with registers_globals not supported -CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) +CVE-2006-3173 NOT-FOR-US: Content*Builder -CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) +CVE-2006-3172 NOT-FOR-US: Content*Builder -CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...) +CVE-2006-3171 NOT-FOR-US: CS-Forum -CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...) +CVE-2006-3170 NOT-FOR-US: CS-Forum -CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...) +CVE-2006-3169 NOT-FOR-US: CS-Forum -CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...) +CVE-2006-3168 NOT-FOR-US: CS-Forum -CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...) +CVE-2006-3167 NOT-FOR-US: Free Realty -CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...) +CVE-2006-3166 NOT-FOR-US: Free Realty -CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...) +CVE-2006-3165 NOT-FOR-US: Free Realty -CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...) +CVE-2006-3164 NOT-FOR-US: tplShop -CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...) +CVE-2006-3163 NOT-FOR-US: IMGallery -CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...) +CVE-2006-3162 NOT-FOR-US: SmartSiteCMS -CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...) +CVE-2006-3161 NOT-FOR-US: SaphpLesson -CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...) +CVE-2006-3160 NOT-FOR-US: Simple File Manager -CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...) +CVE-2006-3159 NOT-FOR-US: Sun ONE/iPlanet Messaging Server -CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...) +CVE-2006-3158 NOT-FOR-US: Eduha Meeting -CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...) +CVE-2006-3157 NOT-FOR-US: UltimateGoogle -CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...) +CVE-2006-3156 NOT-FOR-US: Ultimate eShop -CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...) +CVE-2006-3155 NOT-FOR-US: Ultimate Auction -CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...) +CVE-2006-3154 NOT-FOR-US: Ultimate Estate -CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...) +CVE-2006-3153 NOT-FOR-US: Ultimate Estate -CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...) +CVE-2006-3152 NOT-FOR-US: phpTRADER -CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...) +CVE-2006-3151 NOT-FOR-US: AssoCIateD -CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...) +CVE-2006-3150 NOT-FOR-US: CavoxCms -CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...) +CVE-2006-3149 NOT-FOR-US: phpMyForum -CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...) +CVE-2006-3148 NOT-FOR-US: Open-Realty -CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...) +CVE-2006-3147 NOT-FOR-US: Hosting Controller -CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...) +CVE-2006-3146 NOT-FOR-US: Toshiba drivers for Windows -CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...) +CVE-2006-3145 - netpbm-free (Debian's version is too old; affects 10.30 to 10.33 only) -CVE-2006-3144 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3144 NOT-FOR-US: IBD Micro CMS -CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...) +CVE-2006-3143 NOT-FOR-US: Maximus SchoolMAX -CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...) +CVE-2006-3142 NOT-FOR-US: VBZooM -CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...) +CVE-2006-3141 NOT-FOR-US: Tradingeye Shop -CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...) +CVE-2006-3140 NOT-FOR-US: openCI -CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...) +CVE-2006-3139 NOT-FOR-US: Virtual War -CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...) +CVE-2006-3138 NOT-FOR-US: phpMyDirectory -CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...) +CVE-2006-3137 NOT-FOR-US: Edge eCommerce Shop -CVE-2006-3136 (** DISPUTED ** ...) +CVE-2006-3136 NOT-FOR-US: Nucleus -CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...) +CVE-2006-3135 NOT-FOR-US: CMS Mundo -CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by ...) +CVE-2006-3134 NOT-FOR-US: GraceNote ActiveX Control CVE-2006-3133 RESERVED -CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...) +CVE-2006-3132 NOT-FOR-US: QTOFileManager -CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...) +CVE-2006-3131 NOT-FOR-US: Clubpage -CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote ...) +CVE-2006-3130 NOT-FOR-US: Clubpage -CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...) +CVE-2006-3129 NOT-FOR-US: LinkList -CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does ...) +CVE-2006-3128 NOT-FOR-US: easy-CMS -CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun ...) +CVE-2006-3127 - mozilla (SunSolve claims it is only in 3.11; latest released is 3.10) -CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...) +CVE-2006-3126 {DSA-1165} - capi4hylafax 1:01.03.00.99.svn.300-3 -CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...) +CVE-2006-3125 {DSA-1163} - gtetrinet 0.7.10-1 -CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...) +CVE-2006-3124 {DSA-1158} - streamripper 1.61.25-2 -CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...) +CVE-2006-3123 {DSA-1138-1} - cfs 1.4.1-17 -CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...) +CVE-2006-3122 {DSA-1143-1} - dhcp 2.0pl5-19.5 (bug #380273) -CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...) +CVE-2006-3121 {DSA-1151-1} - heartbeat-2 2.0.6-2 - heartbeat 1.2.4-14 -CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...) +CVE-2006-3120 {DSA-1129} - osiris 4.2.0-2 (medium) -CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...) +CVE-2006-3119 {DSA-1124} - fbi 2.05-1 -CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...) +CVE-2006-3118 - spread 3.17.3-4 (bug #375617; low) [sarge] - spread (Minimal security implications) -CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...) +CVE-2006-3117 {DSA-1104} - openoffice.org 2.0.3-1 -CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...) +CVE-2006-3116 NOT-FOR-US: phpRaid -CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...) +CVE-2006-3115 NOT-FOR-US: phpRaid -CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...) +CVE-2006-3114 NOT-FOR-US: PC Tools AntiVirus -CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) +CVE-2006-3113 NOTE: MFSA-2006-46 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) @@ -9282,372 +9282,372 @@ CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, a - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird -CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...) +CVE-2006-3112 NOT-FOR-US: Chipmailer -CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...) +CVE-2006-3111 NOT-FOR-US: Chipmailer -CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...) +CVE-2006-3110 NOT-FOR-US: Chipmailer -CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...) +CVE-2006-3109 NOT-FOR-US: Cisco -CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...) +CVE-2006-3108 NOT-FOR-US: EmailArchitect -CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) +CVE-2006-3107 NOT-FOR-US: Docebo -CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2006-3106 NOT-FOR-US: phpMyDesktop -CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...) +CVE-2006-3105 NOT-FOR-US: Bitweaver -CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain ...) +CVE-2006-3104 NOT-FOR-US: Bitweaver -CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows ...) +CVE-2006-3103 NOT-FOR-US: Bitweaver -CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...) +CVE-2006-3102 NOT-FOR-US: Bitweaver -CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...) +CVE-2006-3101 NOT-FOR-US: Cisco CVE-2006-3099 RESERVED CVE-2006-3098 RESERVED -CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and ...) +CVE-2006-3097 NOT-FOR-US: HP-UX Support Tools Manager -CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...) +CVE-2006-3096 NOT-FOR-US: iPostMX -CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 ...) +CVE-2006-3095 NOT-FOR-US: iPostMX -CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...) +CVE-2006-3094 NOT-FOR-US: Calendarix Basic -CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...) +CVE-2006-3093 NOT-FOR-US: Adobe Reader -CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...) +CVE-2006-3092 NOT-FOR-US: PhpMyFactures -CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote ...) +CVE-2006-3091 NOT-FOR-US: PhpMyFactures -CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and ...) +CVE-2006-3090 NOT-FOR-US: PhpMyFactures -CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures ...) +CVE-2006-3089 NOT-FOR-US: PhpMyFactures -CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car ...) +CVE-2006-3088 NOT-FOR-US: Car Classifieds -CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 ...) +CVE-2006-3087 NOT-FOR-US: EZGallery -CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...) +CVE-2006-3086 NOT-FOR-US: Microsoft -CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to ...) +CVE-2006-3084 {DSA-1146-1} - krb5 1.4.3-9 (medium) -CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...) +CVE-2006-3083 {DSA-1146-1} - krb5 1.4.3-9 (medium) -CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...) +CVE-2006-3082 {DSA-1115 DSA-1107} - gnupg 1.4.3-2 (bug #375052; bug #375473; low) - gnupg2 1.9.20-1.1 (bug #375053; low) -CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...) +CVE-2006-3081 {DSA-1112} - mysql-dfsg-5.0 5.0.19-1 (bug #373913; high) CVE-2006-3100 [termnetd buffer overflow] RESERVED - termpkg 3.3-7 (bug #358028; medium) -CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...) +CVE-2006-3085 - linux-2.6 2.6.16-15 CVE-2006-XXXX [webalizer-stonesteps XSS] - webalizer-stonesteps 2.4.1.2-1 -CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in ...) +CVE-2006-3080 NOT-FOR-US: aXentForum -CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus ...) +CVE-2006-3079 NOT-FOR-US: SSPwiz Plus -CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier ...) +CVE-2006-3078 NOT-FOR-US: APBoard -CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in ...) +CVE-2006-3077 NOT-FOR-US: aXentGuestbook -CVE-2006-3076 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3076 NOT-FOR-US: PhpBlueDragon -CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...) +CVE-2006-3075 NOT-FOR-US: PictureDis Professional -CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky ...) +CVE-2006-3074 NOT-FOR-US: Several Kaspersky products -CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...) +CVE-2006-3073 NOT-FOR-US: Cisco -CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...) +CVE-2006-3072 NOT-FOR-US: Symantec Security Information Manager -CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...) +CVE-2006-3071 NOT-FOR-US: MP3 Search/Archive -CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...) +CVE-2006-3070 NOT-FOR-US: Zeroboard -CVE-2006-3069 (** DISPUTED ** ...) +CVE-2006-3069 NOT-FOR-US: DoubleSpeak -CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...) +CVE-2006-3068 NOT-FOR-US: IBM DB2 -CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database ...) +CVE-2006-3067 NOT-FOR-US: IBM DB2 -CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ...) +CVE-2006-3066 NOT-FOR-US: IBM DB2 -CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex ...) +CVE-2006-3065 NOT-FOR-US: blur6ex -CVE-2006-3064 (SQL injection vulnerability in the add_hit function in ...) +CVE-2006-3064 NOT-FOR-US: Coppermine Photo Gallery -CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...) +CVE-2006-3063 NOT-FOR-US: myPHP Guestbook -CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP ...) +CVE-2006-3062 NOT-FOR-US: myPHP Guestbook -CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review ...) +CVE-2006-3061 NOT-FOR-US: 5 Star Review -CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...) +CVE-2006-3060 NOT-FOR-US: P.A.I.D -CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) +CVE-2006-3059 NOT-FOR-US: Microsoft Excel CVE-2006-3058 RESERVED -CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...) +CVE-2006-3057 - dhcdbd 1.14-1 -CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...) +CVE-2006-3056 NOT-FOR-US: VBZooM -CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...) +CVE-2006-3055 NOT-FOR-US: VBZooM -CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...) +CVE-2006-3054 NOT-FOR-US: VBZooM -CVE-2006-3053 (** DISPUTED ** ...) +CVE-2006-3053 NOT-FOR-US: PHORUM -CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...) +CVE-2006-3052 NOT-FOR-US: Event Registration -CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...) +CVE-2006-3051 NOT-FOR-US: SixCMS -CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...) +CVE-2006-3050 NOT-FOR-US: SixCMS -CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...) +CVE-2006-3049 NOT-FOR-US: Mole Group Ticket Booking Script -CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...) +CVE-2006-3048 - tikiwiki 1.9.4-1 (medium) -CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and ...) +CVE-2006-3047 - tikiwiki 1.9.4-1 (medium) -CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...) +CVE-2006-3046 NOT-FOR-US: Subtext -CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...) +CVE-2006-3045 NOT-FOR-US: Foing -CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...) +CVE-2006-3044 NOT-FOR-US: LogiSphere -CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...) +CVE-2006-3043 NOT-FOR-US: CFXe-CMS -CVE-2006-3042 (** DISPUTED ** ...) +CVE-2006-3042 NOT-FOR-US: ISPConfig -CVE-2006-3041 (** DISPUTED ** ...) +CVE-2006-3041 NOT-FOR-US: Codewalkers Ltwcalendar -CVE-2006-3040 (** DISPUTED ** ...) +CVE-2006-3040 NOT-FOR-US: Amr Talkbox -CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...) +CVE-2006-3039 NOT-FOR-US: Cescripts Realty Home Rent -CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...) +CVE-2006-3038 NOT-FOR-US: Cescripts Realty Home Rent -CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...) +CVE-2006-3037 NOT-FOR-US: ST AdManager Lite -CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-3036 NOT-FOR-US: 35mmslidegallery -CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...) +CVE-2006-3035 NOT-FOR-US: MyScrapbook -CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...) +CVE-2006-3034 NOT-FOR-US: MyScrapbook -CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...) +CVE-2006-3033 NOT-FOR-US: MyScrapbook -CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...) +CVE-2006-3032 NOT-FOR-US: Xtreme ASP Photo Gallery -CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...) +CVE-2006-3031 NOT-FOR-US: fipsCMS -CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...) +CVE-2006-3030 NOT-FOR-US: DwZone Shopping Cart -CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...) +CVE-2006-3029 NOT-FOR-US: ClickTech Clickcart -CVE-2006-3028 (PHP remote file inclusion vulnerability in ...) +CVE-2006-3028 NOT-FOR-US: Minerva -CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...) +CVE-2006-3027 NOT-FOR-US: Enthrallwebe ePhotos -CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...) +CVE-2006-3026 NOT-FOR-US: ClickGallery -CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...) +CVE-2006-3025 NOT-FOR-US: Chris Lea Lucid Calendar -CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...) +CVE-2006-3024 NOT-FOR-US: EvGenius Counter -CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...) +CVE-2006-3023 NOT-FOR-US: Uapplication Uphotogallery -CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...) +CVE-2006-3022 NOT-FOR-US: fipsGallery -CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...) +CVE-2006-3021 NOT-FOR-US: BlueCollar i-Gallery -CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...) +CVE-2006-3020 NOT-FOR-US: WS-Album -CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...) +CVE-2006-3019 NOT-FOR-US: phpCMS -CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...) +CVE-2006-3018 - php5 5.1.4-0.1 (unimportant) - php4 (unimportant) NOTE: Sanitising is the application's responsibilitys -CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...) +CVE-2006-3017 {DSA-1206-1} - php5 5.1.4-0.1 (medium) - php4 4:4.4.4-1 (medium; bug #381998) -CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...) +CVE-2006-3016 - php5 5.1.4-0.1 (unimportant) - php4 4:4.4.4-1 (unimportant; bug #382259) NOTE: Sanitising is the application's responsibilitys -CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...) +CVE-2006-3015 NOT-FOR-US: WinSCP -CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...) +CVE-2006-3014 NOT-FOR-US: Microsoft Excel / Flashplayer for Windows -CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...) +CVE-2006-3013 NOT-FOR-US: phpBannerExchange -CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...) +CVE-2006-3012 NOT-FOR-US: phpBannerExchange -CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...) +CVE-2006-3011 - php4 4:4.4.4-1 (unimportant) - php5 5.1.6-1 (unimportant) NOTE: Safe mode violations are not supported -CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...) +CVE-2006-3010 NOT-FOR-US: Open Business Management -CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...) +CVE-2006-3009 NOT-FOR-US: Open Business Management CVE-2006-3008 REJECTED -CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...) +CVE-2006-3007 NOT-FOR-US: SHOUTcast -CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...) +CVE-2006-3006 NOT-FOR-US: iFoto -CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...) +CVE-2006-3005 - libjpeg6b (--maxmem is set during configure) - libjpeg-mmx (bug #373672; low) [sarge] - libjpeg-mmx (If this poses a threat, the admin can apply resource limits) -CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...) +CVE-2006-3004 NOT-FOR-US: Ez Ringtone -CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...) +CVE-2006-3003 NOT-FOR-US: Easy Ad-Manager -CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...) +CVE-2006-3002 NOT-FOR-US: OkScripts product -CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...) +CVE-2006-3001 NOT-FOR-US: OkScripts product -CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...) +CVE-2006-3000 NOT-FOR-US: OkScripts product -CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...) +CVE-2006-2999 NOT-FOR-US: OkScripts product -CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...) +CVE-2006-2998 NOT-FOR-US: QBoard -CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...) +CVE-2006-2997 - zope-zms (bug #373667; unimportant) [sarge] - zope-zms (Only exploitable with register_globals) NOTE: register_globals is an unsupported mode of operation in Debian -CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in ...) +CVE-2006-2996 NOT-FOR-US: aePartner -CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB ...) +CVE-2006-2995 NOT-FOR-US: WebprojectDB -CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2994 NOT-FOR-US: phazizGuestbook -CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and ...) +CVE-2006-2993 NOT-FOR-US: My Photo Scrapbook -CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo ...) +CVE-2006-2992 NOT-FOR-US: My Photo Scrapbook -CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 ...) +CVE-2006-2991 NOT-FOR-US: Ringlink -CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...) +CVE-2006-2990 NOT-FOR-US: VanillaSoft -CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ...) +CVE-2006-2989 NOT-FOR-US: ASP ListPics -CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...) +CVE-2006-2988 NOT-FOR-US: Chemical Dictionary -CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...) +CVE-2006-2987 NOT-FOR-US: PICRATE -CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie ...) +CVE-2006-2986 NOT-FOR-US: vSCAL and vsREAL -CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and ...) +CVE-2006-2985 NOT-FOR-US: IntegraMOD -CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD ...) +CVE-2006-2984 NOT-FOR-US: IntegraMOD -CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and ...) +CVE-2006-2983 NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS) -CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise ...) +CVE-2006-2982 NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS) -CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats ...) +CVE-2006-2981 NOT-FOR-US: Arantius Vice Stats -CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...) +CVE-2006-2980 NOT-FOR-US: ViArt -CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...) +CVE-2006-2979 NOT-FOR-US: ViArt -CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...) +CVE-2006-2978 NOT-FOR-US: Moblog -CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...) +CVE-2006-2977 NOT-FOR-US: Moblog -CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...) +CVE-2006-2976 NOT-FOR-US: Coppermine -CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-2975 NOT-FOR-US: PBL Guestbook -CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...) +CVE-2006-2974 NOT-FOR-US: EmailArchitect -CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite ...) +CVE-2006-2973 NOT-FOR-US: PHP Lite Calendar -CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...) +CVE-2006-2972 NOT-FOR-US: Arantius Vice Stats -CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows ...) +CVE-2006-2971 - overkill 0.16-9 (bug #373687; low) [sarge] - overkill (Only DoS against an obscure game, no code injection possible) -CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...) +CVE-2006-2970 NOT-FOR-US: tinyMuw -CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...) +CVE-2006-2969 NOT-FOR-US: tinyMuw -CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...) +CVE-2006-2968 NOT-FOR-US: LabWiki -CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network ...) +CVE-2006-2967 NOT-FOR-US: SafeNET -CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle ...) +CVE-2006-2966 NOT-FOR-US: Particle Wiki -CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft ...) +CVE-2006-2965 NOT-FOR-US: Particle Whois -CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts ...) +CVE-2006-2964 NOT-FOR-US: Xtreme Downloads -CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in ...) +CVE-2006-2963 NOT-FOR-US: Cabacos Web CMS -CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...) +CVE-2006-2962 NOT-FOR-US: Empris -CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...) +CVE-2006-2961 NOT-FOR-US: CesarFTP -CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...) +CVE-2006-2960 NOT-FOR-US: Joomla! -CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...) +CVE-2006-2959 NOT-FOR-US: Snitz Forum -CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...) +CVE-2006-2958 NOT-FOR-US: FilZip -CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and ...) +CVE-2006-2957 NOT-FOR-US: i.List -CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...) +CVE-2006-2956 NOT-FOR-US: i.List -CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...) +CVE-2006-2955 NOT-FOR-US: KAPhotoservice -CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...) +CVE-2006-2954 NOT-FOR-US: OfficeFlow -CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...) +CVE-2006-2953 NOT-FOR-US: OfficeFlow -CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...) +CVE-2006-2952 NOT-FOR-US: NPDS -CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) +CVE-2006-2951 NOT-FOR-US: NPDS -CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote ...) +CVE-2006-2950 NOT-FOR-US: NPDS -CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...) +CVE-2006-2949 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root ...) +CVE-2006-2948 NOT-FOR-US: A-CART -CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...) +CVE-2006-2947 NOT-FOR-US: Dmx Forum -CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...) +CVE-2006-2946 NOT-FOR-US: Dmx Forum -CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...) +CVE-2006-2945 - dokuwiki 0.0.20060309-4 (bug #373689; low) -CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...) +CVE-2006-2944 NOT-FOR-US: FORM2MAIL -CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...) +CVE-2006-2943 NOT-FOR-US: WebFORM -CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...) +CVE-2006-2942 - twiki (Debian's version is old and does not include affected file) -CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...) +CVE-2006-2941 - mailman (Mailman uses the system version of the affected Python lib) -CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...) +CVE-2006-2940 {DSA-1195-1 DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 @@ -9656,376 +9656,376 @@ CVE-2006-2939 REJECTED CVE-2006-2938 REJECTED -CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...) +CVE-2006-2937 {DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 - openssl096 -CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...) +CVE-2006-2936 {DSA-1184-2} - linux-2.6 2.6.17-5 (low) -CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...) +CVE-2006-2935 {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.17-5 (low) -CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...) +CVE-2006-2934 - linux-2.6 2.6.17-3 -CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...) +CVE-2006-2933 [sarge] - kdebase (Only KDE < 3.2 vulnerable) - kdebase 3.5.2-1 (medium) NOTE: exact fixed version not known, however bug only affects < 3.2 -CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...) +CVE-2006-2932 - linux-2.6 (vulnerable code not present) -CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...) +CVE-2006-2931 NOT-FOR-US: CMS Mundo -CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...) +CVE-2006-2930 NOT-FOR-US: Sun -CVE-2006-2929 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2929 NOT-FOR-US: OpenEMR -CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...) +CVE-2006-2928 NOT-FOR-US: CMS-Bandits -CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) +CVE-2006-2927 NOT-FOR-US: CAForum -CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate ...) +CVE-2006-2926 NOT-FOR-US: Qbik -CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in ...) +CVE-2006-2925 NOT-FOR-US: Ingate -CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before ...) +CVE-2006-2924 NOT-FOR-US: Ingate -CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as ...) +CVE-2006-2923 - iaxclient 0.0+svn20060520-2 -CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie ...) +CVE-2006-2922 NOT-FOR-US: MiraksGalerie -CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in ...) +CVE-2006-2921 NOT-FOR-US: CMPro -CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...) +CVE-2006-2920 - sylpheed 2.2.6-1 (low) [sarge] - sylpheed (Minor evasion of phishing protection feature) - sylpheed-gtk1 1.0.6-3 (bug #373187; low) - sylpheed-claws 1.0.5-3 (bug #372891; low) [sarge] - sylpheed-claws (Minor evasion of phishing protection feature) - sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low) -CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...) +CVE-2006-2919 NOT-FOR-US: Microsoft -CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...) +CVE-2006-2918 NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component -CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...) +CVE-2006-2917 NOT-FOR-US: WinGate -CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...) +CVE-2006-2916 - arts 1.5.3-2 (bug #374003; low) [sarge] - arts (Not setuid root in Debian) NOTE: artswrapper is not suid root by default, but README.Debian describes it -CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...) +CVE-2006-2915 NOT-FOR-US: DeluxeBB -CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...) +CVE-2006-2914 NOT-FOR-US: DeluxeBB -CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...) +CVE-2006-2913 NOT-FOR-US: SelectaPix -CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...) +CVE-2006-2912 NOT-FOR-US: SelectaPix -CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...) +CVE-2006-2911 NOT-FOR-US: CMS Mundo -CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...) +CVE-2006-2910 NOT-FOR-US: jetAudio -CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...) +CVE-2006-2909 NOT-FOR-US: PicoZip -CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...) +CVE-2006-2908 NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2907 RESERVED -CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...) +CVE-2006-2906 {DSA-1117} - libgd2 2.0.33-5 (bug #372912; low) - tetex-bin (Links dynamically, see #382506) -CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...) +CVE-2006-2905 NOT-FOR-US: Partial Links -CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...) +CVE-2006-2904 NOT-FOR-US: Partial Links -CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle ...) +CVE-2006-2903 NOT-FOR-US: Partial Links -CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...) +CVE-2006-2902 NOT-FOR-US: Partial Links -CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...) +CVE-2006-2901 NOT-FOR-US: D-Link -CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...) +CVE-2006-2900 NOT-FOR-US: Microsoft -CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...) +CVE-2006-2899 NOT-FOR-US: ESTsoft InternetDISK -CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...) +CVE-2006-2898 {DSA-1126} - asterisk 1:1.2.10.dfsg-2 (bug #380054) - iax 0.2.2-5 [sarge] - iax (Vulnerable code not present) - iaxmodem 0.1.8.dfsg-2 -CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...) +CVE-2006-2897 NOT-FOR-US: Funkboard -CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...) +CVE-2006-2896 NOT-FOR-US: Funkboard -CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...) +CVE-2006-2895 - mediawiki (Affects only 1.6.0-1.6.6) -CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...) +CVE-2006-2894 {DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8 - xulrunner 1.8.1.9-1 - iceape 1.1.5 -CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...) +CVE-2006-2893 NOT-FOR-US: GANTTy -CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...) +CVE-2006-2892 NOT-FOR-US: GANTTy -CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...) +CVE-2006-2891 NOT-FOR-US: Pixelpost -CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...) +CVE-2006-2890 NOT-FOR-US: Pixelpost -CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...) +CVE-2006-2889 NOT-FOR-US: Pixelpost -CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...) +CVE-2006-2888 NOT-FOR-US: Wikiwig -CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...) +CVE-2006-2887 NOT-FOR-US: myNewsletter -CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...) +CVE-2006-2886 - knowledgetree (bug #373137; low) -CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...) +CVE-2006-2885 - knowledgetree (bug #373137; low) -CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...) +CVE-2006-2884 NOT-FOR-US: Kmita -CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...) +CVE-2006-2883 NOT-FOR-US: Kmita -CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...) +CVE-2006-2882 NOT-FOR-US: ASPScriptz -CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...) +CVE-2006-2881 NOT-FOR-US: DreamAccount -CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...) +CVE-2006-2880 NOT-FOR-US: pyblosxom package doesn't ship plugins -CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...) +CVE-2006-2879 NOT-FOR-US: Alex News-Engine -CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...) +CVE-2006-2878 - dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high) -CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...) +CVE-2006-2877 NOT-FOR-US: Bookmark4U -CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...) +CVE-2006-2876 NOT-FOR-US: PHP Pro Publish -CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...) +CVE-2006-2875 - tremulous 1.1.0-6 (bug #660827) [squeeze] - tremulous 1.1.0-7~squeeze1 - ioquake3 1.36+svn1788j-1 -CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...) +CVE-2006-2874 NOT-FOR-US: OSADS -CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...) +CVE-2006-2873 NOT-FOR-US: Enigma Haber -CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...) +CVE-2006-2872 NOT-FOR-US: Rumble -CVE-2006-2871 (** DISPUTED ** ...) +CVE-2006-2871 NOT-FOR-US: CyBoards -CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...) +CVE-2006-2870 NOT-FOR-US: Intelligent Solutions Inc. -CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...) +CVE-2006-2869 NOT-FOR-US: Avast -CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...) +CVE-2006-2868 NOT-FOR-US: Claroline -CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...) +CVE-2006-2867 NOT-FOR-US: CoolForum -CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...) +CVE-2006-2866 NOT-FOR-US: DotClear -CVE-2006-2865 (** DISPUTED ** ...) +CVE-2006-2865 NOTE: phpbb2, but invalid -CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...) +CVE-2006-2864 NOT-FOR-US: BlueShoes -CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...) +CVE-2006-2863 NOT-FOR-US: CS-Cart -CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...) +CVE-2006-2862 NOT-FOR-US: Particle Gallery -CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...) +CVE-2006-2861 NOT-FOR-US: Particle Wiki -CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...) +CVE-2006-2860 NOT-FOR-US: Webspotblogging -CVE-2006-2859 (** DISPUTED ** ...) +CVE-2006-2859 NOT-FOR-US: MyBloggie -CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...) +CVE-2006-2858 NOT-FOR-US: LocazoList -CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...) +CVE-2006-2857 NOT-FOR-US: LifeType -CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...) +CVE-2006-2856 NOT-FOR-US: ActiveState -CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...) +CVE-2006-2855 NOT-FOR-US: xueBook -CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...) +CVE-2006-2854 NOT-FOR-US: iBWd -CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...) +CVE-2006-2853 NOT-FOR-US: abarcar -CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...) +CVE-2006-2852 NOT-FOR-US: dotWidget -CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...) +CVE-2006-2851 NOT-FOR-US: dotProject -CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...) +CVE-2006-2850 NOT-FOR-US: LabWiki -CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...) +CVE-2006-2849 NOT-FOR-US: Bytehoard -CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...) +CVE-2006-2848 NOT-FOR-US: aspWebLinks -CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...) +CVE-2006-2847 NOT-FOR-US: aspWebLinks -CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...) +CVE-2006-2846 NOT-FOR-US: VisionGate -CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...) +CVE-2006-2845 NOT-FOR-US: Redaxo -CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...) +CVE-2006-2844 NOT-FOR-US: Redaxo -CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...) +CVE-2006-2843 NOT-FOR-US: Redaxo -CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...) +CVE-2006-2841 NOT-FOR-US: AssoCIateD -CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...) +CVE-2006-2840 NOT-FOR-US: PmWiki -CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...) +CVE-2006-2839 NOT-FOR-US: WeBWorK -CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...) +CVE-2006-2838 NOT-FOR-US: F-Secure -CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...) +CVE-2006-2837 NOT-FOR-US: Techno Dreams -CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...) +CVE-2006-2836 NOT-FOR-US: Pineapple Technologies Lore -CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...) +CVE-2006-2835 NOT-FOR-US: saphplesson -CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...) +CVE-2006-2834 NOT-FOR-US: gnopaste -CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...) +CVE-2006-2833 {DSA-1125} - drupal 4.5.8-1.1 (medium) -CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...) +CVE-2006-2832 {DSA-1125} - drupal 4.5.8-1.1 (medium) -CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...) +CVE-2006-2831 {DSA-1125} NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1) NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which NOTE: fixes CVE-2006-2831. - drupal 4.5.8-1.1 (medium) -CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...) +CVE-2006-2830 NOT-FOR-US: TIBCO -CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...) +CVE-2006-2829 NOT-FOR-US: TIBCO -CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...) +CVE-2006-2828 NOT-FOR-US: PHP-Nuke -CVE-2006-2827 (** DISPUTED ** ...) +CVE-2006-2827 NOT-FOR-US: X-Cart -CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...) +CVE-2006-2826 NOT-FOR-US: PHPLIB -CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...) +CVE-2006-2825 NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool -CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...) +CVE-2006-2824 NOT-FOR-US: Logicalware -CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...) +CVE-2006-2823 NOT-FOR-US: ashopKart -CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...) +CVE-2006-2822 NOT-FOR-US: cforum -CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...) +CVE-2006-2821 NOT-FOR-US: DeltaScripts -CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...) +CVE-2006-2820 NOT-FOR-US: HotWebScripts -CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...) +CVE-2006-2819 NOT-FOR-US: Barnraiser Igloo -CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...) +CVE-2006-2818 NOT-FOR-US: Cameron McKay Informium -CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...) +CVE-2006-2817 NOT-FOR-US: tekno.Portal -CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2816 NOT-FOR-US: CoolPHP -CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...) +CVE-2006-2815 NOT-FOR-US: SimpleBoard -CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...) +CVE-2006-2814 NOT-FOR-US: iShopCart -CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...) +CVE-2006-2813 NOT-FOR-US: iShopCart -CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2812 NOT-FOR-US: PICRATE -CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...) +CVE-2006-2811 NOT-FOR-US: Ovidentia -CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...) +CVE-2006-2810 NOT-FOR-US: Belchior vCard -CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2809 NOT-FOR-US: ar-blog -CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...) +CVE-2006-2808 NOT-FOR-US: Lycos -CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...) +CVE-2006-2807 NOT-FOR-US: ASPwebSoft -CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...) +CVE-2006-2806 NOT-FOR-US: Apache James -CVE-2006-2842 (** DISPUTED ** ...) +CVE-2006-2842 - squirrelmail 2:1.4.7-1 (unimportant; bug #373731) NOTE: Only exploitable with register_globals enabled CVE-2006-XXXX [webalizer: symlink vulnerability] - webalizer 2.01.10-29 (low; bug #359745) [sarge] - webalizer (Minor issue) NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway -CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...) +CVE-2006-2805 NOT-FOR-US: vBulletin -CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...) +CVE-2006-2804 NOT-FOR-US: Goss iCM -CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...) +CVE-2006-2803 NOT-FOR-US: PHP ManualMaker -CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...) +CVE-2006-2802 {DSA-1105} - xine-lib 1.1.1-2 (bug #369876; medium) -CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...) +CVE-2006-2801 NOT-FOR-US: Unak CMS -CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...) +CVE-2006-2800 NOT-FOR-US: Unak CMS -CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...) +CVE-2006-2799 NOT-FOR-US: toendaCMS -CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-2798 NOT-FOR-US: phpCommunityCalendar -CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...) +CVE-2006-2797 NOT-FOR-US: phpCommunityCalendar -CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...) +CVE-2006-2796 NOT-FOR-US: Captivate gallery.php -CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...) +CVE-2006-2795 NOT-FOR-US: XiTi Tracking Script -CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...) +CVE-2006-2794 NOT-FOR-US: ASPSitem -CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...) +CVE-2006-2793 NOT-FOR-US: ASPSitem -CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...) +CVE-2006-2792 NOT-FOR-US: wbboard -CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...) +CVE-2006-2791 NOT-FOR-US: iBoutique.MALL -CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...) +CVE-2006-2790 NOT-FOR-US: Sun StorADE -CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if ...) +CVE-2006-2789 - evolution 2.4.0-1 (low) [sarge] - evolution (Not reproducible on Sarge's evolution) NOTE: Verified that the patch has been applied in 2.4.0-1, NOTE: may have been fixed earlier. -CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...) +CVE-2006-2788 {DSA-1210 DSA-1192-1 DSA-1191-1} - mozilla (high) - firefox 1.5.dfsg+1.5.0.4 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...) +CVE-2006-2787 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-31 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - thunderbird 1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) -CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...) +CVE-2006-2786 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-33 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - thunderbird 1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) -CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) +CVE-2006-2785 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-34 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) -CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...) +CVE-2006-2784 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-36 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - mozilla (medium) - xulrunner 1.8.0.4-1 (medium) -CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode ...) +CVE-2006-2783 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-42 - firefox 1.5.dfsg+1.5.0.4-1 (medium) @@ -10038,164 +10038,164 @@ CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode [lenny] - qt4-x11 (Minor impact, no apps in Lenny which use qtwebkit ) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected - kdelibs (bug #561765) -CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...) +CVE-2006-2782 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-41 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) -CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...) +CVE-2006-2781 {DSA-1134-1 DSA-1118} NOTE: MFSA-2006-40 - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) -CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...) +CVE-2006-2780 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-32 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...) +CVE-2006-2779 {DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-32 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...) +CVE-2006-2778 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-38 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...) +CVE-2006-2777 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-43 - firefox 1.5.dfsg+1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...) +CVE-2006-2776 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-37 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...) +CVE-2006-2775 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-35 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) -CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...) +CVE-2006-2774 NOT-FOR-US: QontentOne -CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...) +CVE-2006-2773 NOT-FOR-US: Hogstorps -CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...) +CVE-2006-2772 NOT-FOR-US: Hogstorps -CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...) +CVE-2006-2771 NOT-FOR-US: Hogstorps -CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...) +CVE-2006-2770 NOT-FOR-US: pppBLOG -CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...) +CVE-2006-2769 - snort 2.3.3-8 (low; bug #381726) [sarge] - snort (Minor impact) -CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...) +CVE-2006-2768 NOT-FOR-US: METAjour -CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...) +CVE-2006-2767 NOT-FOR-US: Ottoman -CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...) +CVE-2006-2766 NOT-FOR-US: Microsoft -CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...) +CVE-2006-2765 NOT-FOR-US: Interlink -CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...) +CVE-2006-2764 NOT-FOR-US: GuestbookXL -CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...) +CVE-2006-2763 NOT-FOR-US: Pre News Manager -CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...) +CVE-2006-2762 {DSA-1096-1} - webcalendar 1.0.4-1 (medium) -CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...) +CVE-2006-2761 NOT-FOR-US: Hitachi -CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...) +CVE-2006-2760 NOT-FOR-US: 4nForum -CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...) +CVE-2006-2759 - jetty (vulnerable code not in Debian version) -CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...) +CVE-2006-2758 - jetty (vulnerable code not in Debian version) -CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...) +CVE-2006-2757 NOT-FOR-US: Chipmunk guestbook -CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...) +CVE-2006-2756 NOT-FOR-US: Eitsop -CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...) +CVE-2006-2755 NOT-FOR-US: UBBThreads -CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...) +CVE-2006-2754 - openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant) NOTE: File is only written and read by slurpd, only editable by root -CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...) +CVE-2006-2752 NOT-FOR-US: RedCarpet -CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...) +CVE-2006-2751 NOT-FOR-US: OSIC -CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...) +CVE-2006-2750 NOT-FOR-US: OSIC -CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...) +CVE-2006-2749 NOT-FOR-US: OSIC -CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...) +CVE-2006-2748 NOT-FOR-US: OSIC -CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...) +CVE-2006-2747 NOT-FOR-US: PhpMyDesktop -CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile ...) +CVE-2006-2746 NOT-FOR-US: F@cile -CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile ...) +CVE-2006-2745 NOT-FOR-US: F@cile -CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...) +CVE-2006-2744 NOT-FOR-US: F@cile -CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...) +CVE-2006-2743 {DSA-1125} - drupal 4.5.8-1.1 (bug #368835; medium) -CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...) +CVE-2006-2742 {DSA-1125} - drupal 4.5.8-1.1 (medium) -CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...) +CVE-2006-2741 NOT-FOR-US: tinyBB -CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...) +CVE-2006-2740 NOT-FOR-US: tinyBB -CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...) +CVE-2006-2739 NOT-FOR-US: tinyBB -CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...) +CVE-2006-2738 NOT-FOR-US: Open-Xchange -CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...) +CVE-2006-2737 NOT-FOR-US: Nukedit -CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...) +CVE-2006-2736 NOT-FOR-US: Blend Portal -CVE-2006-2735 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2735 NOT-FOR-US: Amod -CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...) +CVE-2006-2734 NOT-FOR-US: Mini-Nuke -CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...) +CVE-2006-2733 NOT-FOR-US: Mini-Nuke -CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...) +CVE-2006-2732 NOT-FOR-US: Mini-Nuke -CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...) +CVE-2006-2731 NOT-FOR-US: Enigma Haber -CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...) +CVE-2006-2730 NOT-FOR-US: Hot Open Tickets -CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...) +CVE-2006-2729 NOT-FOR-US: Photoalbum -CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...) +CVE-2006-2728 NOT-FOR-US: Photoalbum -CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...) +CVE-2006-2727 NOT-FOR-US: Eggblog -CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...) +CVE-2006-2726 NOT-FOR-US: Fastpublish -CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...) +CVE-2006-2725 NOT-FOR-US: Eggblog -CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...) +CVE-2006-2724 NOT-FOR-US: PunBB -CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...) +CVE-2006-2723 - firefox 45.0-1 (unimportant) - firefox-esr 45.0esr-1 (unimportant) - iceweasel (unimportant) @@ -10203,132 +10203,132 @@ CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to - mozilla-firefox (unimportant) - xulrunner (unimportant) NOTE: Non-issue -CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...) +CVE-2006-2722 NOT-FOR-US: SelectaPix -CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...) +CVE-2006-2721 NOT-FOR-US: VARIOMAT -CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...) +CVE-2006-2720 NOT-FOR-US: VARIOMAT -CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...) +CVE-2006-2719 NOT-FOR-US: JIWA -CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...) +CVE-2006-2718 NOT-FOR-US: JIWA -CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...) +CVE-2006-2717 NOT-FOR-US: C5 EVM -CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...) +CVE-2006-2716 NOT-FOR-US: C5 EVM -CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...) +CVE-2006-2715 NOT-FOR-US: C5 EVM -CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...) +CVE-2006-2714 NOT-FOR-US: C5 EVM -CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...) +CVE-2006-2713 NOT-FOR-US: C5 EVM -CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...) +CVE-2006-2712 NOT-FOR-US: C5 EVM -CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...) +CVE-2006-2711 NOT-FOR-US: C5 EVM -CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...) +CVE-2006-2710 NOT-FOR-US: C5 EVM -CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...) +CVE-2006-2709 NOT-FOR-US: C5 EVM -CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...) +CVE-2006-2708 NOT-FOR-US: C5 EVM -CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...) +CVE-2006-2707 NOT-FOR-US: C5 EVM -CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...) +CVE-2006-2706 NOT-FOR-US: C5 EVM -CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...) +CVE-2006-2705 NOT-FOR-US: C5 EVM -CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...) +CVE-2006-2704 NOT-FOR-US: C5 EVM -CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...) +CVE-2006-2703 NOT-FOR-US: RedCarpet -CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...) +CVE-2006-2702 - wordpress 2.0.3-1 (bug #369014; medium) -CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...) +CVE-2006-2701 NOT-FOR-US: Geeklog -CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...) +CVE-2006-2700 NOT-FOR-US: Geeklog -CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...) +CVE-2006-2699 NOT-FOR-US: Geeklog -CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...) +CVE-2006-2698 NOT-FOR-US: Geeklog -CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...) +CVE-2006-2697 NOT-FOR-US: Easy-Content -CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...) +CVE-2006-2696 NOT-FOR-US: Easy-Content -CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...) +CVE-2006-2695 NOT-FOR-US: DGNews -CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...) +CVE-2006-2694 NOT-FOR-US: EzUpload -CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in ...) +CVE-2006-2693 NOT-FOR-US: Nivisec -CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...) +CVE-2006-2692 - amule 2.1.2-1 (medium) -CVE-2006-2691 (Unspecified "information leakage" vulnerabilities in aMuleWeb for ...) +CVE-2006-2691 - amule 2.1.2-1 (medium) -CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...) +CVE-2006-2690 NOT-FOR-US: EVA-Web -CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...) +CVE-2006-2689 NOT-FOR-US: EVA-Web -CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...) +CVE-2006-2688 NOT-FOR-US: Achievo -CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...) +CVE-2006-2687 NOT-FOR-US: AGTC -CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...) +CVE-2006-2686 NOT-FOR-US: ActionApps -CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...) +CVE-2006-2685 - acidbase 1.2.5-1 (bug #370576; low) -CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...) +CVE-2006-2684 NOT-FOR-US: Mundo -CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...) +CVE-2006-2683 NOT-FOR-US: open-medium -CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...) +CVE-2006-2682 NOT-FOR-US: Back-End -CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...) +CVE-2006-2681 NOT-FOR-US: SocketMail -CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...) +CVE-2006-2680 NOT-FOR-US: AZ Photo Album -CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...) +CVE-2006-2679 NOT-FOR-US: Cisco -CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...) +CVE-2006-2678 NOT-FOR-US: Pre News Manager -CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...) +CVE-2006-2677 NOT-FOR-US: SiteScape Forum -CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...) +CVE-2006-2676 NOT-FOR-US: SiteScape Forum -CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...) +CVE-2006-2675 NOT-FOR-US: UBBThreads -CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...) +CVE-2006-2674 NOT-FOR-US: Tamber Forum -CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...) +CVE-2006-2673 NOT-FOR-US: Elite-Board -CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...) +CVE-2006-2672 NOT-FOR-US: Realty Pro One -CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...) +CVE-2006-2671 NOT-FOR-US: ChatPat -CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 ...) +CVE-2006-2670 NOT-FOR-US: ChatPat -CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...) +CVE-2006-2669 NOT-FOR-US: Pre Shopping Mall -CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...) +CVE-2006-2668 NOT-FOR-US: Docebo LMS -CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...) +CVE-2006-2667 - wordpress 2.0.3-1 (bug #369014; medium) -CVE-2006-2666 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2666 NOT-FOR-US: V-Webmail -CVE-2006-2665 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2665 NOT-FOR-US: V-Webmail -CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...) +CVE-2006-2664 NOT-FOR-US: iFdate -CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...) +CVE-2006-2663 NOT-FOR-US: iFlance -CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...) +CVE-2006-2662 NOT-FOR-US: VMware Server -CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...) +CVE-2006-2661 {DSA-1095-1} - freetype 2.2.1-1 (medium) -CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...) +CVE-2006-2660 - php4 4:4.4.4-1 (unimportant) - php5 5.1.6-1 (unimportant) NOTE: using a long enough path (>MAXPATHLEN) allows you to have @@ -10337,81 +10337,81 @@ CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5 NOTE: could just as easily create the file manually, and if the NOTE: tempnam function is taking unsanitized input, it's an NOTE: application error -CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...) +CVE-2006-2658 - xsp 1.1.15-1 CVE-2006-2657 REJECTED -CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...) +CVE-2006-2655 NOT-FOR-US: build process for ypserv in FreeBSD -CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...) +CVE-2006-2654 NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE) -CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...) +CVE-2006-2653 NOT-FOR-US: D-Link -CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...) +CVE-2006-2652 NOT-FOR-US: WikiNi -CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...) +CVE-2006-2651 NOT-FOR-US: Vacation Rental Script -CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...) +CVE-2006-2650 NOT-FOR-US: CosmicShoppingCart -CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...) +CVE-2006-2649 NOT-FOR-US: CosmicShoppingCart -CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...) +CVE-2006-2648 NOT-FOR-US: ASPBB -CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...) +CVE-2006-2647 NOT-FOR-US: IBM AIX -CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...) +CVE-2006-2646 NOT-FOR-US: Alt-N MDaemon -CVE-2006-2645 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2645 NOT-FOR-US: Plume -CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...) +CVE-2006-2644 {DSA-1075-1} - awstats 6.5-2 (bug #365910) CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb] - mkvtoolnix 1.7.0-2 (bug #370144; low) CVE-2006-XXXX ['Cache' shell injection vulnerability] - wordpress 2.0.3-1 (high; bug #369014) -CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...) +CVE-2006-2753 {DSA-1092-1} - mysql-dfsg (Vulnerable code was introduced in 4.1, see #369741) - mysql (Vulnerable code was introduced in 4.1, see #369754) - mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium) - mysql-dfsg-4.1 (bug #369754; medium) -CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...) +CVE-2006-2659 {DSA-1101} - courier 0.53.2-1 (bug #368834) -CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...) +CVE-2006-2656 {DSA-1091-1} - tiff 3.8.2-3 (bug #369819; low) - tiff3 (fixed prior to initial upload) -CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...) +CVE-2006-2643 NOT-FOR-US: Monster Top List -CVE-2006-2642 (** UNVERIFIABLE ** ...) +CVE-2006-2642 NOT-FOR-US: Php-residence -CVE-2006-2641 (** UNVERIFIABLE ** ...) +CVE-2006-2641 NOT-FOR-US: John Frank Asset Manager -CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...) +CVE-2006-2640 NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) -CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...) +CVE-2006-2639 NOT-FOR-US: PHPSimpleChoose -CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...) +CVE-2006-2638 NOT-FOR-US: qjForum -CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...) +CVE-2006-2637 NOT-FOR-US: TuttoPhp -CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...) +CVE-2006-2636 NOT-FOR-US: Katy Whitton NewsCMSLite -CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...) +CVE-2006-2635 - tikiwiki 1.9.4-1 (medium) -CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...) +CVE-2006-2634 NOT-FOR-US: Neocrome Seditio -CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...) +CVE-2006-2633 NOT-FOR-US: Andrew Godwin ByteHoard -CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...) +CVE-2006-2632 NOT-FOR-US: Andrew Godwin ByteHoard -CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...) +CVE-2006-2631 NOT-FOR-US: phpFoX -CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...) +CVE-2006-2630 NOT-FOR-US: Symantec -CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...) +CVE-2006-2629 - linux-2.6 2.6.18-1 (low) CVE-2006-2628 RESERVED @@ -10433,39 +10433,39 @@ CVE-2006-2620 RESERVED CVE-2006-2619 RESERVED -CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...) +CVE-2006-2618 NOT-FOR-US: AlstraSoft Web Host Directory -CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...) +CVE-2006-2617 NOT-FOR-US: AlstraSoft Web Host Directory -CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...) +CVE-2006-2616 NOT-FOR-US: AlstraSoft Web Host Directory -CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...) +CVE-2006-2615 NOT-FOR-US: Russcom.Ping -CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...) +CVE-2006-2614 NOT-FOR-US: Sun Solaris -CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...) +CVE-2006-2613 NOTE: Installation path disclosure is uninteresting on Debian systems. NOTE: The profile path might be more sensitive, but exploit that NOTE: requires another, real security bug. -CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...) +CVE-2006-2612 NOT-FOR-US: Novell Client for Windows NOTE: The Windows clipboard is a public resource anyway. -CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...) +CVE-2006-2611 - mediawiki1.7 (Fixed in 1.7 prior to release) - mediawiki1.5 -CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...) +CVE-2006-2610 NOT-FOR-US: phpRaid -CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...) +CVE-2006-2609 NOT-FOR-US: artmedic newsletter -CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...) +CVE-2006-2608 NOT-FOR-US: artmedic newsletter CVE-2006-XXXX [mono xsp file disclosure] - xsp 1.1.15-1 (medium) -CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...) +CVE-2006-2607 - cron 3.0pl1-64 (bug #85609; bug #86775; medium) -CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...) +CVE-2006-2606 NOT-FOR-US: Chatty -CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...) +CVE-2006-2605 NOT-FOR-US: DSChat CVE-2006-2604 REJECTED @@ -10491,284 +10491,284 @@ CVE-2006-2594 REJECTED CVE-2006-2593 REJECTED -CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...) +CVE-2006-2592 NOT-FOR-US: DSChat -CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...) +CVE-2006-2591 NOT-FOR-US: e107 -CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...) +CVE-2006-2590 NOT-FOR-US: e107 -CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...) +CVE-2006-2589 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...) +CVE-2006-2588 NOT-FOR-US: Russcom PHPImages -CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...) +CVE-2006-2587 NOT-FOR-US: WebTool HTTP server -CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...) +CVE-2006-2586 NOT-FOR-US: IpLogger -CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows ...) +CVE-2006-2585 NOT-FOR-US: Destiney Links Script -CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) +CVE-2006-2584 NOT-FOR-US: SkyeBox -CVE-2006-2583 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2583 NOT-FOR-US: Nucleus -CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote ...) +CVE-2006-2582 NOT-FOR-US: RWiki -CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...) +CVE-2006-2581 NOT-FOR-US: RWiki -CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...) +CVE-2006-2580 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...) +CVE-2006-2579 NOT-FOR-US: HP OpenView Storage Data Protector -CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...) +CVE-2006-2578 NOT-FOR-US: eSyndicat Directory -CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) +CVE-2006-2577 NOT-FOR-US: Docebo -CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) +CVE-2006-2576 NOT-FOR-US: Docebo -CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...) +CVE-2006-2575 - netpanzer 0.8+svn20060319-2 (bug #370146; low) [sarge] - netpanzer (Minor DoS against a game) -CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...) +CVE-2006-2574 NOT-FOR-US: Software Distributor in HP-UX -CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...) +CVE-2006-2573 NOT-FOR-US: DGBook -CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...) +CVE-2006-2572 NOT-FOR-US: DGBook -CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...) +CVE-2006-2571 NOT-FOR-US: Alkacon OpenCms -CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...) +CVE-2006-2570 NOT-FOR-US: CaLogic Calendars -CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...) +CVE-2006-2569 NOT-FOR-US: Linklist -CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...) +CVE-2006-2568 NOT-FOR-US: UBB.threads -CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...) +CVE-2006-2567 NOT-FOR-US: Alstrasoft Article Manager Pro -CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...) +CVE-2006-2566 NOT-FOR-US: Alstrasoft Article Manager Pro -CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...) +CVE-2006-2565 NOT-FOR-US: Alstrasoft Article Manager Pro -CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2564 NOT-FOR-US: Alstrasoft Article Manager Pro -CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...) +CVE-2006-2563 - php4 4:4.4.4-1 (bug #370166; unimportant) - php5 5.1.6-1 (bug #370165; unimportant) NOTE: Safe mode violations are not supported -CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...) +CVE-2006-2562 NOT-FOR-US: ZyXEL P-335WT router -CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...) +CVE-2006-2561 NOT-FOR-US: Edimax BR-6104K router -CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...) +CVE-2006-2560 NOT-FOR-US: Sitecom WL-153 router -CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...) +CVE-2006-2559 NOT-FOR-US: Linksys WRT54G router -CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...) +CVE-2006-2558 NOT-FOR-US: IpLogger -CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...) +CVE-2006-2557 NOT-FOR-US: Newsportal -CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...) +CVE-2006-2556 - newsportal (bug #149069) NOTE: RFP #149069 closed after no activity since too long time -CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...) +CVE-2006-2555 NOT-FOR-US: Genecys -CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...) +CVE-2006-2554 NOT-FOR-US: Genecys -CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...) +CVE-2006-2553 NOT-FOR-US: DownloadControl -CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...) +CVE-2006-2552 NOT-FOR-US: DownloadControl -CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...) +CVE-2006-2551 NOT-FOR-US: HP-UX -CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...) +CVE-2006-2550 NOT-FOR-US: perlpodder -CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...) +CVE-2006-2549 NOT-FOR-US: PDF Form Filling and Flattening Tool -CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...) +CVE-2006-2548 NOT-FOR-US: prodder/perlpodder -CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...) +CVE-2006-2547 NOT-FOR-US: Sap -CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...) +CVE-2006-2546 NOT-FOR-US: BEA -CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...) +CVE-2006-2545 NOT-FOR-US: Xtreme Topsites -CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...) +CVE-2006-2544 NOT-FOR-US: Xtreme Topsites -CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...) +CVE-2006-2543 NOT-FOR-US: Xtreme Topsites -CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...) +CVE-2006-2542 {DSA-1086-1} - xmcd 2.6-17.2 (bug #366816; medium) -CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...) +CVE-2006-2541 NOT-FOR-US: Zixforum -CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...) +CVE-2006-2540 NOT-FOR-US: Diesel -CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...) +CVE-2006-2539 NOT-FOR-US: Sybase -CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...) +CVE-2006-2538 NOT-FOR-US: Windows-only Firefox plugin -CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...) +CVE-2006-2537 NOT-FOR-US: *BOR -CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...) +CVE-2006-2536 NOT-FOR-US: Destiney -CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...) +CVE-2006-2535 NOT-FOR-US: Destiney -CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...) +CVE-2006-2534 NOT-FOR-US: Destiney -CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...) +CVE-2006-2533 NOT-FOR-US: Destiney -CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...) +CVE-2006-2532 NOT-FOR-US: Destiney -CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity ...) +CVE-2006-2531 NOT-FOR-US: Ipswitch -CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...) +CVE-2006-2530 NOT-FOR-US: Snitz mod -CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...) +CVE-2006-2529 - knowledgeroot (fixed before first upload; see bug #381912) -CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...) +CVE-2006-2528 NOT-FOR-US: phpBazar -CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...) +CVE-2006-2527 NOT-FOR-US: phpBazar -CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...) +CVE-2006-2526 NOT-FOR-US: PHP Easy Galerie -CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...) +CVE-2006-2525 NOT-FOR-US: UseBB -CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...) +CVE-2006-2524 NOT-FOR-US: UseBB -CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...) +CVE-2006-2523 NOT-FOR-US: phpListPro -CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...) +CVE-2006-2522 NOT-FOR-US: Dayfox -CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...) +CVE-2006-2521 NOT-FOR-US: phpMyDirectory -CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...) +CVE-2006-2520 NOT-FOR-US: BitZipper -CVE-2006-2519 (Directory traversal vulnerability in ...) +CVE-2006-2519 NOT-FOR-US: phpwcms -CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...) +CVE-2006-2518 NOT-FOR-US: phpwcms -CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...) +CVE-2006-2517 NOT-FOR-US: MyWeb -CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...) +CVE-2006-2516 NOT-FOR-US: XOOPS -CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...) +CVE-2006-2515 NOT-FOR-US: Hiox -CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...) +CVE-2006-2514 NOT-FOR-US: Coppermine -CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...) +CVE-2006-2513 NOT-FOR-US: Sun -CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...) +CVE-2006-2512 NOT-FOR-US: Hitachi -CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...) +CVE-2006-2511 NOT-FOR-US: FrontRange -CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...) +CVE-2006-2510 NOT-FOR-US: YourFreeWorld.com -CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...) +CVE-2006-2509 NOT-FOR-US: YourFreeWorld.com -CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...) +CVE-2006-2508 NOT-FOR-US: YourFreeWorld.com -CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...) +CVE-2006-2507 NOT-FOR-US: phpbb2 mod -CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) +CVE-2006-2506 NOT-FOR-US: Sphider -CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...) +CVE-2006-2505 NOT-FOR-US: Oracle -CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...) +CVE-2006-2504 NOT-FOR-US: AZBOARD -CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...) +CVE-2006-2503 NOT-FOR-US: DeluxeBB -CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...) +CVE-2006-2502 - cyrus-imapd-2.2 (Vulnerable code not present) -CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...) +CVE-2006-2501 NOT-FOR-US: Sun -CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...) +CVE-2006-2500 NOT-FOR-US: CodeAvalanche News -CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...) +CVE-2006-2499 NOT-FOR-US: CodeAvalanche News -CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...) +CVE-2006-2498 NOT-FOR-US: Invision -CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...) +CVE-2006-2497 NOT-FOR-US: AspBB -CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...) +CVE-2006-2496 NOT-FOR-US: Novell -CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...) +CVE-2006-2495 - serendipity 1.0-1 -CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...) +CVE-2006-2494 NOT-FOR-US: IntelliTampe CVE-2006-2493 REJECTED -CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, ...) +CVE-2006-2492 NOT-FOR-US: Microsoft -CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...) +CVE-2006-2491 NOT-FOR-US: BoastMachine -CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...) +CVE-2006-2490 NOT-FOR-US: Mobotix -CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...) +CVE-2006-2489 {DSA-1072-1} - nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high) - nagios2 2.3-1 (bug #366683; bug #368199; high) -CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...) +CVE-2006-2488 NOT-FOR-US: Spymac -CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...) +CVE-2006-2487 NOT-FOR-US: ScozNews -CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...) +CVE-2006-2486 NOT-FOR-US: YapBB -CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...) +CVE-2006-2485 NOT-FOR-US: Quezza -CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp ...) +CVE-2006-2484 NOT-FOR-US: IceWarp -CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...) +CVE-2006-2483 NOT-FOR-US: Squirrelcart -CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...) +CVE-2006-2482 NOT-FOR-US: ZipTV -CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...) +CVE-2006-2481 NOT-FOR-US: VMware ESX -CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...) +CVE-2006-2480 - dia 0.95.0-4 (bug #368202; low) [sarge] - dia (Hardly exploitable, would require obviously malformed file names) -CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) +CVE-2006-2479 NOT-FOR-US: Bitrix -CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) +CVE-2006-2478 NOT-FOR-US: Bitrix -CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...) +CVE-2006-2477 NOT-FOR-US: Bitrix -CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...) +CVE-2006-2476 NOT-FOR-US: Bitrix -CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...) +CVE-2006-2475 NOT-FOR-US: Cosmoshop -CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...) +CVE-2006-2474 NOT-FOR-US: Cosmoshop -CVE-2006-2473 (** DISPUTED ** ...) +CVE-2006-2473 NOT-FOR-US: OpenWiki -CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...) +CVE-2006-2472 NOT-FOR-US: BEA -CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...) +CVE-2006-2471 NOT-FOR-US: BEA -CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...) +CVE-2006-2470 NOT-FOR-US: BEA -CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...) +CVE-2006-2469 NOT-FOR-US: BEA -CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...) +CVE-2006-2468 NOT-FOR-US: BEA -CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...) +CVE-2006-2467 NOT-FOR-US: BEA -CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...) +CVE-2006-2466 NOT-FOR-US: BEA -CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) +CVE-2006-2465 - mp3info 0.8.4-9.1 (bug #368207; low) [sarge] - mp3info (Hardly exploitable) -CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...) +CVE-2006-2464 NOT-FOR-US: BEA -CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) +CVE-2006-2463 NOT-FOR-US: SelectaPix -CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...) +CVE-2006-2462 NOT-FOR-US: BEA -CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...) +CVE-2006-2461 NOT-FOR-US: BEA -CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...) +CVE-2006-2460 - sugarcrm-ce-5.0 (bug #457876) -CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...) +CVE-2006-2459 NOT-FOR-US: PHP-Fusion -CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...) +CVE-2006-2458 {DSA-1081-1} - libextractor 0.5.14-1 CVE-2006-2457 @@ -10779,305 +10779,305 @@ CVE-2006-2455 RESERVED CVE-2006-2454 RESERVED -CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...) +CVE-2006-2453 - dia 0.95.0-4 (bug #368202; medium) [sarge] - dia (Hardly exploitable, would require obviously malformed file names) -CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature ...) +CVE-2006-2452 - gdm 2.16.1-1 (bug #375281; medium) [sarge] - gdm (Vulnerable code has only been introduced with 2.8) -CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...) +CVE-2006-2451 - linux-2.6 2.6.17-3 (high) -CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass ...) +CVE-2006-2450 - libvncserver 0.8.2-1 (high; bug #376824) -CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...) +CVE-2006-2449 {DSA-1156} - kdebase 4:3.5.2-2 (bug #374002; medium) -CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...) +CVE-2006-2448 - linux-2.6 2.6.16-15 -CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...) +CVE-2006-2447 {DSA-1090-1} - spamassassin 3.1.3-1 (medium) -CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...) +CVE-2006-2446 {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.16-1 NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the NOTE: patch is included there -CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...) +CVE-2006-2445 - linux-2.6 2.6.16-15 -CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...) +CVE-2006-2444 {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.16-15 -CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...) +CVE-2006-2442 {DSA-1062-1} - kphone 1:4.2-3 (bug #337830; medium) -CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...) +CVE-2006-2439 NOT-FOR-US: ZipCentral -CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...) +CVE-2006-2438 NOT-FOR-US: Caucho -CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...) +CVE-2006-2437 NOT-FOR-US: Caucho -CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...) +CVE-2006-2436 NOT-FOR-US: IBM -CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...) +CVE-2006-2435 NOT-FOR-US: IBM -CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...) +CVE-2006-2434 NOT-FOR-US: IBM -CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...) +CVE-2006-2433 NOT-FOR-US: IBM -CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...) +CVE-2006-2432 NOT-FOR-US: IBM -CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server ...) +CVE-2006-2431 NOT-FOR-US: IBM -CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...) +CVE-2006-2430 NOT-FOR-US: IBM -CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...) +CVE-2006-2429 NOT-FOR-US: IBM -CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...) +CVE-2006-2428 NOT-FOR-US: Duware -CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...) +CVE-2006-2427 - clamav (clamav-freshclam doesn't ship freshclam setuid or setgid) -CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...) +CVE-2006-2426 {DSA-1769-1} - sun-java5 1.5.0-10-1 (bug #384734) - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 (Non-free not supported) - openjdk-6 6b14-1.5~pre1-3 (bug #566766) -CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...) +CVE-2006-2425 NOT-FOR-US: phpRemoteView -CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...) +CVE-2006-2424 NOT-FOR-US: ezUserManager -CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...) +CVE-2006-2423 NOT-FOR-US: Confixx -CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...) +CVE-2006-2422 NOT-FOR-US: phpCOIN -CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...) +CVE-2006-2421 NOT-FOR-US: Pragma -CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...) +CVE-2006-2420 NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it." - bugzilla (unimportant) -CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...) +CVE-2006-2419 NOT-FOR-US: Directory Listing Script -CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...) +CVE-2006-2418 {DSA-1207-1} - phpmyadmin 4:2.8.1-1 (bug #368082; medium) -CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...) +CVE-2006-2417 - phpmyadmin 4:2.8.1-1 (bug #368082; medium) [sarge] - phpmyadmin (Vulnerable code not present) -CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...) +CVE-2006-2416 NOT-FOR-US: e107 -CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...) +CVE-2006-2415 NOT-FOR-US: FlexChat -CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...) +CVE-2006-2414 {DSA-1080-1} - dovecot 1.0.beta8-1 (low) [sarge] - dovecot (vulnerability introduced in 1.0) -CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...) +CVE-2006-2413 - gnunet 0.7.0e-1 (bug #368159; medium) [sarge] - gnunet (according to maintainer) -CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...) +CVE-2006-2412 NOT-FOR-US: Raydium -CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...) +CVE-2006-2411 NOT-FOR-US: Raydium -CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...) +CVE-2006-2410 NOT-FOR-US: Raydium -CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...) +CVE-2006-2409 NOT-FOR-US: Raydium -CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...) +CVE-2006-2408 NOT-FOR-US: Raydium -CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...) +CVE-2006-2407 NOT-FOR-US: ActiveX component -CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...) +CVE-2006-2406 NOT-FOR-US: Unclassified NewsBoard -CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...) +CVE-2006-2405 NOT-FOR-US: Unclassified NewsBoard -CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...) +CVE-2006-2404 NOT-FOR-US: RadScripts -CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...) +CVE-2006-2403 - filezilla (fixed before the first Debian upload) -CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...) +CVE-2006-2402 NOT-FOR-US: Outgun -CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...) +CVE-2006-2401 NOT-FOR-US: Outgun -CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...) +CVE-2006-2400 NOT-FOR-US: Outgun -CVE-2006-2399 (Stack-based buffer overflow in the ...) +CVE-2006-2399 NOT-FOR-US: Outgun -CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...) +CVE-2006-2398 NOT-FOR-US: GPhotos web gallery -CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...) +CVE-2006-2397 NOT-FOR-US: GPhotos web gallery -CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...) +CVE-2006-2396 NOT-FOR-US: phpODP -CVE-2006-2395 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2395 NOT-FOR-US: PopPhoto -CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...) +CVE-2006-2394 NOT-FOR-US: PHP Live Support -CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...) +CVE-2006-2393 NOT-FOR-US: Debian's 'empire' is a different game -CVE-2006-2392 (PHP remote file inclusion vulnerability in ...) +CVE-2006-2392 NOT-FOR-US: PHP Blue Dragon Platinum -CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...) +CVE-2006-2391 NOT-FOR-US: EMC Retrospect -CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...) +CVE-2006-2390 NOT-FOR-US: OZJournals -CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) +CVE-2006-2389 NOT-FOR-US: Microsoft -CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...) +CVE-2006-2388 NOT-FOR-US: Microsoft -CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) +CVE-2006-2387 NOT-FOR-US: Microsoft -CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier ...) +CVE-2006-2386 NOT-FOR-US: Microsoft -CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...) +CVE-2006-2385 NOT-FOR-US: Microsoft -CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows ...) +CVE-2006-2384 NOT-FOR-US: Microsoft -CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...) +CVE-2006-2383 NOT-FOR-US: Microsoft -CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...) +CVE-2006-2382 NOT-FOR-US: Microsoft CVE-2006-2381 REJECTED -CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...) +CVE-2006-2380 NOT-FOR-US: Microsoft -CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...) +CVE-2006-2379 NOT-FOR-US: Microsoft -CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...) +CVE-2006-2378 NOT-FOR-US: Microsoft CVE-2006-2377 REJECTED -CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering ...) +CVE-2006-2376 NOT-FOR-US: Microsoft CVE-2006-2375 REJECTED -CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...) +CVE-2006-2374 NOT-FOR-US: Microsoft -CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...) +CVE-2006-2373 NOT-FOR-US: Microsoft -CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...) +CVE-2006-2372 NOT-FOR-US: Microsoft -CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...) +CVE-2006-2371 NOT-FOR-US: Microsoft -CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...) +CVE-2006-2370 NOT-FOR-US: Microsoft -CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...) +CVE-2006-2369 - vnc4 4.1.1+X4.3.0-10 (high) [sarge] - vnc4 (vuln not in 4.0) -CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) +CVE-2006-2368 NOT-FOR-US: Clansys -CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) +CVE-2006-2367 NOT-FOR-US: Clansys -CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...) +CVE-2006-2366 - libopenobex 1.2-3 (bug #366484) -CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...) +CVE-2006-2365 NOT-FOR-US: Vizra -CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...) +CVE-2006-2364 NOT-FOR-US: Macromedia -CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) +CVE-2006-2363 NOT-FOR-US: Limbo -CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...) +CVE-2006-2362 - binutils 2.17-1 (low; bug #368237) [sarge] - binutils (Very minor issue) -CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...) +CVE-2006-2361 NOT-FOR-US: phpbb mod -CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...) +CVE-2006-2360 NOT-FOR-US: phpbb mod -CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...) +CVE-2006-2359 NOT-FOR-US: phpbb mod CVE-2006-2192 RESERVED -CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...) +CVE-2006-2358 NOT-FOR-US: Web Labs CMS -CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...) +CVE-2006-2357 NOT-FOR-US: Ipswitch WhatsUp -CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...) +CVE-2006-2356 NOT-FOR-US: Ipswitch WhatsUp -CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...) +CVE-2006-2355 NOT-FOR-US: Ipswitch WhatsUp -CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...) +CVE-2006-2354 NOT-FOR-US: Ipswitch WhatsUp -CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...) +CVE-2006-2353 NOT-FOR-US: Ipswitch WhatsUp -CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) +CVE-2006-2352 NOT-FOR-US: Ipswitch WhatsUp -CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) +CVE-2006-2351 NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2350 REJECTED -CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) +CVE-2006-2349 NOT-FOR-US: E-Business Designer -CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...) +CVE-2006-2348 NOT-FOR-US: E-Business Designer -CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) +CVE-2006-2347 NOT-FOR-US: E-Business Designer -CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...) +CVE-2006-2346 - vpopmail (vulnerability introduced in 5.4.14) NOTE: Unable to reach CVS to determine if prior versions are affected NOTE: Micah will return to this one -CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...) +CVE-2006-2345 NOT-FOR-US: AliPAGER -CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...) +CVE-2006-2344 NOT-FOR-US: AliPAGER -CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) +CVE-2006-2343 NOT-FOR-US: ManageEngine OpManager -CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...) +CVE-2006-2342 NOT-FOR-US: IBM WebSphere Application Server -CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...) +CVE-2006-2341 NOT-FOR-US: Symantec Gateway Security -CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...) +CVE-2006-2340 NOT-FOR-US: PassMasterFlex -CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...) +CVE-2006-2339 NOT-FOR-US: evoTopsites -CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain ...) +CVE-2006-2338 NOT-FOR-US: PlaNet -CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...) +CVE-2006-2337 NOT-FOR-US: D-Link -CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...) +CVE-2006-2336 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...) +CVE-2006-2335 NOT-FOR-US: vBulletin -CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...) +CVE-2006-2334 NOT-FOR-US: Windows -CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) +CVE-2006-2333 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...) +CVE-2006-2332 NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there - firefox 1.5.dfsg+1.5.0.3-2 -CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...) +CVE-2006-2331 NOT-FOR-US: PHP-Fusion -CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...) +CVE-2006-2330 NOT-FOR-US: PHP-Fusion -CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...) +CVE-2006-2329 NOT-FOR-US: AngelineCMS -CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...) +CVE-2006-2328 NOT-FOR-US: AngelineCMS -CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) ...) +CVE-2006-2327 NOT-FOR-US: Novell -CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info ...) +CVE-2006-2326 NOT-FOR-US: OnlyScript.info -CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2006-2325 NOT-FOR-US: OnlyScript.info -CVE-2006-2324 (180solutions Zango downloads "required Adware components" without ...) +CVE-2006-2324 NOT-FOR-US: 180solutions -CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft ...) +CVE-2006-2323 NOT-FOR-US: SmartISoft -CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...) +CVE-2006-2322 NOT-FOR-US: Cisco -CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science ...) +CVE-2006-2321 NOT-FOR-US: Ideal Science -CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB ...) +CVE-2006-2320 NOT-FOR-US: Ideal Science -CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...) +CVE-2006-2319 NOT-FOR-US: Ideal Science -CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a ...) +CVE-2006-2318 NOT-FOR-US: Ideal Science -CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...) +CVE-2006-2317 NOT-FOR-US: Ideal Science -CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...) +CVE-2006-2316 NOT-FOR-US: Intel Windows software -CVE-2006-2315 (** DISPUTED ** ...) +CVE-2006-2315 NOT-FOR-US: ISPConfig -CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...) +CVE-2006-2314 {DSA-1087-1} - postgresql 7.5.4 (medium; bug #368645) - postgresql-7.4 1:7.4.13-1 (medium) @@ -11093,7 +11093,7 @@ CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before . NOTE: pygresql 1:3.8-1.1 (bug #369239) NOTE: dovecot 1.0.beta8-3 (bug #369359) NOTE: postfix 2.2.10-2 (bug #369349) -CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...) +CVE-2006-2313 {DSA-1087-1} - postgresql 7.5.4 (high; bug #368645) - postgresql-7.4 1:7.4.13-1 (high) @@ -11101,459 +11101,459 @@ CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before . NOTE: Beginning with version 7.5.4, postgresql is a transition NOTE: package which does not contain actual code. That's why NOTE: it's marked as fixed here. (Previous versions are vulnerable.) -CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...) +CVE-2006-2312 NOT-FOR-US: Skype -CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...) +CVE-2006-2311 NOT-FOR-US: BlueDragon Server and Server JX -CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...) +CVE-2006-2310 NOT-FOR-US: BlueDragon Server and Server JX -CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...) +CVE-2006-2309 NOT-FOR-US: EServ -CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...) +CVE-2006-2308 NOT-FOR-US: EServ -CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...) +CVE-2006-2307 NOT-FOR-US: Website Baker -CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...) +CVE-2006-2306 NOT-FOR-US: EPublisherPro -CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...) +CVE-2006-2305 NOT-FOR-US: Jadu -CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in ...) +CVE-2006-2304 NOT-FOR-US: Novell software for Windows -CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...) +CVE-2006-2303 NOT-FOR-US: Windows ICQ client -CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...) +CVE-2006-2302 NOT-FOR-US: DUGallery -CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...) +CVE-2006-2301 NOT-FOR-US: OzzyWork -CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...) +CVE-2006-2300 NOT-FOR-US: EImagePro CVE-2006-2299 RESERVED -CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...) +CVE-2006-2298 NOT-FOR-US: Solaris -CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...) +CVE-2006-2297 NOT-FOR-US: Microsoft Infotech Storage System -CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...) +CVE-2006-2296 NOT-FOR-US: EDirectoryPro -CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...) +CVE-2006-2295 NOT-FOR-US: Dynamic Galerie -CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...) +CVE-2006-2294 NOT-FOR-US: Dynamic Galerie -CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...) +CVE-2006-2293 NOT-FOR-US: MultiCalendars -CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...) +CVE-2006-2292 NOT-FOR-US: IA-Calendar -CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...) +CVE-2006-2291 NOT-FOR-US: IA-Calendar -CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...) +CVE-2006-2290 NOT-FOR-US: 2005-Comments-Script -CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...) +CVE-2006-2289 - avahi 0.6.10-1 (medium) -CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...) +CVE-2006-2288 - avahi 0.6.10-1 (low) -CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...) +CVE-2006-2287 NOT-FOR-US: Vision Source -CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...) +CVE-2006-2286 NOT-FOR-US: Dokeos -CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...) +CVE-2006-2285 NOT-FOR-US: Dokeos -CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) +CVE-2006-2284 NOT-FOR-US: Claroline -CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...) +CVE-2006-2283 NOT-FOR-US: phpRaid -CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...) +CVE-2006-2282 NOT-FOR-US: X7 Chat -CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute ...) +CVE-2006-2281 NOT-FOR-US: X-Scripts X-Poll -CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...) +CVE-2006-2280 NOT-FOR-US: openEngine -CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...) +CVE-2006-2279 NOT-FOR-US: SaphpLesson -CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...) +CVE-2006-2278 NOT-FOR-US: SaphpLesson -CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...) +CVE-2006-2277 NOT-FOR-US: Apple Mac OS X -CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...) +CVE-2006-2276 {DSA-1059-1} - quagga 0.99.4-1 (bug #366980; low) -CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...) +CVE-2006-2275 - linux-2.6 2.6.16-13 -CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...) +CVE-2006-2274 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 -CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka ...) +CVE-2006-2273 NOT-FOR-US: Verisign -CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...) +CVE-2006-2272 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 -CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...) +CVE-2006-2271 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 -CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...) +CVE-2006-2270 NOT-FOR-US: Jetbox CMS -CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...) +CVE-2006-2269 NOT-FOR-US: myWebland MyBloggie -CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...) +CVE-2006-2268 NOT-FOR-US: FlexCustomer -CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...) +CVE-2006-2267 NOT-FOR-US: Kerio WinRoute Firewall -CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...) +CVE-2006-2266 NOT-FOR-US: Chirpy! -CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...) +CVE-2006-2265 NOT-FOR-US: Ocean12 Calendar Manager Pro -CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...) +CVE-2006-2264 NOT-FOR-US: Ocean12 Calendar Manager Pro -CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...) +CVE-2006-2263 NOT-FOR-US: VP-ASP -CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) +CVE-2006-2262 NOT-FOR-US: singapore -CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...) +CVE-2006-2261 NOT-FOR-US: ACal -CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...) +CVE-2006-2260 - drupal (bug #366947) -CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...) +CVE-2006-2259 NOT-FOR-US: MaxxSchedule -CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...) +CVE-2006-2258 NOT-FOR-US: MaxxSchedule -CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...) +CVE-2006-2257 NOT-FOR-US: easyEvent -CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...) +CVE-2006-2256 NOT-FOR-US: EQdkp -CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...) +CVE-2006-2255 NOT-FOR-US: Creative Community Portal -CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...) +CVE-2006-2254 NOT-FOR-US: FileCOPA -CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...) +CVE-2006-2253 NOT-FOR-US: Statit -CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...) +CVE-2006-2252 NOT-FOR-US: OpenFAQ -CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...) +CVE-2006-2251 NOT-FOR-US: Invision Community Blog -CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...) +CVE-2006-2250 NOT-FOR-US: CuteNews -CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) +CVE-2006-2249 NOT-FOR-US: CuteNews -CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...) +CVE-2006-2248 NOT-FOR-US: Xeneo Web Server -CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...) +CVE-2006-2247 {DSA-1056-1} - webcalendar 1.0.2-2.2 (medium; bug #366927) -CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...) +CVE-2006-2246 NOT-FOR-US: UBlog -CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...) +CVE-2006-2245 NOT-FOR-US: Auction mod 1.3m for phpBB -CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...) +CVE-2006-2244 NOT-FOR-US: Web4Future News Portal -CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...) +CVE-2006-2243 NOT-FOR-US: Web4Future News Portal -CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...) +CVE-2006-2242 NOT-FOR-US: acFTP -CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...) +CVE-2006-2241 NOT-FOR-US: Fast Click SQL Lite -CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...) +CVE-2006-2240 NOT-FOR-US: Fujitsu NetShelter/FW -CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...) +CVE-2006-2239 NOT-FOR-US: Newsadmin -CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) +CVE-2006-2238 NOT-FOR-US: Apple -CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...) +CVE-2006-2237 {DSA-1058-1} - awstats 6.5-2 (bug #365909; bug #365910; medium) -CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...) +CVE-2006-2236 - tremulous 1.1.0-6 (bug #660827) [squeeze] - tremulous 1.1.0-7~squeeze1 - ioquake3 1.36+svn1788j-1 -CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...) +CVE-2006-2235 NOT-FOR-US: Simple Poll -CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...) +CVE-2006-2234 NOT-FOR-US: TyroCMS -CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...) +CVE-2006-2233 NOT-FOR-US: BankTown Client Control -CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...) +CVE-2006-2232 NOT-FOR-US: Scriptsez Cute Guestbook -CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...) +CVE-2006-2231 NOT-FOR-US: Big Webmaster Guestbook Script -CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...) +CVE-2006-2230 {DSA-1093-1} - xine-ui 0.99.4-2 (medium; bug #363370; bug #372172) -CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...) +CVE-2006-2229 - openvpn (unimportant) NOTE: One needs to explicitly set the IP to something else than 127.0.0.1 NOTE: in order to be vulnerable. The man page recommends not to do it. -CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...) +CVE-2006-2228 NOT-FOR-US: Web-Agora -CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...) +CVE-2006-2227 NOT-FOR-US: PunBB -CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows ...) +CVE-2006-2226 NOT-FOR-US: Easy Personal FTP Server -CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...) +CVE-2006-2225 NOT-FOR-US: Easy Personal FTP Server -CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...) +CVE-2006-2224 {DSA-1059-1} - quagga 0.99.3-2 (bug #365940; medium) -CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...) +CVE-2006-2223 {DSA-1059-1} - quagga 0.99.3-2 (bug #365940; medium) -CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, ...) +CVE-2006-2222 NOT-FOR-US: zawhttpd -CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...) +CVE-2006-2221 - ejabberd (only binary distribution is affected) -CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...) +CVE-2006-2220 - phpbb2 (unimportant) NOTE: SQL query disclosure -CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...) +CVE-2006-2219 - phpbb2 (unimportant) NOTE: path disclosure -CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...) +CVE-2006-2218 NOT-FOR-US: MS IE -CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...) +CVE-2006-2217 NOT-FOR-US: Invision Power Board -CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...) +CVE-2006-2216 NOT-FOR-US: OpenBB CVE-2006-2215 REJECTED CVE-2006-XXXX [cyrus-imapd allows user probes] - cyrus-imapd-2.2 2.2.13-3 - kolab-cyrus-imapd 2.2.13-1 -CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...) +CVE-2006-2214 NOT-FOR-US: 4images -CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...) +CVE-2006-2213 {DSA-1065-1} - hostapd 1:0.5.0-1 (bug #365897; high) -CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...) +CVE-2006-2212 NOT-FOR-US: KarjaSoft Sami FTP Server -CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...) +CVE-2006-2211 NOT-FOR-US: 321soft PhP-Gallery -CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft ...) +CVE-2006-2210 NOT-FOR-US: 321soft PhP-Gallery -CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena ...) +CVE-2006-2209 NOT-FOR-US: paCheckBook -CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...) +CVE-2006-2208 NOT-FOR-US: paCheckBook CVE-2006-2207 RESERVED -CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 ...) +CVE-2006-2206 NOT-FOR-US: UltraVNC -CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...) +CVE-2006-2205 NOT-FOR-US: NetBSD kernel -CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...) +CVE-2006-2204 NOT-FOR-US: Invision Power Board -CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...) +CVE-2006-2203 NOT-FOR-US: Kerio MailServer -CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...) +CVE-2006-2202 NOT-FOR-US: Invision Gallery -CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager ...) +CVE-2006-2201 NOT-FOR-US: CA Resource Initialization Manager -CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...) +CVE-2006-2200 - libmms 0.2-7 (bug #374577; medium) - mimms 2.0.0-1 (bug #374577; medium) - xine-lib 1.1.2-2 (bug #374577; unimportant) NOTE: Not exploitable within xine, as alloced buffer are large enough -CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...) +CVE-2006-2199 {DSA-1104} - openoffice.org 2.0.3-1 -CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before ...) +CVE-2006-2198 {DSA-1104} - openoffice.org 2.0.3-1 -CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...) +CVE-2006-2197 {DSA-1100} - wv2 0.2.2-6 (medium) -CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...) +CVE-2006-2196 {DSA-1102} - pinball 0.3.1-6 -CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...) +CVE-2006-2195 {DSA-1099-1 DSA-1098-1} - horde3 3.1.1-3 -CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...) +CVE-2006-2194 {DSA-1106} - ppp 2.4.4rel-1 (medium) -CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...) +CVE-2006-2193 {DSA-1091-1} - tiff 3.8.2-4 (bug #371064; bug #370355; medium) - tiff3 (fixed prior to initial upload) -CVE-2006-2191 (** DISPUTED ** ...) +CVE-2006-2191 - mailman 1:2.1.9-1 (unimportant) NOTE: https://mail.python.org/pipermail/mailman-announce/2006-September/000087.html NOTE: not exploitable -CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...) +CVE-2006-2190 NOT-FOR-US: OpenWebMail -CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...) +CVE-2006-2189 NOT-FOR-US: Servous sBLOG -CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 ...) +CVE-2006-2188 NOT-FOR-US: CMScout -CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...) +CVE-2006-2187 NOT-FOR-US: zenphoto -CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...) +CVE-2006-2186 NOT-FOR-US: zenphoto -CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...) +CVE-2006-2185 NOT-FOR-US: Novell -CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...) +CVE-2006-2184 NOT-FOR-US: PHPKB Knowledge Base -CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...) +CVE-2006-2183 NOT-FOR-US: Truecrypt -CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...) +CVE-2006-2182 NOT-FOR-US: albinator -CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...) +CVE-2006-2181 NOT-FOR-US: albinator -CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...) +CVE-2006-2180 NOT-FOR-US: Golden FTP Server Pro -CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...) +CVE-2006-2179 NOT-FOR-US: CyberBuild -CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...) +CVE-2006-2178 NOT-FOR-US: CyberBuild -CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...) +CVE-2006-2177 NOT-FOR-US: geoBlog -CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...) +CVE-2006-2176 NOT-FOR-US: PHP Linkliste -CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...) +CVE-2006-2175 NOT-FOR-US: Fast Click -CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-2174 NOT-FOR-US: Virtual Hosting Control System (VHCS) -CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote ...) +CVE-2006-2173 NOT-FOR-US: FileZilla FTP Server -CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...) +CVE-2006-2172 NOT-FOR-US: Gene6 FTP Server -CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...) +CVE-2006-2171 NOT-FOR-US: WarFTPD -CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...) +CVE-2006-2170 NOT-FOR-US: ArgoSoft FTP Server -CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...) +CVE-2006-2169 - request-tracker3.4 (file not included in 3.4) -CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to ...) +CVE-2006-2168 NOT-FOR-US: FileProtection Express -CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...) +CVE-2006-2167 NOT-FOR-US: SloughFlash -CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco ...) +CVE-2006-2166 NOT-FOR-US: Cisco -CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis ...) +CVE-2006-2165 NOT-FOR-US: Avactis -CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...) +CVE-2006-2164 NOT-FOR-US: Avactis -CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) +CVE-2006-2163 NOT-FOR-US: Pinnacle -CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...) +CVE-2006-2162 {DSA-1072-1} - nagios 2:1.4-1 (bug #366682; bug #366803; medium) - nagios2 2.3-1 (bug #366683; medium) -CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...) +CVE-2006-2161 NOT-FOR-US: TZipBuilder/Abakt -CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...) +CVE-2006-2160 NOT-FOR-US: Russcom -CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp ...) +CVE-2006-2159 NOT-FOR-US: Russcom -CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus ...) +CVE-2006-2158 NOT-FOR-US: Stadtaus -CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ...) +CVE-2006-2157 NOT-FOR-US: Plogger -CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...) +CVE-2006-2156 NOT-FOR-US: X7 Chat -CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...) +CVE-2006-2155 NOT-FOR-US: EMC Retrospect -CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...) +CVE-2006-2154 NOT-FOR-US: EMC Retrospect -CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...) +CVE-2006-2153 NOT-FOR-US: DirectAdmin -CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...) +CVE-2006-2152 NOT-FOR-US: phpBB Advanced Guestbook -CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB ...) +CVE-2006-2151 NOT-FOR-US: phpBB TopList -CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB ...) +CVE-2006-2150 NOT-FOR-US: phpBB TopList -CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in ...) +CVE-2006-2149 NOT-FOR-US: Aardvark Topsites -CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not ...) +CVE-2006-2147 {DSA-1047-1} - resmgr 1.0-4 (low) -CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2146 NOT-FOR-US: HB-NS -CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 ...) +CVE-2006-2145 NOT-FOR-US: HB-NS -CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter ...) +CVE-2006-2144 NOT-FOR-US: DMCounter -CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB ...) +CVE-2006-2143 NOT-FOR-US: TextFileBB -CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in ...) +CVE-2006-2142 NOT-FOR-US: Limbo -CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...) +CVE-2006-2141 NOT-FOR-US: Collaborative Portal Server -CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 ...) +CVE-2006-2140 NOT-FOR-US: OrbitHYIP -CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...) +CVE-2006-2139 NOT-FOR-US: PHP Newsfeed -CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...) +CVE-2006-2138 NOT-FOR-US: NeoMail -CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke ...) +CVE-2006-2137 NOT-FOR-US: OpenPHPNuke -CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...) +CVE-2006-2136 NOT-FOR-US: AZNEWS -CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...) +CVE-2006-2135 NOT-FOR-US: Ruperts News -CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...) +CVE-2006-2134 NOT-FOR-US: phpbb2 mod -CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...) +CVE-2006-2148 {DSA-1052-1} - cgiirc 0.5.9-1 (bug #365680; medium) [sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium) -CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...) +CVE-2006-2133 NOT-FOR-US: BoonEx Barracuda -CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...) +CVE-2006-2132 NOT-FOR-US: DUclassified -CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...) +CVE-2006-2131 NOT-FOR-US: Advanced Poll -CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...) +CVE-2006-2130 NOT-FOR-US: Advanced Poll -CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows ...) +CVE-2006-2129 NOT-FOR-US: Pro Publish -CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...) +CVE-2006-2128 NOT-FOR-US: Pro Publish -CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x ...) +CVE-2006-2127 NOT-FOR-US: Blog Mod -CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...) +CVE-2006-2126 NOT-FOR-US: MaxTrade CVE-2006-2125 REJECTED -CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...) +CVE-2006-2124 NOT-FOR-US: SunShop -CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...) +CVE-2006-2123 NOT-FOR-US: Network Administration Visualiazed -CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...) +CVE-2006-2122 NOT-FOR-US: CoolMenus -CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...) +CVE-2006-2121 NOT-FOR-US: I-RATER Platinum -CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...) +CVE-2006-2120 {DSA-1078-1} - tiff 3.8.1 (bug #366588; medium) - tiff3 (fixed prior to initial upload) -CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...) +CVE-2006-2119 NOT-FOR-US: Artmedic -CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...) +CVE-2006-2118 NOT-FOR-US: JMK -CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...) +CVE-2006-2117 NOT-FOR-US: Thyme -CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...) +CVE-2006-2116 NOT-FOR-US: planetGallery -CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...) +CVE-2006-2115 NOT-FOR-US: SWS -CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...) +CVE-2006-2114 NOT-FOR-US: SWS -CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...) +CVE-2006-2113 NOT-FOR-US: Fuji Xerox Printing Systems -CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...) +CVE-2006-2112 NOT-FOR-US: Fuji Xerox Printing Systems -CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to ...) +CVE-2006-2111 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...) +CVE-2006-2110 {DSA-1060-1} - kernel-patch-vserver 2:2.0.1-4 (low) - linux-2.6 2.6.16-11 (low) -CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str ...) +CVE-2006-2109 NOTE: #357204: request for removal - jsboard 2.0.10-2 (bug #368305; low) -CVE-2006-2108 (parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to ...) +CVE-2006-2108 NOT-FOR-US: OCE -CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...) +CVE-2006-2107 NOT-FOR-US: BL4 -CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...) +CVE-2006-2106 - trac 0.9.5-1 (medium) [sarge] - trac (medium) NOTE: http://trac.edgewall.org/changeset/3201 @@ -11561,299 +11561,299 @@ CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Tra NOTE: the second reference fixes a regression in the first. i *believe* NOTE: that these correctly solve the problem, though we really ought NOTE: to run this by upstream or the reporter. -CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...) +CVE-2006-2105 NOT-FOR-US: Jupiter -CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...) +CVE-2006-2104 NOT-FOR-US: Kamgaing -CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...) +CVE-2006-2103 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...) +CVE-2006-2102 NOT-FOR-US: PowerISO -CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote ...) +CVE-2006-2101 NOT-FOR-US: WinISO -CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows ...) +CVE-2006-2100 NOT-FOR-US: Magic ISO -CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...) +CVE-2006-2099 NOT-FOR-US: UltraISO -CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...) +CVE-2006-2098 NOT-FOR-US: Thumbnail AutoIndex -CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board ...) +CVE-2006-2097 NOT-FOR-US: Invision -CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote ...) +CVE-2006-2096 NOT-FOR-US: LDU -CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...) +CVE-2006-2095 NOT-FOR-US: Phex -CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...) +CVE-2006-2094 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...) +CVE-2006-2093 - libnasl 2.2.8-1 (bug #365898; low) [sarge] - libnasl (Hardly exploitable, see #365898) -CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...) +CVE-2006-2092 NOT-FOR-US: HP -CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...) +CVE-2006-2091 NOT-FOR-US: Virtual War -CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...) +CVE-2006-2090 NOT-FOR-US: MySmartBB -CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in ...) +CVE-2006-2089 NOT-FOR-US: OpenBB -CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open ...) +CVE-2006-2088 NOT-FOR-US: OpenBB -CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...) +CVE-2006-2087 NOT-FOR-US: Hitachi Groupmax -CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx ...) +CVE-2006-2086 NOT-FOR-US: juniper SSL-VPN -CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in ...) +CVE-2006-2085 NOT-FOR-US: SpeedProject Squeez -CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...) +CVE-2006-2084 NOT-FOR-US: FarsiNews -CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended ...) +CVE-2006-2083 - rsync 2.6.8-1 (bug #365614; high) [sarge] - rsync (xattr patch appeared in 2.6.7) [woody] - rsync (xattr patch appeared in 2.6.7) -CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...) +CVE-2006-2082 - ioquake3 1.36+svn1788j-1 - tremulous 1.1.0-6 (bug #660831) [squeeze] - tremulous 1.1.0-7~squeeze1 -CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...) +CVE-2006-2081 NOT-FOR-US: Oracle -CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...) +CVE-2006-2080 NOT-FOR-US: Verosky -CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky ...) +CVE-2006-2079 NOT-FOR-US: Verosky -CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...) +CVE-2006-2078 NOT-FOR-US: FITELnet -CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...) +CVE-2006-2077 - pdnsd 1.2.4par-0.1 (bug #368268; medium) -CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...) +CVE-2006-2076 - pdnsd 1.2.4par-0.1 (bug #368268; medium) -CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...) +CVE-2006-2075 [sarge] - mydns 1.0.0-4sarge1 - mydns 1.1.0+pre-3 (medium; bug #348826) -CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...) +CVE-2006-2074 NOT-FOR-US: Juniper Networks JUNOSe -CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...) +CVE-2006-2073 - bind9 1:9.3.3-1 (low) NOTE: Only exploitable by trusted users after TSIG transaction NOTE: https://lists.isc.org/pipermail/bind-users/2011-October/085298.html -CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...) +CVE-2006-2072 NOT-FOR-US: DeleGate -CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...) +CVE-2006-2071 - linux-2.6 2.6.16-8 -CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...) +CVE-2006-2070 NOT-FOR-US: DevBB -CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...) +CVE-2006-2069 - pdns-recursor 3.0.1-1 (medium) -CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...) +CVE-2006-2068 NOT-FOR-US: Hitachi JP1 -CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...) +CVE-2006-2067 NOT-FOR-US: MKPortal -CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...) +CVE-2006-2066 NOT-FOR-US: MKPortal -CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...) +CVE-2006-2065 NOT-FOR-US: PHPSurveyor -CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...) +CVE-2006-2064 NOT-FOR-US: Sun -CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...) +CVE-2006-2063 NOT-FOR-US: Leadhound -CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...) +CVE-2006-2062 NOT-FOR-US: Leadhound -CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...) +CVE-2006-2061 NOT-FOR-US: Invision -CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...) +CVE-2006-2060 NOT-FOR-US: Invision -CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...) +CVE-2006-2059 NOT-FOR-US: Invision -CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...) +CVE-2006-2058 NOT-FOR-US: Avant -CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...) +CVE-2006-2057 NOT-FOR-US: Only on Windows -CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...) +CVE-2006-2056 NOT-FOR-US: Microsoft -CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...) +CVE-2006-2055 NOT-FOR-US: Micrsoft Outlook -CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...) +CVE-2006-2054 NOT-FOR-US: 3Com -CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...) +CVE-2006-2053 NOT-FOR-US: QuickEStore -CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...) +CVE-2006-2052 NOT-FOR-US: Verosky -CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-2051 NOT-FOR-US: NextAge -CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...) +CVE-2006-2050 NOT-FOR-US: DCScripts -CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...) +CVE-2006-2049 NOT-FOR-US: DCScripts -CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-2048 NOT-FOR-US: phpWebFTP -CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...) +CVE-2006-2047 NOT-FOR-US: ColdFusion -CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...) +CVE-2006-2046 NOT-FOR-US: ColdFusion -CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...) +CVE-2006-2045 NOT-FOR-US: IP3 -CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...) +CVE-2006-2044 NOT-FOR-US: IP3 -CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...) +CVE-2006-2043 NOT-FOR-US: IP3 -CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...) +CVE-2006-2042 NOT-FOR-US: Adobe -CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...) +CVE-2006-2041 NOT-FOR-US: PhpWebGallery -CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...) +CVE-2006-2040 NOT-FOR-US: photokorn -CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...) +CVE-2006-2039 NOT-FOR-US: Help Center Live -CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier ...) +CVE-2006-2038 NOT-FOR-US: ampleShop -CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...) +CVE-2006-2037 NOT-FOR-US: Thwboard -CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...) +CVE-2006-2036 NOT-FOR-US: iOpus -CVE-2006-2035 (Websense, when configured to permit access to the dynamic content ...) +CVE-2006-2035 NOT-FOR-US: Websense -CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB ...) +CVE-2006-2034 NOT-FOR-US: FlexBB -CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ...) +CVE-2006-2033 NOT-FOR-US: Core -CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and ...) +CVE-2006-2032 NOT-FOR-US: Core -CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...) +CVE-2006-2031 - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin (Vulnerable code not present) -CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...) +CVE-2006-2030 NOT-FOR-US: Allied Telesyn -CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...) +CVE-2006-2029 NOT-FOR-US: Simplog -CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy ...) +CVE-2006-2028 NOT-FOR-US: Simplog -CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...) +CVE-2006-2027 NOT-FOR-US: Pablo Software -CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...) +CVE-2006-2026 {DSA-1054-1} [sarge] - tiff 3.7.2-3sarge1 [woody] - tiff 3.5.5-7woody1 - tiff 3.8.1 - tiff3 (fixed prior to initial upload) -CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...) +CVE-2006-2025 {DSA-1054-1} [sarge] - tiff 3.7.2-3sarge1 [woody] - tiff 3.5.5-7woody1 - tiff 3.8.1 - tiff3 (fixed prior to initial upload) -CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...) +CVE-2006-2024 {DSA-1054-1} [sarge] - tiff 3.7.2-3sarge1 [woody] - tiff 3.5.5-7woody1 - tiff 3.8.1 - tiff3 (fixed prior to initial upload) -CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...) +CVE-2006-2023 NOT-FOR-US: Fenice -CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...) +CVE-2006-2022 NOT-FOR-US: Fenice -CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...) +CVE-2006-2021 NOT-FOR-US: Asterisk@Home -CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores ...) +CVE-2006-2020 NOT-FOR-US: Asterisk@Home -CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...) +CVE-2006-2019 NOT-FOR-US: Apple CVE-2006-XXXX [librsvg2 crash on certain svg files] - librsvg 2.14.3-2 (bug #361653; bug #361540; medium) -CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...) +CVE-2006-2018 NOT-FOR-US: vBulletin -CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...) +CVE-2006-2017 - dnsmasq 2.30-1 (medium) [sarge] - dnsmasq (Vulnerability was introduced in 2.28) -CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...) +CVE-2006-2016 {DSA-1057-1} - phpldapadmin 0.9.8.3-1 (bug #365313; low) - egroupware 1.2-104.dfsg-1 (bug #365314; low) NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin -CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...) +CVE-2006-2015 NOT-FOR-US: SL_site -CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 ...) +CVE-2006-2014 NOT-FOR-US: SL_site -CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote ...) +CVE-2006-2013 NOT-FOR-US: SL_site -CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows ...) +CVE-2006-2012 NOT-FOR-US: Skulltag -CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...) +CVE-2006-2011 NOT-FOR-US: 4images -CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...) +CVE-2006-2010 NOT-FOR-US: Bloggage -CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...) +CVE-2006-2009 NOT-FOR-US: phpMyAgenda -CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go ...) +CVE-2006-2008 NOT-FOR-US: Built2Go -CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...) +CVE-2006-2007 NOT-FOR-US: Winny -CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...) +CVE-2006-2006 NOT-FOR-US: IZArc Archiver -CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...) +CVE-2006-2005 NOT-FOR-US: ClanSys -CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...) +CVE-2006-2004 NOT-FOR-US: RI Blog -CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...) +CVE-2006-2003 NOT-FOR-US: Community Architect Guestbook -CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...) +CVE-2006-2002 NOT-FOR-US: MyGamingLadder -CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...) +CVE-2006-2001 NOT-FOR-US: Scry Gallery -CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...) +CVE-2006-2000 NOT-FOR-US: logMethods -CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...) +CVE-2006-1999 NOT-FOR-US: OpenTTD -CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...) +CVE-2006-1998 NOT-FOR-US: OpenTTD -CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware ...) +CVE-2006-1997 NOT-FOR-US: Sybase Pylon Anywhere -CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...) +CVE-2006-1996 NOT-FOR-US: Scry Gallery -CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 ...) +CVE-2006-1995 NOT-FOR-US: Scry Gallery -CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier ...) +CVE-2006-1994 NOT-FOR-US: dForum -CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...) +CVE-2006-1992 NOT-FOR-US: Microsoft Internet Explorer -CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows ...) +CVE-2006-1991 - php4 (substr_compare does not exist in PHP 4.4.2) - php5 5.1.4-0.1 (bug #365312; medium) -CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...) +CVE-2006-1990 - php4 4:4.4.2-1.1 (bug #365311; unimportant) - php5 5.1.4-0.1 (bug #365312; unimportant) NOTE: This could only be exploited by a malicious, local user, which is an NOTE: unsupported use case -CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...) +CVE-2006-1989 {DSA-1050-1} - clamav 0.88.2 [sarge] - clamav 0.84-2.sarge.9 -CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...) +CVE-2006-1988 NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 -CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...) +CVE-2006-1987 NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 -CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...) +CVE-2006-1986 NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 -CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build ...) +CVE-2006-1985 NOT-FOR-US: BOMArchiveHelper -CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...) +CVE-2006-1984 NOT-FOR-US: Mac OS X -CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier ...) +CVE-2006-1983 NOT-FOR-US: Mac OS X -CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...) +CVE-2006-1982 NOT-FOR-US: Mac OS X -CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...) +CVE-2006-1981 NOT-FOR-US: Mac OS X -CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...) +CVE-2006-1980 NOT-FOR-US: W2B Online Banking -CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web ...) +CVE-2006-1979 NOT-FOR-US: Manic Web MWGuest -CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and ...) +CVE-2006-1978 NOT-FOR-US: FlexBB -CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...) +CVE-2006-1977 NOT-FOR-US: FlexBB -CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...) +CVE-2006-1993 {DSA-1055-1 DSA-1053-1} - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high) - mozilla (high) @@ -11862,319 +11862,319 @@ CVE-2006-XXXX [typo3 mailforms can be abused to send spam] - typo3-src 4.0.2-1 (bug #364350) CVE-2006-XXXX [moinmoin XSS] - moin 1.5.3-1 -CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...) +CVE-2006-1976 NOT-FOR-US: Prayer Request Board -CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...) +CVE-2006-1975 NOT-FOR-US: PHP-Gastebuch -CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) ...) +CVE-2006-1974 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router ...) +CVE-2006-1973 NOT-FOR-US: Linksys router -CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...) +CVE-2006-1972 NOT-FOR-US: EasyGallery -CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ...) +CVE-2006-1971 NOT-FOR-US: KRANKIKOM ContentBoxX -CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...) +CVE-2006-1970 NOT-FOR-US: KCScripts Classifieds -CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an ...) +CVE-2006-1969 NOT-FOR-US: KCScripts -CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in ...) +CVE-2006-1968 NOT-FOR-US: KCScripts -CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in ...) +CVE-2006-1967 NOT-FOR-US: KCScripts -CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote ...) +CVE-2006-1966 NOT-FOR-US: Fortinet -CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net ...) +CVE-2006-1965 NOT-FOR-US: Net Clubs Pro -CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and ...) +CVE-2006-1964 NOT-FOR-US: ASPSitem -CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and ...) +CVE-2006-1963 NOT-FOR-US: PCPIN Chat -CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows ...) +CVE-2006-1962 NOT-FOR-US: PCPIN Chat -CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express ...) +CVE-2006-1961 NOT-FOR-US: Cisco -CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user ...) +CVE-2006-1960 NOT-FOR-US: Cisco -CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...) +CVE-2006-1959 NOT-FOR-US: ActualScripts ActualAnalyzer Lite -CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...) +CVE-2006-1958 NOT-FOR-US: WWWThreads -CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...) +CVE-2006-1957 - mambo 4.6.1-4 (bug #364769; medium) -CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...) +CVE-2006-1956 - mambo 4.6.1-4 (bug #364769; medium) -CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas ...) +CVE-2006-1955 NOT-FOR-US: RechnungsZentrale -CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka ...) +CVE-2006-1954 NOT-FOR-US: RechnungsZentrale -CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 ...) +CVE-2006-1953 NOT-FOR-US: Caucho -CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...) +CVE-2006-1952 NOT-FOR-US: WinAgents TFTP Server for Windows -CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ...) +CVE-2006-1951 NOT-FOR-US: SolarWinds TFTP Server -CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in ...) +CVE-2006-1950 NOT-FOR-US: PerlCoders BannerFarm -CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and ...) +CVE-2006-1949 NOT-FOR-US: NicPlex PlexCart -CVE-2006-1948 (The "Add Sender to Address Book" operation ...) +CVE-2006-1948 NOT-FOR-US: Lotus Notes -CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...) +CVE-2006-1947 NOT-FOR-US: NicPlex PlexCart -CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and ...) +CVE-2006-1946 NOT-FOR-US: Visale -CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...) +CVE-2006-1945 {DSA-1075-1} - awstats 6.5-2 (bug #364443; medium) NOTE: this might be the same core issue as CVE-2005-2732 -CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft ...) +CVE-2006-1944 NOT-FOR-US: SibSoft CommuniMail -CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...) +CVE-2006-1943 NOT-FOR-US: Smarter Scripts IntelliLink Pro -CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...) +CVE-2006-1942 {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-39 - firefox 1.5.dfsg+1.5.0.4-1 (low) - thunderbird (Windows-specific) - mozilla 2:1.7.13-0.3 (low) - xulrunner (Windows-specific) -CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...) +CVE-2006-1941 NOT-FOR-US: Neon Responder -CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...) +CVE-2006-1940 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...) +CVE-2006-1939 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...) +CVE-2006-1938 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...) +CVE-2006-1937 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...) +CVE-2006-1936 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...) +CVE-2006-1935 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...) +CVE-2006-1934 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...) +CVE-2006-1933 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...) +CVE-2006-1932 {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) -CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...) +CVE-2006-1931 {DSA-1157} NOTE: the redhat bugzilla entry says this is fixed in 1.8.3 - ruby1.8 1.8.3 (bug #365520) -CVE-2006-1930 (** DISPUTED ** ...) +CVE-2006-1930 NOT-FOR-US: Green Minute -CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...) +CVE-2006-1929 NOT-FOR-US: I-Rater Platinum -CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...) +CVE-2006-1928 NOT-FOR-US: Cisco -CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...) +CVE-2006-1927 NOT-FOR-US: Cisco -CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 ...) +CVE-2006-1926 NOT-FOR-US: ThWboard -CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...) +CVE-2006-1925 NOT-FOR-US: CuteNews -CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 ...) +CVE-2006-1924 NOT-FOR-US: LinPHA -CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) +CVE-2006-1923 NOT-FOR-US: LinPHA -CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...) +CVE-2006-1922 NOT-FOR-US: TotalCalendar -CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...) +CVE-2006-1921 NOT-FOR-US: PHP Net Tools -CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...) +CVE-2006-1920 NOT-FOR-US: PMTool -CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...) +CVE-2006-1919 NOT-FOR-US: Internet Photoshow -CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...) +CVE-2006-1918 NOT-FOR-US: Papoo -CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...) +CVE-2006-1917 NOT-FOR-US: Blackorpheus ClanMemberSkript -CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) +CVE-2006-1916 NOT-FOR-US: DbbS -CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...) +CVE-2006-1915 NOT-FOR-US: DbbS -CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...) +CVE-2006-1914 NOT-FOR-US: DbbS -CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...) +CVE-2006-1913 NOT-FOR-US: Jax Guestbook -CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...) +CVE-2006-1912 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...) +CVE-2006-1911 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...) +CVE-2006-1910 - serendipity 1.0-1 -CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...) +CVE-2006-1909 NOT-FOR-US: Coppermine -CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...) +CVE-2006-1908 NOT-FOR-US: myEvent -CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote ...) +CVE-2006-1907 NOT-FOR-US: myEvent -CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...) +CVE-2006-1906 NOT-FOR-US: phpLister -CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...) +CVE-2006-1905 - xine-ui 0.99.4-1 (bug #363370; unimportant) NOTE: This is a non-issue: An attacker would need to trick the user into opening NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode -CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...) +CVE-2006-1904 NOT-FOR-US: AnimeGenesis Gallery -CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...) +CVE-2006-1903 NOT-FOR-US: UserLand Manila -CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...) +CVE-2006-1902 - gcc-4.1 4.1.0-2 (bug #356896; unimportant) NOTE: Turned out to be a non-issue -CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...) +CVE-2006-1901 NOT-FOR-US: Mozilla Camino -CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...) +CVE-2006-1900 - amaya 9.51-1 (bug #362575; medium) -CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...) +CVE-2006-1899 NOT-FOR-US: Neuron Blog -CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...) +CVE-2006-1898 NOT-FOR-US: Tiny PHP Forum -CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script ...) +CVE-2006-1897 NOT-FOR-US: Webplus (aka talentsoft) Web+Shop -CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...) +CVE-2006-1896 {DSA-1066-1} - phpbb2 2.0.18-3 (bug #365533; medium) -CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...) +CVE-2006-1895 - phpbb2 (bug #365535) -CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...) +CVE-2006-1894 NOT-FOR-US: RevoBoard / PunBB -CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...) +CVE-2006-1893 NOT-FOR-US: ar-blog -CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...) +CVE-2006-1892 NOT-FOR-US: avast! 4 Linux Home Edition -CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...) +CVE-2006-1891 NOT-FOR-US: betaboard -CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...) +CVE-2006-1890 NOT-FOR-US: myWebland -CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...) +CVE-2006-1889 NOT-FOR-US: Boardsolution -CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...) +CVE-2006-1888 NOT-FOR-US: phpGraphy -CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...) +CVE-2006-1887 NOT-FOR-US: Oracle JD Edwards EnterpriseOne -CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...) +CVE-2006-1886 NOT-FOR-US: Oracle -CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...) +CVE-2006-1885 NOT-FOR-US: Oracle -CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...) +CVE-2006-1884 NOT-FOR-US: Oracle -CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2006-1883 NOT-FOR-US: Oracle -CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-1882 NOT-FOR-US: Oracle -CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...) +CVE-2006-1881 NOT-FOR-US: Oracle -CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-1880 NOT-FOR-US: Oracle -CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...) +CVE-2006-1879 NOT-FOR-US: Oracle -CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...) +CVE-2006-1878 NOT-FOR-US: phpFaber TopSites -CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) +CVE-2006-1877 NOT-FOR-US: Oracle -CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...) +CVE-2006-1876 NOT-FOR-US: Oracle -CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...) +CVE-2006-1875 NOT-FOR-US: Oracle -CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) +CVE-2006-1874 NOT-FOR-US: Oracle -CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...) +CVE-2006-1873 NOT-FOR-US: Oracle -CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...) +CVE-2006-1872 NOT-FOR-US: Oracle -CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...) +CVE-2006-1871 NOT-FOR-US: Oracle -CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) +CVE-2006-1870 NOT-FOR-US: Oracle -CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...) +CVE-2006-1869 NOT-FOR-US: Oracle -CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle ...) +CVE-2006-1868 NOT-FOR-US: Oracle -CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...) +CVE-2006-1867 NOT-FOR-US: Oracle -CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...) +CVE-2006-1866 NOT-FOR-US: Oracle -CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows ...) +CVE-2006-1865 - beagle 0.2.6-2 (bug #365371; medium) -CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...) +CVE-2006-1864 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 -CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...) +CVE-2006-1863 {DSA-1103} - linux-2.6 2.6.16-10 -CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local ...) +CVE-2006-1862 - linux-2.6 (seems to be RedHat-specific) -CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...) +CVE-2006-1861 {DSA-1095-1} - freetype 2.2.1-1 -CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...) +CVE-2006-1860 - linux-2.6 2.6.16-14 -CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...) +CVE-2006-1859 - linux-2.6 2.6.16-14 -CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...) +CVE-2006-1858 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-14 -CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...) +CVE-2006-1857 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-14 -CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ...) +CVE-2006-1856 {DSA-1184-2} - linux-2.6 2.6.16-12 -CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain ...) +CVE-2006-1855 {DSA-1184-2} NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog - linux-2.6 2.6.12-1 -CVE-2006-1854 (** DISPUTED ** ...) +CVE-2006-1854 NOT-FOR-US: BluePay Manager -CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...) +CVE-2006-1853 NOT-FOR-US: ModernBill -CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...) +CVE-2006-1852 NOT-FOR-US: Article Publisher Pro -CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...) +CVE-2006-1851 NOT-FOR-US: xFlow -CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...) +CVE-2006-1850 NOT-FOR-US: xFlow -CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...) +CVE-2006-1849 NOT-FOR-US: xFlow -CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...) +CVE-2006-1848 NOT-FOR-US: LinPHA -CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...) +CVE-2006-1847 NOT-FOR-US: PHP-Nuke -CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...) +CVE-2006-1846 NOT-FOR-US: PHP-Nuke CVE-2006-1845 REJECTED -CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...) +CVE-2006-1844 [sarge] - shadow 1:4.0.3-31sarge8 [sarge] - base-config NOTE: The installer is fixed separately, but the postinst of the shadow update @@ -12182,222 +12182,222 @@ CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-confi NOTE: seems to be a duplicate of CVE-2006-1376 - shadow 1:4.0.14-9 (bug #358210; bug #356939) - base-config 2.68 (bug #254068; low) -CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...) +CVE-2006-1843 NOT-FOR-US: ShoutBOOK -CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...) +CVE-2006-1842 NOT-FOR-US: ShoutBOOK -CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...) +CVE-2006-1841 NOT-FOR-US: boastMachine -CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 ...) +CVE-2006-1840 NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game) -CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...) +CVE-2006-1839 NOT-FOR-US: PHP Album -CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...) +CVE-2006-1838 NOT-FOR-US: Fuju News -CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...) +CVE-2006-1837 NOT-FOR-US: Fuju News -CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in ...) +CVE-2006-1836 NOT-FOR-US: Symantec LiveUpdate -CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...) +CVE-2006-1835 NOT-FOR-US: Calendarix -CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...) +CVE-2006-1834 NOT-FOR-US: Opera -CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...) +CVE-2006-1833 NOT-FOR-US: NetBSD -CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the ...) +CVE-2006-1832 NOT-FOR-US: sysinfo -CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo ...) +CVE-2006-1831 NOT-FOR-US: sysinfo -CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...) +CVE-2006-1830 NOT-FOR-US: Sun Java Studio Enterprise -CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote ...) +CVE-2006-1829 NOT-FOR-US: EAServer Manager in Sybase EAServer -CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...) +CVE-2006-1828 NOT-FOR-US: PHP121 -CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...) +CVE-2006-1827 {DSA-1048-1} - asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium) [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium) [woody] - asterisk 0.1.11-3woody1 (bug #364195; medium) -CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...) +CVE-2006-1826 NOT-FOR-US: Snipe Gallery -CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...) +CVE-2006-1825 NOT-FOR-US: phpLinks -CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-1824 NOT-FOR-US: PhpGuestbook -CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier ...) +CVE-2006-1823 NOT-FOR-US: FarsiNews -CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews ...) +CVE-2006-1822 NOT-FOR-US: FarsiNews -CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows ...) +CVE-2006-1821 NOT-FOR-US: ModX CMS -CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 ...) +CVE-2006-1820 NOT-FOR-US: ModX CMS -CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in ...) +CVE-2006-1819 NOT-FOR-US: phpWebSite -CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...) +CVE-2006-1818 NOT-FOR-US: warforge.NEWS -CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, ...) +CVE-2006-1817 NOT-FOR-US: warforge.NEWS -CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...) +CVE-2006-1816 NOT-FOR-US: VBulletin -CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) +CVE-2006-1815 NOT-FOR-US: Tritanium Bulletin Board -CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of ...) +CVE-2006-1814 NOT-FOR-US: NetBSD kernel -CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ...) +CVE-2006-1813 NOT-FOR-US: phpWebFTP -CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...) +CVE-2006-1812 NOT-FOR-US: phpWebFTP -CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow ...) +CVE-2006-1811 NOT-FOR-US: FlexBB -CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 ...) +CVE-2006-1810 NOT-FOR-US: FlexBB -CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain ...) +CVE-2006-1809 NOT-FOR-US: Lifetype -CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype ...) +CVE-2006-1808 NOT-FOR-US: Lifetype -CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...) +CVE-2006-1807 NOT-FOR-US: Musicbox -CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox ...) +CVE-2006-1806 NOT-FOR-US: Musicbox -CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows ...) +CVE-2006-1805 NOT-FOR-US: PowerClan -CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...) +CVE-2006-1804 - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin -CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin ...) +CVE-2006-1803 - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin (CSRF code not present in Sarge, too intrusive to backport) NOTE: maintainer considers this not-affected. -CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...) +CVE-2006-1802 NOT-FOR-US: TinyWebGallery -CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in ...) +CVE-2006-1801 NOT-FOR-US: planetSearch+ -CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 ...) +CVE-2006-1800 NOT-FOR-US: SimpleBBS -CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers ...) +CVE-2006-1799 NOT-FOR-US: Censtore -CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...) +CVE-2006-1798 NOT-FOR-US: RateIt -CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local ...) +CVE-2006-1797 NOT-FOR-US: NetBSD kernel -CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links ...) +CVE-2006-1796 - wordpress 2.0.1 (bug #328909) -CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...) +CVE-2006-1795 NOT-FOR-US: UPDI Network Enterprise -CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...) +CVE-2006-1794 NOTE: only in experimental - mambo 4.5.3h-1 (bug #354468) -CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows ...) +CVE-2006-1793 NOT-FOR-US: runCMS -CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard ...) +CVE-2006-1792 NOT-FOR-US: MailEnable -CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...) +CVE-2006-1791 NOT-FOR-US: QuickBlogger -CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...) +CVE-2006-1790 {DSA-1051-1 DSA-1046-1} - firefox 1.5 - mozilla-firefox (problematic fix not backported into 1.0.4-2sarge5) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 - mozilla 2:1.7.13-0.1 -CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...) +CVE-2006-1789 NOT-FOR-US: pajax -CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, ...) +CVE-2006-1788 NOT-FOR-US: Adobe -CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's ...) +CVE-2006-1787 NOT-FOR-US: Adobe -CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...) +CVE-2006-1786 NOT-FOR-US: Adobe -CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote ...) +CVE-2006-1785 NOT-FOR-US: Adobe -CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in ...) +CVE-2006-1784 NOT-FOR-US: Sphider -CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...) +CVE-2006-1783 NOT-FOR-US: PatroNet CMS -CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to ...) +CVE-2006-1782 NOT-FOR-US: Sun Solaris -CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R ...) +CVE-2006-1781 NOT-FOR-US: Circle R Monster Top List -CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ...) +CVE-2006-1780 NOT-FOR-US: Sun Solaris -CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy ...) +CVE-2006-1779 NOT-FOR-US: Simplog -CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...) +CVE-2006-1778 NOT-FOR-US: Simplog -CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...) +CVE-2006-1777 NOT-FOR-US: Simplog -CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...) +CVE-2006-1776 NOT-FOR-US: Simplog -CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...) +CVE-2006-1775 - phpbb2 (unimportant) NOTE: Only exploitable by authenticated admin users -CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...) +CVE-2006-1774 NOT-FOR-US: HP System Management Homepage -CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...) +CVE-2006-1773 NOT-FOR-US: PHPKIT -CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...) +CVE-2006-1772 - mnogosearch 3.2.37-3.1 (bug #361775) [sarge] - mnogosearch (Minor issue) -CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...) +CVE-2006-1771 NOT-FOR-US: SAXoPRESS -CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...) +CVE-2006-1770 NOT-FOR-US: AzDGVote -CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...) +CVE-2006-1769 NOT-FOR-US: UserLand Manila -CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) +CVE-2006-1768 NOT-FOR-US: Tritanium Bulletin Board -CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com ...) +CVE-2006-1767 NOT-FOR-US: INDEXU -CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...) +CVE-2006-1766 NOT-FOR-US: Papoo -CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 ...) +CVE-2006-1765 NOT-FOR-US: JBook -CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web ...) +CVE-2006-1764 NOT-FOR-US: Hosting Controller -CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...) +CVE-2006-1763 NOT-FOR-US: blur6ex -CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 ...) +CVE-2006-1762 NOT-FOR-US: blur6ex -CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 ...) +CVE-2006-1761 NOT-FOR-US: blur6ex -CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...) +CVE-2006-1760 NOT-FOR-US: JetPhoto -CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...) +CVE-2006-1759 NOT-FOR-US: SWSoft Confixx -CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...) +CVE-2006-1758 NOT-FOR-US: Vegadns -CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...) +CVE-2006-1757 NOT-FOR-US: Vegadns -CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a ...) +CVE-2006-1756 NOT-FOR-US: MD News 1 -CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote ...) +CVE-2006-1755 NOT-FOR-US: MD News 1 -CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...) +CVE-2006-1754 NOT-FOR-US: SWSoft Confixx -CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite ...) +CVE-2006-1753 {DSA-1035-1} - fcheck 2.7.59-8 -CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...) +CVE-2006-1752 NOT-FOR-US: MvBlog -CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow ...) +CVE-2006-1751 NOT-FOR-US: MvBlog -CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-1750 NOT-FOR-US: Autogallery -CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro ...) +CVE-2006-1749 NOT-FOR-US: phpListPro -CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows ...) +CVE-2006-1748 NOT-FOR-US: XMB Forum -CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 ...) +CVE-2006-1747 NOT-FOR-US: Virtual War -CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...) +CVE-2006-1746 NOT-FOR-US: PHPList -CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...) +CVE-2006-1745 NOT-FOR-US: Bitweaver -CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...) +CVE-2006-1743 NOT-FOR-US: JBook -CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...) +CVE-2006-1742 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) @@ -12407,69 +12407,69 @@ CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x befo - xulrunner 1.8.0.1-9 NOTE: The Mozilla Foundation labels this as "critical", but it's not NOTE: clear if this bug is exploitable. -CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) +CVE-2006-1741 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) +CVE-2006-1740 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla 2:1.7.13-0.1 (low) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...) +CVE-2006-1739 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) +CVE-2006-1738 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...) +CVE-2006-1737 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) +CVE-2006-1736 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla 2:1.7.13-0.1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 -CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) +CVE-2006-1735 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) -CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) +CVE-2006-1734 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) -CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) +CVE-2006-1733 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) -CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) +CVE-2006-1732 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) @@ -12477,14 +12477,14 @@ CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) - xulrunner 1.8.0.1-9 -CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) +CVE-2006-1731 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...) +CVE-2006-1730 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high) @@ -12494,7 +12494,7 @@ CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1. NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is NOTE: exploitable in the default configuration. - xulrunner 1.8.0.1-9 -CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...) +CVE-2006-1729 {DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium) @@ -12502,7 +12502,7 @@ CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozill [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) - xulrunner 1.8.0.1-9 NOTE: Can likely be used to steal OpenSSH keys and the like. -CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) +CVE-2006-1728 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high) @@ -12510,7 +12510,7 @@ CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) - xulrunner 1.8.0.1-9 -CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) +CVE-2006-1727 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium) @@ -12520,16 +12520,16 @@ CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x - xulrunner 1.8.0.1-9 NOTE: If print preview (and this bug) can be triggered from JavaScript, NOTE: the urgency should probably be raised. -CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...) +CVE-2006-1726 - firefox 1.5.dfsg+1.5.0.2-1 (high) - thunderbird 1.5.0.2-1 (medium) - xulrunner 1.8.0.1-9 NOTE: New bug in Firefox 1.5. -CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...) +CVE-2006-1725 - firefox 1.5.dfsg+1.5.0.2-1 (low) - xulrunner 1.8.0.1-9 NOTE: New bug in Firefox 1.5. -CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) +CVE-2006-1724 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla (medium) @@ -12539,7 +12539,7 @@ CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. -CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) +CVE-2006-1723 {DSA-1051-1 DSA-1046-1} - firefox 1.5.dfsg+1.5.0.2 (medium) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) @@ -12547,434 +12547,434 @@ CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 - thunderbird 1.5.0.2-1 (low) - xulrunner 1.8.0.1-9 NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459 -CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...) +CVE-2006-1722 NOT-FOR-US: ShopXS -CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...) +CVE-2006-1721 {DSA-1042-1} - cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low) - cyrus-sasl2-mit (does not install digest-md5) -CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...) +CVE-2006-1720 NOT-FOR-US: SaphpLesson -CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...) +CVE-2006-1719 NOT-FOR-US: Internet Explorer -CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...) +CVE-2006-1718 NOT-FOR-US: Clever Copy -CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...) +CVE-2006-1717 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) +CVE-2006-1716 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...) +CVE-2006-1715 NOT-FOR-US: TUGZip -CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...) +CVE-2006-1714 NOT-FOR-US: phpMyForum -CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...) +CVE-2006-1713 NOT-FOR-US: phpMyForum -CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...) +CVE-2006-1710 NOT-FOR-US: DNGuestbook -CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...) +CVE-2006-1744 {DSA-1036-1} - bsdgames 2.17-7 (bug #360989) -CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...) +CVE-2006-1712 - mailman 0:2.1.7-2.1.8rc1-1 [sarge] - mailman (Only affects Mailman 2.1.7) -CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...) +CVE-2006-1711 {DSA-1032-1} - zope-cmfplone 2.1.2-2 -CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...) +CVE-2006-1709 NOT-FOR-US: interaktiv.shop -CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...) +CVE-2006-1708 NOT-FOR-US: Clansys -CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include ...) +CVE-2006-1707 NOT-FOR-US: Shopweezle -CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...) +CVE-2006-1706 NOT-FOR-US: Shopweezle -CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" ...) +CVE-2006-1705 NOT-FOR-US: Oracle -CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files ...) +CVE-2006-1704 NOT-FOR-US: Sire 2.0 nws -CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...) +CVE-2006-1703 NOT-FOR-US: Sire 2.0 nws -CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...) +CVE-2006-1702 - spip 2.0.6-1 -CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...) +CVE-2006-1701 NOT-FOR-US: Shadowed Portal -CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...) +CVE-2006-1700 NOT-FOR-US: Aweb Scripts Seller -CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...) +CVE-2006-1699 NOT-FOR-US: Aweb Banner -CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...) +CVE-2006-1698 NOT-FOR-US: Matt Wright Guestbook -CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...) +CVE-2006-1697 NOT-FOR-US: Matt Wright Guestbook -CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...) +CVE-2006-1696 - gallery 1.5.3-1 (bug #361758) -CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...) +CVE-2006-1695 {DSA-1068-1} - fbi 2.05-1 (bug #361370) -CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...) +CVE-2006-1694 NOT-FOR-US: XBrite Members -CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...) +CVE-2006-1693 NOT-FOR-US: GlobalSCAPE Secure FTP Server -CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...) +CVE-2006-1692 NOT-FOR-US: MWNewsletter -CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...) +CVE-2006-1691 NOT-FOR-US: MWNewsletter -CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...) +CVE-2006-1690 NOT-FOR-US: MWNewsletter -CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...) +CVE-2006-1689 NOT-FOR-US: HP-UX -CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...) +CVE-2006-1688 NOT-FOR-US: SQuery / Autonomous LAN party -CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...) +CVE-2006-1687 NOT-FOR-US: APT-webshop-system -CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...) +CVE-2006-1686 NOT-FOR-US: APT-webshop-system -CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...) +CVE-2006-1685 NOT-FOR-US: APT-webshop-system -CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...) +CVE-2006-1684 NOT-FOR-US: ecotwo Shopsystem -CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...) +CVE-2006-1683 NOT-FOR-US: Chipmunk Guestbook -CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...) +CVE-2006-1682 NOT-FOR-US: TalentSoft Web+Shop -CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...) +CVE-2006-1681 - cherokee 0.5.1-1 -CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...) +CVE-2006-1680 NOT-FOR-US: Jupiter CMS -CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in ...) +CVE-2006-1679 NOT-FOR-US: Jupiter CMS -CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) +CVE-2006-1678 {DSA-1207-1} - phpmyadmin 4:2.8.0.3-1 (bug #362567) -CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before ...) +CVE-2006-1677 NOT-FOR-US: MAXdev MD-Pro -CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...) +CVE-2006-1676 NOT-FOR-US: MAXdev MD-Pro -CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...) +CVE-2006-1675 NOT-FOR-US: PHPWebGallery -CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...) +CVE-2006-1674 NOT-FOR-US: PHPWebGallery -CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...) +CVE-2006-1673 NOT-FOR-US: Dark_Wizard vBug Tracker -CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...) +CVE-2006-1672 NOT-FOR-US: Cisco -CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) +CVE-2006-1671 NOT-FOR-US: Cisco -CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) +CVE-2006-1670 NOT-FOR-US: Cisco -CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...) +CVE-2006-1669 NOT-FOR-US: PHPMyChat -CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...) +CVE-2006-1668 NOT-FOR-US: Crafty Syntax Image Gallery -CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...) +CVE-2006-1667 NOT-FOR-US: Crafty Syntax Image Gallery -CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...) +CVE-2006-1666 NOT-FOR-US: Arab Portal -CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...) +CVE-2006-1665 NOT-FOR-US: Arab Portal -CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...) +CVE-2006-1664 - xine-lib (Not reproducible with Debian version, see bug #363127) - vlc (affected part of xine-lib code copy not present) CVE-2006-1663 REJECTED -CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...) +CVE-2006-1662 NOT-FOR-US: Limbo CMS -CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...) +CVE-2006-1661 NOT-FOR-US: SKForum -CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz ...) +CVE-2006-1660 NOT-FOR-US: Softbiz Image Gallery -CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow ...) +CVE-2006-1659 NOT-FOR-US: Softbiz Image Gallery -CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky ...) +CVE-2006-1658 NOT-FOR-US: Chucky A. Ivey N.T. -CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky ...) +CVE-2006-1657 NOT-FOR-US: Chucky A. Ivey N.T. CVE-2006-XXXX [linphone insecure password leakage] - linphone 1.3.5-1 (bug #361913) -CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...) +CVE-2006-1656 - util-vserver 0.30.210-1 (bug #360438; unimportant) -CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...) +CVE-2006-1655 {DSA-1074-1} - mpg123 0.59r-22 (bug #361863) - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain (Minor issue) -CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) +CVE-2006-1654 NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox -CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...) +CVE-2006-1653 NOT-FOR-US: AngelineCMS -CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ...) +CVE-2006-1652 NOT-FOR-US: UltraVNC -CVE-2006-1651 (** DISPUTED ** ...) +CVE-2006-1651 NOT-FOR-US: MS ISA -CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...) +CVE-2006-1650 NOTE: other reports indicate that Firefox is not vulnerable -CVE-2006-1649 (The "restore to" selection in the "quarantine a file" capability of ...) +CVE-2006-1649 NOT-FOR-US: Eset Software NOD32 Antivirus 2.5 -CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...) +CVE-2006-1648 NOT-FOR-US: SMART SynchronEyes -CVE-2006-1647 (An unspecified "logical programming mistake" in SMART SynchronEyes ...) +CVE-2006-1647 NOT-FOR-US: SMART SynchronEyes -CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...) +CVE-2006-1646 NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732 -CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...) +CVE-2006-1645 NOT-FOR-US: ReloadCMS -CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...) +CVE-2006-1644 NOT-FOR-US: Interact -CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows ...) +CVE-2006-1643 NOT-FOR-US: Interact -CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows ...) +CVE-2006-1642 NOT-FOR-US: Interact -CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote ...) +CVE-2006-1641 NOT-FOR-US: CzarNews -CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...) +CVE-2006-1640 NOT-FOR-US: CzarNews -CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote ...) +CVE-2006-1639 NOT-FOR-US: wpBlog -CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote ...) +CVE-2006-1638 NOT-FOR-US: aWebBB -CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 ...) +CVE-2006-1637 NOT-FOR-US: aWebBB -CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar ...) +CVE-2006-1636 NOT-FOR-US: VWar -CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive ...) +CVE-2006-1635 NOT-FOR-US: LucidCMS -CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS ...) +CVE-2006-1634 NOT-FOR-US: LucidCMS CVE-2006-1633 RESERVED CVE-2006-1632 RESERVED -CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in ...) +CVE-2006-1631 NOT-FOR-US: Cisco -CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...) +CVE-2006-1629 {DSA-1045-1} - openvpn 2.0.6-1 (bug #360559; medium) -CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...) +CVE-2006-1628 NOT-FOR-US: Adobe LiveCycle -CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide ...) +CVE-2006-1627 NOT-FOR-US: Adobe Document Server -CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...) +CVE-2006-1626 NOT-FOR-US: Internet Explorer -CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) +CVE-2006-1625 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package ...) +CVE-2006-1624 - sysklogd (unimportant) NOTE: No sane person will open a network socket for syslog without apropriate NOTE: firewall rules. The default is not to listen to the network. -CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified "file created ...) +CVE-2006-1623 NOT-FOR-US: FleXiBle Development -CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit ...) +CVE-2006-1622 NOT-FOR-US: PHPSelect -CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...) +CVE-2006-1621 NOT-FOR-US: Hosting Controller -CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 ...) +CVE-2006-1620 NOT-FOR-US: Hosting Controller -CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote ...) +CVE-2006-1619 NOT-FOR-US: WebSphere -CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf ...) +CVE-2006-1618 NOT-FOR-US: Doomsday/deng -CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll ...) +CVE-2006-1617 NOT-FOR-US: Advanced Poll -CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow ...) +CVE-2006-1616 NOT-FOR-US: Advanced Poll -CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote ...) +CVE-2006-1613 NOT-FOR-US: aWebNews -CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in ...) +CVE-2006-1612 NOT-FOR-US: aWebNews -CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 ...) +CVE-2006-1611 NOT-FOR-US: KGB Archiver -CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...) +CVE-2006-1610 NOT-FOR-US: SQuery / Autonomous LAN party -CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...) +CVE-2006-1609 NOT-FOR-US: Hitachi XFIT -CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...) +CVE-2006-1608 - php4 4:4.4.4-1 (bug #361856; unimportant) - php5 5.1.4-0.1 (bug #361915; unimportant) NOTE: Safe mode violations not supported -CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...) +CVE-2006-1607 NOT-FOR-US: Exponent CMS -CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...) +CVE-2006-1606 NOT-FOR-US: Exponent CMS -CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before ...) +CVE-2006-1605 NOT-FOR-US: Exponent CMS -CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...) +CVE-2006-1604 NOT-FOR-US: Exponent CMS -CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...) +CVE-2006-1603 - phpbb2 (According to Jeroen a non-issue, see notes) NOTE: jmm: unable to everify, the variable in question is only printed NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests NOTE: and, shock, the password isn't saved unhashed in the DB, so having NOTE: javascript in your password can't be exposed otherwise NOTE: I'd forget about it unless someone comes with a proof of concept -CVE-2006-1602 (PHP remote file inclusion vulnerability in ...) +CVE-2006-1602 NOT-FOR-US: PHPNuke Clan -CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...) +CVE-2006-1601 NOT-FOR-US: Sun Cluster -CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 ...) +CVE-2006-1600 NOT-FOR-US: PhpWebGallery -CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before ...) +CVE-2006-1599 NOT-FOR-US: v-creator -CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows ...) +CVE-2006-1598 NOT-FOR-US: AN HTTPD CVE-2006-1597 RESERVED -CVE-2006-1596 (PHP remote file inclusion vulnerability in ...) +CVE-2006-1596 NOT-FOR-US: Claroline -CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in ...) +CVE-2006-1595 NOT-FOR-US: Claroline -CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php ...) +CVE-2006-1594 NOT-FOR-US: Claroline -CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ...) +CVE-2006-1593 NOT-FOR-US: X-Doom, ZDaemon NOTE: vulnerable functions don't exist in lxdoom, prboom -CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) ...) +CVE-2006-1592 NOT-FOR-US: X-Doom, ZDaemon NOTE: vulnerable functions don't exist in lxdoom, prboom -CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...) +CVE-2006-1591 NOT-FOR-US: Microsoft Windows Help -CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...) +CVE-2006-1590 - acidbase 1.2.5-1 (bug #363548; unimportant) [sarge] - acidbase (Hardly exploitable) - acidlab (bug #363549; unimportant) [sarge] - acidlab (Hardly exploitable) NOTE: Not exploitable with the default configuration anyway. -CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...) +CVE-2006-1589 NOT-FOR-US: NetBSD kernel -CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not ...) +CVE-2006-1588 NOT-FOR-US: NetBSD kernel -CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the ...) +CVE-2006-1587 NOT-FOR-US: NetBSD -CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser ...) +CVE-2006-1614 {DSA-1024-1} - clamav 0.88.1-1 -CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus ...) +CVE-2006-1630 {DSA-1024-1} - clamav 0.88.1-1 -CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam ...) +CVE-2006-1615 {DSA-1024-1} - clamav 0.88.1-1 -CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...) +CVE-2006-1586 NOT-FOR-US: Egypt SiteMan -CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...) +CVE-2006-1585 NOT-FOR-US: MonAlbum -CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser ...) +CVE-2006-1584 NOT-FOR-US: Warcraft III Replay -CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...) +CVE-2006-1583 NOT-FOR-US: Warcraft III Replay -CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg ...) +CVE-2006-1582 NOT-FOR-US: Blank'N'Berg -CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 ...) +CVE-2006-1581 NOT-FOR-US: Blank'N'Berg -CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 ...) +CVE-2006-1580 NOT-FOR-US: Bugzero -CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board ...) +CVE-2006-1579 NOT-FOR-US: Dynamic Bulletin Board System -CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...) +CVE-2006-1578 NOT-FOR-US: Keystone Digital Library Suite -CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-1577 {DSA-1133-1} [woody] - mantis (Vulnerable code not present) - mantis 0.19.4-3.1 (bug #361138) -CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...) +CVE-2006-1576 NOT-FOR-US: QLnews -CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) +CVE-2006-1575 NOT-FOR-US: QLnews -CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, ...) +CVE-2006-1574 NOT-FOR-US: Groupmax World Wide Web et. al. -CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash ...) +CVE-2006-1573 NOT-FOR-US: MediaSlash Gallery -CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote ...) +CVE-2006-1572 NOT-FOR-US: Oxygen -CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in ...) +CVE-2006-1571 NOT-FOR-US: qliteNews -CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 ...) +CVE-2006-1570 NOT-FOR-US: Esqlanelapse -CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote ...) +CVE-2006-1569 NOT-FOR-US: RedCMS -CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) +CVE-2006-1568 NOT-FOR-US: RedCMS -CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in ...) +CVE-2006-1567 NOT-FOR-US: SiteSearch Indexer -CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in ...) +CVE-2006-1566 - libtunepimp 0.4.2-3 (bug #359241; low) [sarge] - libtunepimp (rpath not set to /tmp in Sarge) -CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...) +CVE-2006-1565 - gpib 3.2.06-3 (bug #359239; low) [sarge] - gpib (rpath not set to /tmp in Sarge) -CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for ...) +CVE-2006-1564 - subversion 1.3.0-5 (bug #359234; low) [sarge] - subversion (No rpaths set in Sarge) -CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ...) +CVE-2006-1563 NOT-FOR-US: VBook -CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-1562 NOT-FOR-US: VBook -CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba ...) +CVE-2006-1561 NOT-FOR-US: VBook -CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...) +CVE-2006-1560 NOT-FOR-US: SkinTech phpNewsManager -CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote ...) +CVE-2006-1559 NOT-FOR-US: PHP Script Index -CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script ...) +CVE-2006-1558 NOT-FOR-US: PHP Script Index -CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote ...) +CVE-2006-1557 NOT-FOR-US: X-Changer -CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-1556 NOT-FOR-US: AL-Caricatier -CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...) +CVE-2006-1555 NOT-FOR-US: VSNS Lemon -CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows ...) +CVE-2006-1554 NOT-FOR-US: VSNS Lemon -CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...) +CVE-2006-1553 NOT-FOR-US: VSNS Lemon -CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...) +CVE-2006-1552 NOT-FOR-US: Apple -CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...) +CVE-2006-1551 NOT-FOR-US: PAJAX -CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...) +CVE-2006-1549 - php4 (bug #361854; unimportant) - php5 5.1.4-0.1 (bug #361917; unimportant) [sarge] - php4 (there are easier ways to segfault your own program) -CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...) +CVE-2006-1548 - libstruts1.2-java 1.2.9-1 (bug #360551) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) -CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...) +CVE-2006-1547 - libstruts1.2-java 1.2.9-1 (bug #360551) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) -CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...) +CVE-2006-1546 - libstruts1.2-java 1.2.9-1 (bug #360551) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) -CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...) +CVE-2006-1545 NOT-FOR-US: VNews -CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) +CVE-2006-1544 NOT-FOR-US: VNews -CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...) +CVE-2006-1543 NOT-FOR-US: VNews -CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...) +CVE-2006-1542 NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow NOTE: Should be rejected -CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...) +CVE-2006-1541 NOT-FOR-US: EzASPSite -CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 ...) +CVE-2006-1540 NOT-FOR-US: Microsoft -CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...) +CVE-2006-1539 - bsdgames 2.17-6 (bug #361160) [sarge] - bsdgames (Minor impact) -CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...) +CVE-2006-1538 NOT-FOR-US: Enova X-Wall ASIC -CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...) +CVE-2006-1537 - webcalendar (unimportant) -CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts ...) +CVE-2006-1536 NOT-FOR-US: Phoetux.net PhxContacts -CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net ...) +CVE-2006-1535 NOT-FOR-US: Phoetux.net PhxContacts -CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote ...) +CVE-2006-1534 NOT-FOR-US: Null news -CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop ...) +CVE-2006-1533 NOT-FOR-US: Sourceworkshop newsletter -CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...) +CVE-2006-1532 NOT-FOR-US: PHP Classifieds -CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) +CVE-2006-1531 {DSA-1046-1} - firefox 1.5.0.2 (medium) - mozilla-firefox (pre-1.5 version not vulnerable) @@ -12984,7 +12984,7 @@ CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. -CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) +CVE-2006-1530 {DSA-1046-1} - firefox 1.5.0.2 (medium) - mozilla-firefox (pre-1.5 version not vulnerable) @@ -12994,7 +12994,7 @@ CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. -CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...) +CVE-2006-1529 {DSA-1046-1} - firefox 1.5.0.2-1 (medium) - mozilla-firefox (pre-1.5 version not vulnerable) @@ -13004,103 +13004,103 @@ CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. -CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ...) +CVE-2006-1528 {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.13-1 -CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...) +CVE-2006-1527 - linux-2.6 2.6.16-12 (low) -CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...) +CVE-2006-1526 - xorg-server 1:1.0.2-8 (bug #378464) [sarge] - xfree86 (Vulnerable code not present) -CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...) +CVE-2006-1525 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-9 -CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow ...) +CVE-2006-1524 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-8 -CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...) +CVE-2006-1523 {DSA-1103} - linux-2.6 2.6.16-7 -CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...) +CVE-2006-1522 - linux-2.6 2.6.16-7 CVE-2006-1521 REJECTED -CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...) +CVE-2006-1520 NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag) - libspf (bug #368780; low) CVE-2006-1519 REJECTED -CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...) +CVE-2006-1518 {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium) - mysql-dfsg-4.1 (bug #365939; medium) - mysql-dfsg (bug #365939; bug #356751; medium) - mysql (bug #365939; medium) -CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and ...) +CVE-2006-1517 {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; low) - mysql-dfsg-4.1 (bug #365939; low) - mysql-dfsg (bug #365939; bug #356751; low) - mysql (bug #365939; low) -CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to ...) +CVE-2006-1516 {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low) - mysql-dfsg-4.1 (bug #365939; bug #366043; low) - mysql-dfsg (bug #365939; bug #356751; low) - mysql (bug #365939; low) -CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...) +CVE-2006-1515 {DSA-1084-1} - typespeed 0.4.4-10 -CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...) +CVE-2006-1514 {DSA-1043-1} - abcmidi 20060422-1 -CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted ...) +CVE-2006-1513 {DSA-1041-1} - abc2ps (bug #373685; low) CVE-2006-1512 REJECTED -CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...) +CVE-2006-1511 NOT-FOR-US: Microsoft -CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...) +CVE-2006-1510 NOT-FOR-US: Microsoft -CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...) +CVE-2006-1509 NOT-FOR-US: HP-UX -CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...) +CVE-2006-1508 NOT-FOR-US: MH Software Connect Daily Web Calendar -CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) +CVE-2006-1507 NOT-FOR-US: PHPKIT -CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...) +CVE-2006-1506 NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3 -CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...) +CVE-2006-1505 - acidbase 1.2.4-1 (bug #361139) -CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...) +CVE-2006-1504 NOT-FOR-US: Arab Portal -CVE-2006-1503 (PHP remote file inclusion vulnerability in ...) +CVE-2006-1503 NOT-FOR-US: Virtual Wa -CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote ...) +CVE-2006-1502 NOT-FOR-US: MPlayer NOTE: I can't find the vulnerable code in xine-lib -CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows ...) +CVE-2006-1501 NOT-FOR-US: OneOrZero -CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows ...) +CVE-2006-1500 NOT-FOR-US: Tilde CMS 3.0 -CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows ...) +CVE-2006-1499 NOT-FOR-US: vCounter -CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows ...) +CVE-2006-1497 NOT-FOR-US: ViHor Design -CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-1496 NOT-FOR-US: ViHor Design -CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...) +CVE-2006-1495 NOT-FOR-US: PHPCollab / NetOffice -CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...) +CVE-2006-1494 - php4 4:4.4.4-1 (bug #361855; unimportant) - php5 5.1.4-0.1 (bug #361916; unimportant) NOTE: open_basedir violations are not supported -CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...) +CVE-2006-1493 NOT-FOR-US: Explorer XP -CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...) +CVE-2006-1492 NOT-FOR-US: Explorer XP -CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE ...) +CVE-2006-1489 NOT-FOR-US: FusionZONE CouponZONE CVE-2006-XXXX [unixodbc rpath set to /home] - unixodbc 2.2.11-11 (bug #358142; low) @@ -13117,658 +13117,658 @@ CVE-2006-XXXX [tcpquota rpath set to user home] CVE-2006-XXXX [hamlib3-perl rpath set to user home] - hamlib 1.2.5-3 (bug #358166; low) [sarge] - hamlib (Only exploitable with strange user name) -CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in ...) +CVE-2006-1550 {DSA-1025-1} - dia 0.94.0-18 (bug #360566) -CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...) +CVE-2006-1498 - mediawiki 1.4.15-1 - mediawiki1.5 1.5.8-1 -CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...) +CVE-2006-1491 {DSA-1034-1 DSA-1033-1} - horde3 3.1.1-1 (bug #361967) -CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...) +CVE-2006-1490 - php5 5.1.4-0.1 (bug #359907; low) - php4 4:4.4.2-1.1 (bug #359904; low) [sarge] - php4 (Application's responsibility to sanitize input) -CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the ...) +CVE-2006-1488 NOT-FOR-US: ActiveCampaign SupportTrio -CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...) +CVE-2006-1487 NOT-FOR-US: ActiveCampaign SupportTrio -CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...) +CVE-2006-1486 NOT-FOR-US: realestateZONE -CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users ...) +CVE-2006-1485 NOT-FOR-US: Greymatter -CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files, ...) +CVE-2006-1484 NOT-FOR-US: Genius VideoCAM NB Driver -CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...) +CVE-2006-1483 NOT-FOR-US: Blazix Web Server -CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...) +CVE-2006-1482 NOT-FOR-US: ConfTool -CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows ...) +CVE-2006-1481 NOT-FOR-US: PHP Ticket -CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...) +CVE-2006-1480 NOT-FOR-US: WebAlbum -CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey ...) +CVE-2006-1479 NOT-FOR-US: Serge Rey gtd-php -CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...) +CVE-2006-1478 NOT-FOR-US: Turnkey Web Tools PHP Live Helper -CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) +CVE-2006-1477 NOT-FOR-US: Turnkey Web Tools PHP Live Helper -CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect ...) +CVE-2006-1476 NOT-FOR-US: Windows Firewall -CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce ...) +CVE-2006-1475 NOT-FOR-US: Windows Firewall -CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the "failed" functionality ...) +CVE-2006-1474 NOT-FOR-US: Raindance Web Conferencing Pro -CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 ...) +CVE-2006-1473 NOT-FOR-US: Apple -CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 ...) +CVE-2006-1472 NOT-FOR-US: Apple -CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...) +CVE-2006-1471 NOT-FOR-US: Apple -CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers ...) +CVE-2006-1470 - openldap2 (Vulnerable code not present) - openldap2.2 (medium) -CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to ...) +CVE-2006-1469 NOT-FOR-US: Apple -CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...) +CVE-2006-1468 NOT-FOR-US: Apple -CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before ...) +CVE-2006-1467 NOT-FOR-US: Apple iTunes -CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...) +CVE-2006-1466 NOT-FOR-US: Apple -CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) +CVE-2006-1465 NOT-FOR-US: Apple -CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) +CVE-2006-1464 NOT-FOR-US: Apple -CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) +CVE-2006-1463 NOT-FOR-US: Apple -CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...) +CVE-2006-1462 NOT-FOR-US: Apple -CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...) +CVE-2006-1461 NOT-FOR-US: Apple -CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...) +CVE-2006-1460 NOT-FOR-US: Apple -CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...) +CVE-2006-1459 NOT-FOR-US: Apple -CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote ...) +CVE-2006-1458 NOT-FOR-US: Apple -CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after ...) +CVE-2006-1457 NOT-FOR-US: Apple -CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...) +CVE-2006-1456 NOT-FOR-US: Apple -CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) +CVE-2006-1455 NOT-FOR-US: Apple -CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) +CVE-2006-1454 NOT-FOR-US: Apple -CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows ...) +CVE-2006-1453 NOT-FOR-US: Apple -CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to ...) +CVE-2006-1452 NOT-FOR-US: Apple -CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a ...) +CVE-2006-1451 NOT-FOR-US: MySQL Manager -CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ...) +CVE-2006-1450 NOT-FOR-US: Apple -CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) +CVE-2006-1449 NOT-FOR-US: Apple -CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted ...) +CVE-2006-1448 NOT-FOR-US: Apple -CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...) +CVE-2006-1447 NOT-FOR-US: Apple -CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an ...) +CVE-2006-1446 NOT-FOR-US: Apple -CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...) +CVE-2006-1445 NOT-FOR-US: Apple -CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for ...) +CVE-2006-1444 NOT-FOR-US: Apple -CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and ...) +CVE-2006-1443 NOT-FOR-US: Apple -CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 ...) +CVE-2006-1442 NOT-FOR-US: Apple -CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote ...) +CVE-2006-1441 NOT-FOR-US: Apple -CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...) +CVE-2006-1440 NOT-FOR-US: Apple -CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not ...) +CVE-2006-1439 NOT-FOR-US: Apple -CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...) +CVE-2006-1438 NOT-FOR-US: aphpkb -CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...) +CVE-2006-1437 NOT-FOR-US: UPOINT -CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...) +CVE-2006-1436 NOT-FOR-US: UPOINT -CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in ...) +CVE-2006-1435 NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria -CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in ...) +CVE-2006-1434 NOT-FOR-US: Annuaire (Directory) -CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive ...) +CVE-2006-1433 NOT-FOR-US: Annuaire (Directory) -CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full ...) +CVE-2006-1432 NOT-FOR-US: fusionZONE couponZONE -CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE ...) +CVE-2006-1431 NOT-FOR-US: fusionZONE couponZONE -CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ...) +CVE-2006-1430 NOT-FOR-US: CONTROLzx HMS -CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in ...) +CVE-2006-1429 NOT-FOR-US: classifiedZONE -CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 ...) +CVE-2006-1428 NOT-FOR-US: phpCOIN -CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP ...) +CVE-2006-1427 NOT-FOR-US: WebAPP -CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow ...) +CVE-2006-1426 NOT-FOR-US: Blog Pixel Motion -CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily ...) +CVE-2006-1425 NOT-FOR-US: phpmyfamily CVE-2006-1424 REJECTED -CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...) +CVE-2006-1423 NOT-FOR-US: UBB.threads -CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calendar ...) +CVE-2006-1422 NOT-FOR-US: PHP Booking Calendar -CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...) +CVE-2006-1421 NOT-FOR-US: AkoComment -CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows ...) +CVE-2006-1420 NOT-FOR-US: SaphpLesson -CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...) +CVE-2006-1419 NOT-FOR-US: nuked-klan -CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris ...) +CVE-2006-1418 NOT-FOR-US: Caloris Planitia E-School Management -CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris ...) +CVE-2006-1417 NOT-FOR-US: Caloris Planitia Online Quiz System -CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...) +CVE-2006-1416 NOT-FOR-US: Absolute FAQ Manager .NET -CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB ...) +CVE-2006-1415 NOT-FOR-US: dotNetBB -CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in ...) +CVE-2006-1414 NOT-FOR-US: Toast Forums -CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro ...) +CVE-2006-1413 NOT-FOR-US: EZHomepagePro -CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...) +CVE-2006-1412 NOT-FOR-US: TFT Gallery -CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) +CVE-2006-1411 NOT-FOR-US: Absolute Image Gallery -CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...) +CVE-2006-1410 NOT-FOR-US: XIGLA Absolute Live Support -CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers ...) +CVE-2006-1409 NOT-FOR-US: Vavoom NOTE: code in prboom and lxdoom looks completely different -CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...) +CVE-2006-1408 NOT-FOR-US: Vavoom NOTE: code in prboom and lxdoom looks completely different -CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...) +CVE-2006-1407 NOT-FOR-US: Helm Web Hosting Control Panel -CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx ...) +CVE-2006-1406 NOT-FOR-US: uniForum -CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in ...) +CVE-2006-1405 NOT-FOR-US: SweetSuite.NET Content Management System -CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in ...) +CVE-2006-1404 NOT-FOR-US: BlankOL -CVE-2006-1403 (Format string vulnerability in the PrintString function in ...) +CVE-2006-1403 NOT-FOR-US: csDoom NOTE: prboom, lxdoom not affected -CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...) +CVE-2006-1402 NOT-FOR-US: csDoom NOTE: prboom, lxdoom not affected -CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) +CVE-2006-1401 NOT-FOR-US: Calendar Express -CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-1400 NOT-FOR-US: Metisware Instructor -CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...) +CVE-2006-1399 NOT-FOR-US: Meeting Reserve -CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...) +CVE-2006-1398 NOT-FOR-US: G-Book -CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...) +CVE-2006-1397 NOT-FOR-US: phpAdsNew -CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...) +CVE-2006-1396 NOT-FOR-US: Cholod -CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...) +CVE-2006-1395 NOT-FOR-US: Cholod -CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...) +CVE-2006-1394 NOT-FOR-US: Pubcookie -CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2006-1393 NOT-FOR-US: Pubcookie -CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...) +CVE-2006-1392 NOT-FOR-US: Pubcookie -CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...) +CVE-2006-1391 NOT-FOR-US: Quick 'n Easy/Baby Web Server -CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...) +CVE-2006-1390 NOT-FOR-US: Shortcoming of Gentoo-specific games packaging -CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...) +CVE-2006-1389 NOT-FOR-US: HP-UX -CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...) +CVE-2006-1388 NOT-FOR-US: Internet Explorer -CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...) +CVE-2006-1387 - twiki 1:4.0.4-3 (bug #367973) -CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...) +CVE-2006-1386 - twiki (only affects 4.0.0 - 4.1.0, version in Debian too young) -CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...) +CVE-2006-1385 NOT-FOR-US: Cisco -CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...) +CVE-2006-1384 NOT-FOR-US: IBM Tivoli Business Systems Manager -CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 ...) +CVE-2006-1383 NOT-FOR-US: Baby FTP Server -CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...) +CVE-2006-1382 NOT-FOR-US: vBulletin -CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...) +CVE-2006-1381 NOT-FOR-US: Trend Micro -CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...) +CVE-2006-1380 NOT-FOR-US: Trend Micro -CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...) +CVE-2006-1379 NOT-FOR-US: Trend Micro -CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak ...) +CVE-2006-1378 NOT-FOR-US: PasswordSafe -CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...) +CVE-2006-1377 NOT-FOR-US: EasyMoblog -CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...) +CVE-2006-1376 [sarge] - shadow 1:4.0.3-31sarge8 [sarge] - base-config NOTE: The installer is fixed separately, but the postinst of the shadow update NOTE: corrects permissions of a faulty install - shadow 1:4.0.14-9 (bug #358210; bug #356939) - base-config 2.68 (bug #254068; low) -CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...) +CVE-2006-1375 NOT-FOR-US: AdMan -CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...) +CVE-2006-1374 NOT-FOR-US: AdMan -CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...) +CVE-2006-1373 NOT-FOR-US: PHP Live! -CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...) +CVE-2006-1372 NOT-FOR-US: 1WebCalendar -CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...) +CVE-2006-1371 NOT-FOR-US: Laurentiu Matei eXpandable Home Page -CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...) +CVE-2006-1370 NOT-FOR-US: Real Player, according to Real Helix not affected -CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) +CVE-2006-1369 NOT-FOR-US: Invision Power Board -CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...) +CVE-2006-1368 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-1 -CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...) +CVE-2006-1367 NOT-FOR-US: Motorola hardware -CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...) +CVE-2006-1366 NOT-FOR-US: Motorola hardware -CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...) +CVE-2006-1365 NOT-FOR-US: Motorola hardware -CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...) +CVE-2006-1364 NOT-FOR-US: Microsoft -CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...) +CVE-2006-1363 NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System -CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...) +CVE-2006-1362 NOT-FOR-US: Mini-Nuke -CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...) +CVE-2006-1361 NOT-FOR-US: OSWiki -CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...) +CVE-2006-1360 NOT-FOR-US: MusicBox -CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...) +CVE-2006-1359 NOT-FOR-US: Microsoft -CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...) +CVE-2006-1358 NOT-FOR-US: BEA WebLogic -CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...) +CVE-2006-1357 NOT-FOR-US: F5 Firepass 4100 SSL VPN -CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...) +CVE-2006-1356 - libvc 003-4 -CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" ...) +CVE-2006-1355 NOT-FOR-US: avast AV -CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...) +CVE-2006-1354 {DSA-1089-1} - freeradius 1.1.0-1.2 (bug #359042; high) -CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...) +CVE-2006-1353 NOT-FOR-US: ASPPortal -CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) +CVE-2006-1352 NOT-FOR-US: BEA WebLogic -CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...) +CVE-2006-1351 NOT-FOR-US: BEA WebLogic -CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...) +CVE-2006-1350 NOT-FOR-US: 99Articles.com -CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...) +CVE-2006-1349 NOT-FOR-US: MusicBox -CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...) +CVE-2006-1348 NOT-FOR-US: Greg Neustaetter gCards -CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...) +CVE-2006-1347 NOT-FOR-US: Greg Neustaetter gCards -CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...) +CVE-2006-1346 NOT-FOR-US: Greg Neustaetter gCards -CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...) +CVE-2006-1345 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...) +CVE-2006-1344 NOT-FOR-US: VeriSign haydn.exe -CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...) +CVE-2006-1343 {DSA-1184-2 DSA-1097-1} - linux-2.6 2.6.16-15 -CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...) +CVE-2006-1342 - linux-2.6 (Only affects 2.4 kernels) -CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...) +CVE-2006-1341 NOT-FOR-US: Maian Events -CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...) +CVE-2006-1340 NOT-FOR-US: CuteNews -CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...) +CVE-2006-1339 NOT-FOR-US: CuteNews -CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...) +CVE-2006-1338 NOT-FOR-US: MailEnable -CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard ...) +CVE-2006-1337 NOT-FOR-US: MailEnable -CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...) +CVE-2006-1336 NOT-FOR-US: ExtCalendar -CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...) +CVE-2006-1335 - gnome-screensaver 2.14.1-1 (bug #357885) -CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...) +CVE-2006-1334 NOT-FOR-US: Maian Weblog -CVE-2006-1333 (Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...) +CVE-2006-1333 NOT-FOR-US: BetaParticle Blog -CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...) +CVE-2006-1332 NOT-FOR-US: Noah's Classifieds -CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-1331 NOT-FOR-US: Noah's Classifieds -CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...) +CVE-2006-1330 NOT-FOR-US: phpWebsite -CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...) +CVE-2006-1329 - jabberd2 2.0s11-1 (bug #357874) -CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP ...) +CVE-2006-1328 NOT-FOR-US: Skull-Splitter PHP -CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote ...) +CVE-2006-1327 NOT-FOR-US: SoftBB -CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...) +CVE-2006-1326 NOT-FOR-US: Invision Power Board -CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows ...) +CVE-2006-1325 NOT-FOR-US: Streber -CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...) +CVE-2006-1324 NOT-FOR-US: Woltlab Burning Board -CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows ...) +CVE-2006-1323 NOT-FOR-US: WinHKI -CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...) +CVE-2006-1322 NOT-FOR-US: Netware -CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, ...) +CVE-2006-1318 NOT-FOR-US: Microsoft Office CVE-2006-1317 REJECTED -CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) +CVE-2006-1316 NOT-FOR-US: Microsoft -CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...) +CVE-2006-1315 NOT-FOR-US: Microsoft -CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in ...) +CVE-2006-1314 NOT-FOR-US: Microsoft -CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...) +CVE-2006-1313 NOT-FOR-US: Microsoft JScript CVE-2006-1312 REJECTED -CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...) +CVE-2006-1311 NOT-FOR-US: Microsoft CVE-2006-1310 REJECTED -CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) +CVE-2006-1309 NOT-FOR-US: Microsoft -CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) +CVE-2006-1308 NOT-FOR-US: Microsoft CVE-2006-1307 REJECTED -CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) +CVE-2006-1306 NOT-FOR-US: Microsoft -CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote ...) +CVE-2006-1305 NOT-FOR-US: Microsoft -CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...) +CVE-2006-1304 NOT-FOR-US: Microsoft -CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...) +CVE-2006-1303 NOT-FOR-US: Microsoft -CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...) +CVE-2006-1302 NOT-FOR-US: Microsoft -CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) +CVE-2006-1301 NOT-FOR-US: Microsoft -CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...) +CVE-2006-1300 NOT-FOR-US: Microsoft CVE-2006-1299 REJECTED -CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...) +CVE-2006-1298 NOT-FOR-US: Veritas Backup -CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...) +CVE-2006-1297 NOT-FOR-US: Veritas Backup -CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...) +CVE-2006-1296 - beagle 0.2.3-1 (bug #357392; low) -CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...) +CVE-2006-1295 - spip 2.0.6-1 -CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...) +CVE-2006-1294 NOT-FOR-US: KnowledgebasePublisher -CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...) +CVE-2006-1293 NOT-FOR-US: Contrexx -CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP ...) +CVE-2006-1292 NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar -CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...) +CVE-2006-1291 NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar -CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...) +CVE-2006-1290 NOT-FOR-US: Milkeyway Captive Portal -CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...) +CVE-2006-1289 NOT-FOR-US: Milkeyway Captive Portal -CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...) +CVE-2006-1288 NOT-FOR-US: Invision Power Board -CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) +CVE-2006-1287 NOT-FOR-US: Invision Power Board -CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...) +CVE-2006-1286 NOT-FOR-US: Symantec Ghost -CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost ...) +CVE-2006-1285 NOT-FOR-US: Symantec Ghost -CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...) +CVE-2006-1284 NOT-FOR-US: Symantec Ghost -CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...) +CVE-2006-1283 - libpam-opie (FreeBSD specific vulnerability) -CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...) +CVE-2006-1282 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...) +CVE-2006-1281 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...) +CVE-2006-1280 - libcgi-session-perl 4.07-1 (low; bug #356555) [sarge] - libcgi-session-perl (Minor issues) -CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...) +CVE-2006-1279 - libcgi-session-perl 4.11-1 (low; bug #356555) [sarge] - libcgi-session-perl (Minor issues) -CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...) +CVE-2006-1278 NOT-FOR-US: @1 File Store -CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File ...) +CVE-2006-1277 NOT-FOR-US: @1 File Store -CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows ...) +CVE-2006-1276 NOT-FOR-US: PHP SimpleNEWS -CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of ...) +CVE-2006-1275 NOT-FOR-US: GGZ Gaming Zone -CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...) +CVE-2006-1274 NOT-FOR-US: Antivir -CVE-2006-1273 (** DISPUTED ** ...) +CVE-2006-1273 NOT-FOR-US: Reportedly problem with a firefox addon -CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...) +CVE-2006-1272 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote ...) +CVE-2006-1271 NOT-FOR-US: OxyNews -CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in ...) +CVE-2006-1270 NOT-FOR-US: Inprotect -CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might ...) +CVE-2006-1269 - zoo 2.10-18 (bug #367858; low) [sarge] - zoo (Attack vector very far-fetched, hardly exploitable) -CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 ...) +CVE-2006-1268 NOT-FOR-US: Funkwerk X2300 -CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...) +CVE-2006-1267 NOT-FOR-US: Invision Power Board -CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in ...) +CVE-2006-1266 NOT-FOR-US: VPMi Enterprise -CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net ...) +CVE-2006-1265 NOT-FOR-US: xhawk.net discussion -CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 ...) +CVE-2006-1264 NOT-FOR-US: xhawk.net discussion -CVE-2006-1263 (Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in ...) +CVE-2006-1263 - wordpress 2.0.2-1 -CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown ...) +CVE-2006-1262 NOT-FOR-US: ASPPortal -CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 ...) +CVE-2006-1261 NOT-FOR-US: ASPPortal -CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read ...) +CVE-2006-1260 {DSA-1034-1 DSA-1033-1} - horde3 3.1-1 (bug #358812) -CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow ...) +CVE-2006-1259 NOT-FOR-US: Maian Support -CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...) +CVE-2006-1258 - phpmyadmin 4:2.8.0.2-2 (bug #382228) [sarge] - phpmyadmin (Vulnerable code not present) -CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce ...) +CVE-2006-1257 NOT-FOR-US: Microsoft -CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren ...) +CVE-2006-1256 NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook -CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging ...) +CVE-2006-1255 NOT-FOR-US: Mercur Messaging -CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows ...) +CVE-2006-1254 NOT-FOR-US: BorderWare MXtreme -CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote ...) +CVE-2006-1253 NOT-FOR-US: glFTPd -CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...) +CVE-2006-1252 NOT-FOR-US: Light Weight Calendar -CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 ...) +CVE-2006-1251 - sa-exim 4.2.1-1 (bug #345071; bug #356301) -CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...) +CVE-2006-1250 NOT-FOR-US: Winmail -CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...) +CVE-2006-1249 NOT-FOR-US: Apple Quicktime -CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...) +CVE-2006-1248 NOT-FOR-US: HP-UX -CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...) +CVE-2006-1247 NOT-FOR-US: AIX -CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...) +CVE-2006-1246 NOT-FOR-US: AIX -CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...) +CVE-2006-1245 NOT-FOR-US: Microsoft -CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...) +CVE-2006-1244 {DSA-1019-1 DSA-982-1} - xpdf (All issues previously fixed) NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities - gpdf 2.10.0-3 - koffice 2.3.3-1 NOTE: xpdf (and therewith the questionable code) is not part of koffice for some time now -CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...) +CVE-2006-1243 NOT-FOR-US: Simple PHP Blog -CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before ...) +CVE-2006-1242 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-4 -CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...) +CVE-2006-1241 - firebird2 (Not setuid in Debian) -CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...) +CVE-2006-1240 - firebird2 (Not setuid in Debian) -CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...) +CVE-2006-1239 NOT-FOR-US: Gemini -CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...) +CVE-2006-1238 NOT-FOR-US: DSLogin -CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...) +CVE-2006-1237 NOT-FOR-US: DSNewsletter -CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...) +CVE-2006-1236 {DSA-1009-1} - crossfire 1.9.0-2 (medium) -CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...) +CVE-2006-1235 NOT-FOR-US: HitHost -CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...) +CVE-2006-1234 NOT-FOR-US: DSCounter -CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...) +CVE-2006-1233 NOT-FOR-US: WMNews -CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...) +CVE-2006-1232 NOT-FOR-US: DSDownload -CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...) +CVE-2006-1231 - capi4hylafax (Affected DEFINE not defined) -CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...) +CVE-2006-1230 NOT-FOR-US: vCard -CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...) +CVE-2006-1229 NOT-FOR-US: Hosting Controller -CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...) +CVE-2006-1228 {DSA-1007-1} - drupal 4.5.8-1 -CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...) +CVE-2006-1227 {DSA-1007-1} - drupal 4.5.8-1 -CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...) +CVE-2006-1226 {DSA-1007-1} - drupal 4.5.8-1 -CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...) +CVE-2006-1225 {DSA-1007-1} - drupal 4.5.8-1 -CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...) +CVE-2006-1224 NOT-FOR-US: GuppY -CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...) +CVE-2006-1223 NOT-FOR-US: Jupiter Content Manager -CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...) +CVE-2006-1222 NOT-FOR-US: zeroboard -CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...) +CVE-2006-1221 NOT-FOR-US: TrueVector CVE-2006-XXXX [Insufficient filename sanitising in darcsweb] - darcsweb 0.15-1 -CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...) +CVE-2006-1220 NOT-FOR-US: MacOS X -CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and ...) +CVE-2006-1219 - gallery2 2.0.4-1 -CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager ...) +CVE-2006-1218 NOT-FOR-US: Novell BorderManager -CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to ...) +CVE-2006-1217 NOT-FOR-US: DSPoll -CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...) +CVE-2006-1216 NOT-FOR-US: Runcms -CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab ...) +CVE-2006-1215 NOT-FOR-US: Woltlab BB -CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified ...) +CVE-2006-1214 NOT-FOR-US: UnrealIRCd -CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier ...) +CVE-2006-1213 NOT-FOR-US: JiRo's Banner System Experience and Professional -CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows ...) +CVE-2006-1212 NOT-FOR-US: CoreNews -CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL ...) +CVE-2006-1211 NOT-FOR-US: Tivoli -CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...) +CVE-2006-1210 NOT-FOR-US: Tivoli -CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...) +CVE-2006-1209 NOT-FOR-US: PHP Advanced Transfer Manager -CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...) +CVE-2006-1208 NOT-FOR-US: Sergey Korostel PHP Upload Center -CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...) +CVE-2006-1207 NOT-FOR-US: PHP Upload Center -CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...) +CVE-2006-1206 - dropbear 0.48-1 -CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...) +CVE-2006-1205 NOT-FOR-US: myBloggie -CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...) +CVE-2006-1204 NOT-FOR-US: txtForum -CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...) +CVE-2006-1203 NOT-FOR-US: txtForum -CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...) +CVE-2006-1202 NOT-FOR-US: textfileBB -CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...) +CVE-2006-1201 NOT-FOR-US: phpBannerExchange -CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...) +CVE-2006-1200 NOT-FOR-US: daverave Link Bank -CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...) +CVE-2006-1199 NOT-FOR-US: daverave Link Bank -CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...) +CVE-2006-1198 NOT-FOR-US: Comvigo IM Lock -CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...) +CVE-2006-1197 NOT-FOR-US: SafeDisc -CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...) +CVE-2006-1196 NOT-FOR-US: QwikiWiki -CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...) +CVE-2006-1195 NOT-FOR-US: Enet lib (Cube, Sauerbraten) -CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...) +CVE-2006-1194 NOT-FOR-US: Enet lib (Cube, Sauerbraten) -CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...) +CVE-2006-1193 NOT-FOR-US: Microsoft Exchange Server -CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) +CVE-2006-1192 NOT-FOR-US: Microsoft -CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly ...) +CVE-2006-1191 NOT-FOR-US: Microsoft -CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...) +CVE-2006-1190 NOT-FOR-US: Microsoft -CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 ...) +CVE-2006-1189 NOT-FOR-US: Microsoft -CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) +CVE-2006-1188 NOT-FOR-US: Microsoft CVE-2006-1187 REJECTED -CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) +CVE-2006-1186 NOT-FOR-US: Microsoft -CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) +CVE-2006-1185 NOT-FOR-US: Microsoft -CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT ...) +CVE-2006-1184 NOT-FOR-US: Microsoft -CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...) +CVE-2006-1183 - base-config (UBuntu specific) - shadow (UBuntu specific) -CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...) +CVE-2006-1182 NOT-FOR-US: Adobe Graphics Server CVE-2006-1181 RESERVED @@ -13776,21 +13776,21 @@ CVE-2006-1180 RESERVED CVE-2006-1179 RESERVED -CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial ...) +CVE-2006-1178 NOT-FOR-US: Tamarack MMSd CVE-2006-1177 RESERVED -CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...) +CVE-2006-1176 NOT-FOR-US: eBay Enhanced Picture Services -CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...) +CVE-2006-1175 NOT-FOR-US: WeOnlyDo! SFTP -CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...) +CVE-2006-1174 - shadow 1:4.0.15-10 (low) [sarge] - shadow (Vulnerable code was introduced later) -CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...) +CVE-2006-1173 {DSA-1155} - sendmail 8.13.7-1 (low; bug #373801) -CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...) +CVE-2006-1172 NOT-FOR-US: ActiveX control CVE-2006-1171 REJECTED @@ -13798,476 +13798,476 @@ CVE-2006-1170 REJECTED CVE-2006-1169 REJECTED -CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...) +CVE-2006-1168 {DSA-1149-1} - ncompress 4.2.4-16 -CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...) +CVE-2006-1167 NOT-FOR-US: SGI -CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...) +CVE-2006-1165 - dokuwiki 0.0.20060309-3 (bug #357436) -CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...) +CVE-2006-1164 NOT-FOR-US: Nodez -CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows ...) +CVE-2006-1163 NOT-FOR-US: Nodez -CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows ...) +CVE-2006-1162 NOT-FOR-US: Nodez -CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web ...) +CVE-2006-1161 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...) +CVE-2006-1160 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 ...) +CVE-2006-1159 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...) +CVE-2006-1158 NOT-FOR-US: Kerio MailServer -CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...) +CVE-2006-1157 NOT-FOR-US: Vz Scripts ADP Forum -CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script ...) +CVE-2006-1156 NOT-FOR-US: manas tungare Site Membership Script -CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site ...) +CVE-2006-1155 NOT-FOR-US: manas tungare Site Membership Script -CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic ...) +CVE-2006-1154 NOT-FOR-US: Fantastic News -CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...) +CVE-2006-1153 NOT-FOR-US: D2-Shoutbox -CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 ...) +CVE-2006-1152 NOT-FOR-US: M-Phorum -CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...) +CVE-2006-1151 NOT-FOR-US: M-Phorum -CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...) +CVE-2006-1150 - teg 0.11.1-3 (bug #357645; low) [sarge] - teg (Only DoS against exotic, mostly single player game) -CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL ...) +CVE-2006-1149 NOT-FOR-US: OWL Intranet Engine -CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...) +CVE-2006-1148 - peercast 0.1217.toots.20060314-1 -CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold ...) +CVE-2006-1147 NOT-FOR-US: Alien Arena Gold -CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...) +CVE-2006-1146 NOT-FOR-US: Alien Arena Gold -CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...) +CVE-2006-1145 NOT-FOR-US: Alien Arena Gold -CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...) +CVE-2006-1144 NOT-FOR-US: Hit Host -CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 ...) +CVE-2006-1143 NOT-FOR-US: FTPoed Blog Engine -CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows ...) +CVE-2006-1142 NOT-FOR-US: Ravenous Web Server -CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows ...) +CVE-2006-1141 - qmailadmin (bug #357896; medium) -CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote ...) +CVE-2006-1140 NOT-FOR-US: RedBLoG -CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox ...) +CVE-2006-1139 NOT-FOR-US: Xerox CopyCentre -CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre ...) +CVE-2006-1138 NOT-FOR-US: Xerox CopyCentre -CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox ...) +CVE-2006-1137 NOT-FOR-US: Xerox CopyCentre -CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox ...) +CVE-2006-1136 NOT-FOR-US: Xerox CopyCentre -CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 ...) +CVE-2006-1135 NOT-FOR-US: sBlog -CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...) +CVE-2006-1134 NOT-FOR-US: CyBoards -CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 ...) +CVE-2006-1133 NOT-FOR-US: vbzoom -CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote ...) +CVE-2006-1132 NOT-FOR-US: vbzoom -CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS ...) +CVE-2006-1131 NOT-FOR-US: bitweaver -CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows ...) +CVE-2006-1130 NOT-FOR-US: EKINboard -CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows ...) +CVE-2006-1129 NOT-FOR-US: EKINboard -CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...) +CVE-2006-1166 - monotone 0.26pre1-0.1 (low) [sarge] - monotone (Only exploitable in very far-fetched situation) NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client NOTE: and massive social engineering -CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...) +CVE-2006-1128 - gallery2 2.0.3 -CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...) +CVE-2006-1127 - gallery2 2.0.3 -CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...) +CVE-2006-1126 - gallery2 2.0.3 -CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...) +CVE-2006-1125 NOT-FOR-US: Grisoft AVG -CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...) +CVE-2006-1124 NOT-FOR-US: RevilloC MailServer and Proxy -CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...) +CVE-2006-1123 NOT-FOR-US: D2KBlog -CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...) +CVE-2006-1122 NOT-FOR-US: D2KBlog -CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...) +CVE-2006-1121 NOT-FOR-US: CuteNews -CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) +CVE-2006-1120 NOT-FOR-US: DCP-Portal -CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...) +CVE-2006-1119 NOT-FOR-US: Cpanel (PHP) -CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...) +CVE-2006-1118 NOT-FOR-US: Aardvark -CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...) +CVE-2006-1117 NOT-FOR-US: nCipher -CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...) +CVE-2006-1116 NOT-FOR-US: nCipher -CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...) +CVE-2006-1115 NOT-FOR-US: nCipher -CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...) +CVE-2006-1114 NOT-FOR-US: Loudblog -CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...) +CVE-2006-1113 NOT-FOR-US: Loudblog -CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...) +CVE-2006-1112 NOT-FOR-US: Aztek Forum -CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...) +CVE-2006-1111 NOT-FOR-US: Aztek Forum -CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...) +CVE-2006-1110 NOT-FOR-US: Aztek Forum -CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...) +CVE-2006-1109 NOT-FOR-US: Total Ecommerce -CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...) +CVE-2006-1108 NOT-FOR-US: NMDeluxe -CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...) +CVE-2006-1107 NOT-FOR-US: NMDeluxe -CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...) +CVE-2006-1106 NOT-FOR-US: Pixelpost -CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...) +CVE-2006-1105 NOT-FOR-US: Pixelpost -CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...) +CVE-2006-1104 NOT-FOR-US: Pixelpost -CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...) +CVE-2006-1103 NOT-FOR-US: Sauerbraten / cube engine -CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...) +CVE-2006-1102 NOT-FOR-US: Sauerbraten / cube engine -CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...) +CVE-2006-1101 NOT-FOR-US: Sauerbraten / cube engine -CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...) +CVE-2006-1100 NOT-FOR-US: Sauerbraten / cube engine -CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...) +CVE-2006-1099 NOT-FOR-US: logIT -CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...) +CVE-2006-1098 NOT-FOR-US: NZ Ecommerce -CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...) +CVE-2006-1097 NOT-FOR-US: Woltlab Burning Board -CVE-2006-1096 (** DISPUTED ** ...) +CVE-2006-1096 NOT-FOR-US: NZ Ecommerce -CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in ...) +CVE-2006-1095 NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged -CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...) +CVE-2006-1094 NOT-FOR-US: Woltlab Burning Board -CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...) +CVE-2006-1093 NOT-FOR-US: IBM WebSphere -CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...) +CVE-2006-1092 NOT-FOR-US: Solaris -CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...) +CVE-2006-1091 NOT-FOR-US: Kaspersky Antivirus -CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...) +CVE-2006-1090 NOT-FOR-US: PunBB -CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...) +CVE-2006-1089 NOT-FOR-US: PunBB -CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...) +CVE-2006-1088 NOT-FOR-US: PHP-Stats -CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...) +CVE-2006-1087 NOT-FOR-US: PHP-Stats CVE-2006-1086 REJECTED -CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...) +CVE-2006-1085 NOT-FOR-US: PHP-Stats -CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...) +CVE-2006-1084 NOT-FOR-US: PHP-Stats -CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...) +CVE-2006-1083 NOT-FOR-US: PHP-Stats -CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...) +CVE-2006-1082 NOT-FOR-US: phpArcadeScript -CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...) +CVE-2006-1081 NOT-FOR-US: PluggedOut Nexus -CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...) +CVE-2006-1080 NOT-FOR-US: Game-Panel -CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...) +CVE-2006-1079 - thttpd 2.23beta1-2.4 (bug #253816; low) NOTE: apache's htpasswd not vulnerable, but source contains note about NOTE: not being safe for sudo NOTE: filed whishlist bug to add this to manpage -CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...) +CVE-2006-1078 - thttpd 2.23beta1-2.4 (bug #253816; low) NOTE: apache's htpasswd not vulnerable -CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...) +CVE-2006-1077 NOT-FOR-US: Evo-Dev evoBlog -CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...) +CVE-2006-1076 NOT-FOR-US: checkInvision Power Board -CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...) +CVE-2006-1075 NOT-FOR-US: Liero Xtreme -CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...) +CVE-2006-1074 NOT-FOR-US: Liero Xtreme -CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...) +CVE-2006-1073 NOT-FOR-US: Daverave Simplog -CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...) +CVE-2006-1072 NOT-FOR-US: Daverave Simplog -CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...) +CVE-2006-1071 NOT-FOR-US: DVguestbook -CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...) +CVE-2006-1070 NOT-FOR-US: DVguestbook -CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...) +CVE-2006-1069 NOT-FOR-US: Geeklog -CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...) +CVE-2006-1068 NOT-FOR-US: VXWorks -CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...) +CVE-2006-1067 NOT-FOR-US: VXWorks -CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems ...) +CVE-2006-1066 {DSA-1017-1} - linux-2.6 2.6.16-1 -CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...) +CVE-2006-1065 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...) +CVE-2006-1064 {DSA-999-1} - lurker 2.1-1 -CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...) +CVE-2006-1063 {DSA-999-1} - lurker 2.1-1 -CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier ...) +CVE-2006-1062 {DSA-999-1} - lurker 2.1-1 -CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...) +CVE-2006-1061 - curl 7.15.3-1 [woody] - curl (Vulnerable code not present) [sarge] - curl (Vulnerable code not present) -CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...) +CVE-2006-1060 {DSA-1038-1 DSA-1037-1} - xzgv 0.8-5.1 (bug #362288; medium) - zgv 5.9-2 -CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...) +CVE-2006-1059 - samba 3.0.22-1 [woody] - samba [sarge] - samba -CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which ...) +CVE-2006-1058 - busybox 1:1.1.3-1 (low; bug #360578) [woody] - busybox [sarge] - busybox -CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...) +CVE-2006-1057 {DSA-1040-1} - gdm 2.14.4-1 -CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...) +CVE-2006-1056 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-9 - kfreebsd-5 5.4-17 - xen-3.0 3.0.2+hg9656-1 -CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...) +CVE-2006-1055 - linux-2.6 2.6.16-6 CVE-2006-1054 REJECTED CVE-2006-1053 RESERVED -CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...) +CVE-2006-1052 {DSA-1184-2} - linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low) -CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...) +CVE-2006-1051 NOT-FOR-US: Akurru Social BookMarking Engine -CVE-2006-1050 (** DISPUTED ** ...) +CVE-2006-1050 NOT-FOR-US: Kwik-Pay Payroll -CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little ...) +CVE-2006-1319 - runit 1.4.1-1 (bug #356016; medium) [sarge] - runit -CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in ...) +CVE-2006-1049 NOT-FOR-US: Joomla! -CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access ...) +CVE-2006-1048 NOT-FOR-US: Joomla! -CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login functionality" in ...) +CVE-2006-1047 NOT-FOR-US: Joomla! -CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...) +CVE-2006-1046 - monopd 0.9.3-2 (bug #355797; low) [sarge] - monopd (Very minor security ramifications) -CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block ...) +CVE-2006-1045 {DSA-1051-1 DSA-1046-1} - thunderbird 1.5.0.2-1 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - firefox 1.5.dfsg+1.5.0.2-1 - xulrunner 1.8.0.1-9 -CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...) +CVE-2006-1044 NOT-FOR-US: LISTSERV -CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...) +CVE-2006-1043 NOT-FOR-US: Microsoft -CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...) +CVE-2006-1042 NOT-FOR-US: Gregarius -CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...) +CVE-2006-1041 NOT-FOR-US: Gregarius -CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...) +CVE-2006-1040 NOT-FOR-US: vBulletin -CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote ...) +CVE-2006-1039 NOT-FOR-US: SAP -CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...) +CVE-2006-1038 NOT-FOR-US: SecureCRT -CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and ...) +CVE-2006-1037 NOT-FOR-US: Oracle -CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...) +CVE-2006-1036 NOT-FOR-US: Oracle -CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ...) +CVE-2006-1035 NOT-FOR-US: Oracle -CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...) +CVE-2006-1034 NOT-FOR-US: Woltlab Burning Board -CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS ...) +CVE-2006-1033 NOT-FOR-US: Dragonfly CMS -CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...) +CVE-2006-1032 NOT-FOR-US: phpRPC -CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...) +CVE-2006-1031 NOT-FOR-US: iGENUS Webmail -CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...) +CVE-2006-1030 NOT-FOR-US: Joomla! -CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...) +CVE-2006-1029 NOT-FOR-US: Joomla! -CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...) +CVE-2006-1028 NOT-FOR-US: Joomla! -CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...) +CVE-2006-1027 NOT-FOR-US: Joomla! -CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any ...) +CVE-2006-1026 NOT-FOR-US: JFacets -CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft ...) +CVE-2006-1025 NOT-FOR-US: Addsoft StoreBot -CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 ...) +CVE-2006-1024 NOT-FOR-US: Addsoft StoreBot -CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage ...) +CVE-2006-1023 NOT-FOR-US: HP System Management -CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...) +CVE-2006-1022 NOT-FOR-US: PeHePe Uyelik Sistemi -CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...) +CVE-2006-1021 NOT-FOR-US: PeHePe Uyelik Sistemi -CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...) +CVE-2006-1020 NOT-FOR-US: Johnny_Vegas Vegas Forum -CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...) +CVE-2006-1019 NOT-FOR-US: UkiBoard -CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...) +CVE-2006-1018 NOT-FOR-US: DCI-Design Dawaween -CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...) +CVE-2006-1017 NOT-FOR-US: c-client -CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...) +CVE-2006-1016 NOT-FOR-US: Windows -CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...) +CVE-2006-1015 - php5 5.1.4-0.1 (bug #368595; unimportant) - php4 (bug #368592; unimportant) NOTE: It's the application's job to sanitize input passed to a function -CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...) +CVE-2006-1014 - php5 5.1.4-0.1 (bug #368595; unimportant) - php4 (bug #368592; unimportant) NOTE: It's the application's job to sanitize input passed to a function -CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...) +CVE-2006-1013 NOT-FOR-US: SMartBlog -CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...) +CVE-2006-1012 - wordpress 2.0.1-1 -CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...) +CVE-2006-1011 NOT-FOR-US: LetterMerger -CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...) +CVE-2006-1010 {DSA-1001-1} - crossfire 1.9.0-1 -CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...) +CVE-2006-1009 NOT-FOR-US: M4 Project enigma-suite -CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...) +CVE-2006-1008 NOT-FOR-US: N8cms -CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...) +CVE-2006-1007 NOT-FOR-US: N8cms -CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...) +CVE-2006-1006 NOT-FOR-US: sendcard -CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...) +CVE-2006-1005 NOT-FOR-US: Parodia -CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...) +CVE-2006-1004 NOT-FOR-US: Parodia -CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...) +CVE-2006-1003 NOT-FOR-US: NETGEAR hardware issue -CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...) +CVE-2006-1002 NOT-FOR-US: NETGEAR hardware issue -CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...) +CVE-2006-1001 NOT-FOR-US: LanSuite LanParty Intranet System -CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...) +CVE-2006-1000 NOT-FOR-US: Pentacle In-Out Board -CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) +CVE-2006-0999 NOT-FOR-US: Novell -CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) +CVE-2006-0998 NOT-FOR-US: Novell -CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) +CVE-2006-0997 NOT-FOR-US: Novell -CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...) +CVE-2006-0996 - php4 4:4.4.4-1 (bug #361853; unimportant) - php5 5.1.4-0.1 (bug #361914; unimportant) NOTE: Non-issue, explicit debug feature -CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...) +CVE-2006-0995 NOT-FOR-US: EMC Dantz Retrospect -CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...) +CVE-2006-0994 NOT-FOR-US: Sophos -CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before ...) +CVE-2006-0993 NOT-FOR-US: 3Com -CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...) +CVE-2006-0992 NOT-FOR-US: Novell GroupWise -CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...) +CVE-2006-0991 NOT-FOR-US: Veritas NetBackup -CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...) +CVE-2006-0990 NOT-FOR-US: Veritas NetBackup -CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...) +CVE-2006-0989 NOT-FOR-US: Veritas NetBackup -CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) +CVE-2006-0988 NOT-FOR-US: MS Windows issue -CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when configured ...) +CVE-2006-0987 - bind (bug #355787; unimportant) - bind9 1:9.4.0-1 (bug #356266; unimportant) NOTE: This is within the responsibilities of a local admin, especially when NOTE: operating a DNS server, affected sites can configure AllowRecursion -CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...) +CVE-2006-0986 - wordpress 2.0.2-1 (bug #355055; unimportant) -CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post ...) +CVE-2006-0985 - wordpress 2.0.2-1 (bug #355055; medium) -CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...) +CVE-2006-0984 NOT-FOR-US: EJ3 TOPo not in debian -CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...) +CVE-2006-0983 NOT-FOR-US: QWikiWiki not in debian -CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some ...) +CVE-2006-0982 NOT-FOR-US: McAfee Virex 7.7 for Macintosh -CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier ...) +CVE-2006-0981 NOT-FOR-US: WinAce -CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...) +CVE-2006-0980 NOT-FOR-US: Jay Eckles CGI Calendar -CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...) +CVE-2006-0979 NOT-FOR-US: Nidelven IT Issue Dealer -CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View ...) +CVE-2006-0978 NOT-FOR-US: ArGoSoft Mail Server -CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts ...) +CVE-2006-0977 NOT-FOR-US: MTS Pro -CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris ...) +CVE-2006-0976 NOT-FOR-US: SPiD CVE-2006-0975 REJECTED -CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe ...) +CVE-2006-0974 NOT-FOR-US: bttlxeForum 2.0 -CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State ...) +CVE-2006-0973 NOT-FOR-US: phpWebSite -CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News ...) +CVE-2006-0972 NOT-FOR-US: Tony Baird Fantastic News -CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...) +CVE-2006-0971 NOT-FOR-US: DirectContact -CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more ...) +CVE-2006-0970 NOT-FOR-US: ActiveCampaign products -CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de ...) +CVE-2006-0969 NOT-FOR-US: PixelArtKingdom TopSites -CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 ...) +CVE-2006-0968 NOT-FOR-US: NCP Network Communication Secure Client -CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...) +CVE-2006-0967 NOT-FOR-US: NCP Network Communication Secure Client -CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...) +CVE-2006-0966 NOT-FOR-US: NCP Network Communication Secure Client -CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...) +CVE-2006-0965 NOT-FOR-US: NCP Network Communication Secure Client -CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...) +CVE-2006-0964 NOT-FOR-US: NCP Network Communication Secure Client -CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...) +CVE-2006-0963 - stlport5 5.0.2-1 (bug #358471; medium) -CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to ...) +CVE-2006-0962 NOT-FOR-US: VuBB -CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows ...) +CVE-2006-0961 NOT-FOR-US: Cilem Hiber -CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote ...) +CVE-2006-0960 NOT-FOR-US: Compex NetPassage WPE54G router -CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) ...) +CVE-2006-0959 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...) +CVE-2006-0958 NOT-FOR-US: ZoneO-Soft freeForum -CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ...) +CVE-2006-0957 NOT-FOR-US: ZoneO-Soft freeForum -CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS ...) +CVE-2006-0956 - nufw 1.0.23-1 (bug #358475; low) CVE-2006-0955 RESERVED @@ -14277,332 +14277,332 @@ CVE-2006-0953 RESERVED CVE-2006-0952 RESERVED -CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...) +CVE-2006-0951 NOT-FOR-US: NOD32 -CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...) +CVE-2006-0950 - unalz 0.55-1 (bug #356832; low) [sarge] - unalz (Minor issue) -CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...) +CVE-2006-0949 NOT-FOR-US: RaidenHTTPD -CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...) +CVE-2006-0948 NOT-FOR-US: AOL -CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...) +CVE-2006-0947 NOT-FOR-US: Thomson modem firmware -CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...) +CVE-2006-0946 NOT-FOR-US: Thomson modem firmware -CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...) +CVE-2006-0945 NOT-FOR-US: Archangel Weblog -CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...) +CVE-2006-0944 NOT-FOR-US: Archangel Weblog -CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in ...) +CVE-2006-0943 NOT-FOR-US: PwsPHP -CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and ...) +CVE-2006-0942 NOT-FOR-US: PwsPHP -CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...) +CVE-2006-0941 NOT-FOR-US: ShoutLIVE -CVE-2006-0940 (Multiple direct static code injection vulnerabilities in ...) +CVE-2006-0940 NOT-FOR-US: ShoutLIVE -CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote ...) +CVE-2006-0939 NOT-FOR-US: DCI-Taskeen -CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...) +CVE-2006-0938 - ezpublish -CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...) +CVE-2006-1320 {DSA-1109} - rssh 2.3.0-1.1 (bug #346322; bug #363978; low) -CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...) +CVE-2006-1321 - webcheck 1.9.6 -CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...) +CVE-2006-0937 NOT-FOR-US: U.N.U. Mailgust -CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...) +CVE-2006-0936 NOT-FOR-US: Free Host Shop Website Generator -CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of ...) +CVE-2006-0935 NOT-FOR-US: Microsoft -CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 ...) +CVE-2006-0934 NOT-FOR-US: webinsta Limbo -CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote ...) +CVE-2006-0933 NOT-FOR-US: PHPX -CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...) +CVE-2006-0932 NOT-FOR-US: zip.lib.php -CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...) +CVE-2006-0931 - php5 (bug #368545; unimportant) - php4 (bug #368545; unimportant) NOTE: is this really a vulnerability in pear? it seems it should be a bug NOTE: in any application not checking for such archives. NOTE: Lack of a security feature is not a vulnerability -CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...) +CVE-2006-0930 NOT-FOR-US: ArgoSoft Mail Server -CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...) +CVE-2006-0929 NOT-FOR-US: ArgoSoft Mail Server -CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...) +CVE-2006-0928 NOT-FOR-US: ArgoSoft Mail Server -CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...) +CVE-2006-0927 NOT-FOR-US: Woltlab Burning Board -CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...) +CVE-2006-0926 NOT-FOR-US: StuffIt -CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...) +CVE-2006-0925 NOT-FOR-US: Alt-N MDaemon -CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 ...) +CVE-2006-0924 NOT-FOR-US: iCal -CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...) +CVE-2006-0923 NOT-FOR-US: MyPHPNuke -CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...) +CVE-2006-0922 NOT-FOR-US: CubeCart -CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...) +CVE-2006-0921 - knowledgeroot (fixed before first upload; see bug #381912) -CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...) +CVE-2006-0920 NOT-FOR-US: Oi! Email Marketing System -CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...) +CVE-2006-0919 NOT-FOR-US: Oi! Email Marketing System -CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...) +CVE-2006-0918 NOT-FOR-US: The Bat! -CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, ...) +CVE-2006-0917 NOT-FOR-US: Melange Chat Server -CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences ...) +CVE-2006-0916 - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) -CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the ...) +CVE-2006-0915 - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) -CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly ...) +CVE-2006-0914 - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) -CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...) +CVE-2006-0913 - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) -CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...) +CVE-2006-0912 NOT-FOR-US: Oreka -CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote ...) +CVE-2006-0911 NOT-FOR-US: WhatsUp Professional -CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...) +CVE-2006-0910 NOT-FOR-US: Invision Power Board -CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...) +CVE-2006-0909 NOT-FOR-US: Invision Power Board -CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...) +CVE-2006-0908 NOT-FOR-US: PHP-Nuke -CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...) +CVE-2006-0907 NOT-FOR-US: PHP-Nuke -CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...) +CVE-2006-0906 NOT-FOR-US: D3Jeeb Pro -CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through ...) +CVE-2006-0905 - kfreebsd-5 5.4-16 CVE-2006-0904 REJECTED -CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...) +CVE-2006-0903 {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163) CVE-2006-0902 RESERVED -CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...) +CVE-2006-0901 NOT-FOR-US: Solaris -CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial ...) +CVE-2006-0900 - kfreebsd-5 5.4-15 -CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ...) +CVE-2006-0899 NOT-FOR-US: 4Images -CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...) +CVE-2006-0898 {DSA-996-1} - libcrypt-cbc-perl 2.17-1 -CVE-2006-0897 (** DISPUTED ** ...) +CVE-2006-0897 NOT-FOR-US: VCS Virtual Program Management Intranet -CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...) +CVE-2006-0896 NOT-FOR-US: Simple Machine Forum -CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation ...) +CVE-2006-0895 NOT-FOR-US: NOCC Webmail -CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail ...) +CVE-2006-0894 NOT-FOR-US: NOCC Webmail -CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive ...) +CVE-2006-0893 NOT-FOR-US: NOCC Webmail -CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with ...) +CVE-2006-0892 NOT-FOR-US: NOCC Webmail -CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...) +CVE-2006-0891 NOT-FOR-US: NOCC Webmail -CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...) +CVE-2006-0890 NOT-FOR-US: SpeedProject Squeez -CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows ...) +CVE-2006-0889 NOT-FOR-US: Calcium -CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...) +CVE-2006-0888 NOT-FOR-US: Invision Power Board -CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library ...) +CVE-2006-0887 NOT-FOR-US: PHPLIB -CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...) +CVE-2006-0886 NOT-FOR-US: DEV web management system -CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...) +CVE-2006-0885 NOT-FOR-US: CuteNews -CVE-2006-0884 (The WYSIWYG rendering engine ("rich mail" editor) in Mozilla ...) +CVE-2006-0884 {DSA-1051-1 DSA-1046-1} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 - firefox 1.5.dfsg+1.5.0.2-1 - xulrunner 1.8.0.1-9 - mozilla 2:1.7.13-0.1 -CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...) +CVE-2006-0883 - openssh 1:3.8.1p1-4 [woody] - openssh -CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...) +CVE-2006-0882 NOT-FOR-US: Noah's Classifieds -CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...) +CVE-2006-0881 NOT-FOR-US: Noah's Classifieds -CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) +CVE-2006-0880 NOT-FOR-US: Noah's Classifieds -CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds ...) +CVE-2006-0879 NOT-FOR-US: Noah's Classifieds -CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the ...) +CVE-2006-0878 NOT-FOR-US: Noah's Classifieds -CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote ...) +CVE-2006-0877 NOT-FOR-US: Easy Forum -CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ...) +CVE-2006-0876 {DSA-1061-1} - popfile 0.22.4-1 (bug #354464; medium) -CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 ...) +CVE-2006-0875 NOT-FOR-US: runCMS -CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser ...) +CVE-2006-0874 NOT-FOR-US: Intensive Point iUser Ecommerce -CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in ...) +CVE-2006-0873 NOT-FOR-US: Coppermine Photo Gallery -CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...) +CVE-2006-0872 NOT-FOR-US: Coppermine Photo Gallery -CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in ...) +CVE-2006-0871 - mambo 4.5.3h-1 (bug #354468) NOTE: only in experimental -CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...) +CVE-2006-0870 NOT-FOR-US: Mini-Nuke CMS -CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in ...) +CVE-2006-0869 NOT-FOR-US: PHP PEAR LiveUser -CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...) +CVE-2006-0868 - php-auth 1.2.4-0.1 (bug #354474) -CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...) +CVE-2006-0867 NOT-FOR-US: WebDrive -CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...) +CVE-2006-0866 NOT-FOR-US: PunBB -CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...) +CVE-2006-0865 NOT-FOR-US: PunBB -CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...) +CVE-2006-0864 NOT-FOR-US: Global Hauri ViRobot -CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...) +CVE-2006-0863 NOT-FOR-US: InfoVista PortalSE -CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...) +CVE-2006-0862 NOT-FOR-US: InfoVista PortalSE -CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...) +CVE-2006-0861 NOT-FOR-US: Michael Salzer Guestbox -CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...) +CVE-2006-0860 NOT-FOR-US: Michael Salzer Guestbox -CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...) +CVE-2006-0859 NOT-FOR-US: Michael Salzer Guestbox -CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...) +CVE-2006-0858 NOT-FOR-US: StarForce Safe'n'Sec Personal -CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...) +CVE-2006-0857 NOT-FOR-US: e107 CMS Chatbox plugin -CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...) +CVE-2006-0856 NOT-FOR-US: SmE GB Host -CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...) +CVE-2006-0855 {DSA-991-1} - zoo 2.10-17 (bug #354461) -CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive ...) +CVE-2006-0854 NOT-FOR-US: Intensive Point iUser Ecommerce -CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere ...) +CVE-2006-0853 NOT-FOR-US: TrueNorth Internet Anywhere -CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook ...) +CVE-2006-0852 NOT-FOR-US: Admbook -CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and ...) +CVE-2006-0851 NOT-FOR-US: ilchClan -CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ...) +CVE-2006-0850 NOT-FOR-US: ilchClan CVE-2006-0849 RESERVED -CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple ...) +CVE-2006-0848 NOT-FOR-US: Apple Safari -CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in ...) +CVE-2006-0847 - cherrypy2.1 2.1.1-1 (bug #353542) - python-cherrypy 2.1.1-1 (bug #354479) -CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. ...) +CVE-2006-0846 NOT-FOR-US: Leif M. Wright's Blog -CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with ...) +CVE-2006-0845 NOT-FOR-US: Leif M. Wright's Blog -CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when ...) +CVE-2006-0844 NOT-FOR-US: Leif M. Wright's Blog -CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files ...) +CVE-2006-0843 NOT-FOR-US: Leif M. Wright's Blog -CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) +CVE-2006-0842 NOT-FOR-US: Calacode @Mail -CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...) +CVE-2006-0841 {DSA-1133-1} - mantis 0.19.4-3.1 (bug #378353) -CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...) +CVE-2006-0840 {DSA-944-1} - mantis 1.0 NOTE: This was actually fixed upstream in Mantis 1.0.0rc5, NOTE: which was never uploaded. -CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...) +CVE-2006-0839 - snort (frag3 is only in 2.4, currently there is 2.3.3 in sid) -CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...) +CVE-2006-0838 NOT-FOR-US: Tivoli -CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) +CVE-2006-0837 NOT-FOR-US: Tivoli -CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...) +CVE-2006-0836 NOTE: Denial of service by tricking someone into importing a manipulated LDIF file NOTE: That's a bug, but calling it a security problem is very far-fetched -CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) +CVE-2006-0835 NOT-FOR-US: MitriDAT Web Calendar -CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) +CVE-2006-0834 NOT-FOR-US: Uniden UIP1868P VoIP Telephone -CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda ...) +CVE-2006-0833 NOT-FOR-US: Barracuda Directory -CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...) +CVE-2006-0832 NOT-FOR-US: WPC.easy -CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) +CVE-2006-0831 NOT-FOR-US: Tasarim Rehberi -CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...) +CVE-2006-0830 NOT-FOR-US: Microsoft -CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...) +CVE-2006-0829 NOT-FOR-US: E-Blah Platinum -CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) +CVE-2006-0828 NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller -CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and ...) +CVE-2006-0827 NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller -CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) +CVE-2006-0826 NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller -CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and ...) +CVE-2006-0825 NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller -CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog ...) +CVE-2006-0824 NOT-FOR-US: Geeklog -CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before ...) +CVE-2006-0823 NOT-FOR-US: Geeklog -CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...) +CVE-2006-0822 NOT-FOR-US: EmuLinker Kaillera Server -CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...) +CVE-2006-0821 NOT-FOR-US: BXCP -CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...) +CVE-2006-0820 NOT-FOR-US: Dwarf HTTP Server -CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...) +CVE-2006-0819 NOT-FOR-US: Dwarf HTTP Server -CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Server for ...) +CVE-2006-0818 NOT-FOR-US: MERAK Mail Server and VisNetic MailServer -CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail ...) +CVE-2006-0817 NOT-FOR-US: MERAK Mail Server and VisNetic MailServer -CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...) +CVE-2006-0816 NOT-FOR-US: Orion Application Server -CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...) +CVE-2006-0815 NOT-FOR-US: NetworkActiv Web Server -CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...) +CVE-2006-0814 NOT-FOR-US: Lighttpd under windows -CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted ...) +CVE-2006-0813 NOT-FOR-US: WinACE -CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...) +CVE-2006-0812 NOT-FOR-US: WinACE VisNetic AntiVirus -CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...) +CVE-2006-0811 NOT-FOR-US: Skate Board -CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...) +CVE-2006-0810 NOT-FOR-US: Skate Board -CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...) +CVE-2006-0809 NOT-FOR-US: Skate Board -CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...) +CVE-2006-0808 NOT-FOR-US: MUTE -CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...) +CVE-2006-0807 NOT-FOR-US: NJStar -CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...) +CVE-2006-0806 {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (bug #358872; medium) - moodle 1.6.1+20060825-1 (bug #360396; medium) @@ -14610,129 +14610,129 @@ CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71 NOTE: according to maintainer, "Moodle neither uses nor plans to use NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for NOTE: it anyway, just in case somebody decides to use it out of the blue -CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...) +CVE-2006-0805 NOT-FOR-US: php-Nuke -CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...) +CVE-2006-0804 - tin 1:1.8.2-1 [sarge] - tin (Vulnerable code not present) -CVE-2006-0803 (The signature verification functionality in the YaST Online Update ...) +CVE-2006-0803 NOT-FOR-US: YaSt Online Update -CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...) +CVE-2006-0802 NOT-FOR-US: PostNuke -CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...) +CVE-2006-0801 NOT-FOR-US: PostNuke -CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...) +CVE-2006-0800 NOT-FOR-US: PostNuke -CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a ...) +CVE-2006-0799 NOT-FOR-US: Microsoft -CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...) +CVE-2006-0798 NOT-FOR-US: Macallan Mail Solution -CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of ...) +CVE-2006-0797 NOT-FOR-US: Nokia cell phone -CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...) +CVE-2006-0796 NOT-FOR-US: Clever Copy -CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...) +CVE-2006-0795 NOT-FOR-US: Quirex -CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...) +CVE-2006-0794 NOT-FOR-US: V-webmail -CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...) +CVE-2006-0793 NOT-FOR-US: V-webmail -CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...) +CVE-2006-0792 NOT-FOR-US: V-webmail -CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...) +CVE-2006-0791 NOT-FOR-US: DreamCost HostAdmin -CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...) +CVE-2006-0790 NOT-FOR-US: Rockliffe MailSite -CVE-2006-0789 (Certain unspecified Kyocera printers have a default "admin" account ...) +CVE-2006-0789 NOT-FOR-US: Kyocera printers -CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...) +CVE-2006-0788 NOT-FOR-US: Kyocera printers -CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...) +CVE-2006-0787 NOT-FOR-US: Plaino Wimpy -CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...) +CVE-2006-0786 NOT-FOR-US: PHPKIT -CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...) +CVE-2006-0785 NOT-FOR-US: PHPKIT -CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...) +CVE-2006-0784 NOT-FOR-US: D-Link hardware -CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...) +CVE-2006-0783 NOT-FOR-US: Siteframe Beaumont -CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...) +CVE-2006-0782 NOT-FOR-US: PerlBlog -CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...) +CVE-2006-0781 NOT-FOR-US: PerlBlog -CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...) +CVE-2006-0780 NOT-FOR-US: PerlBlog -CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...) +CVE-2006-0779 NOT-FOR-US: XMB Forums -CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...) +CVE-2006-0778 NOT-FOR-US: XMB Forums -CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...) +CVE-2006-0777 NOT-FOR-US: Teca Scripts Guestex -CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...) +CVE-2006-0776 NOT-FOR-US: Teca Scripts Guestex -CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...) +CVE-2006-0775 NOT-FOR-US: BirthSys -CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...) +CVE-2006-0774 NOT-FOR-US: DB_eSession -CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...) +CVE-2006-0773 NOT-FOR-US: Hitachi Business Logic -CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...) +CVE-2006-0772 NOT-FOR-US: Hitachi Business Logic -CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...) +CVE-2006-0771 NOT-FOR-US: PunkBuster -CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...) +CVE-2006-0770 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local ...) +CVE-2006-0769 NOT-FOR-US: Solaris -CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service ...) +CVE-2006-0768 NOT-FOR-US: Kadu -CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...) +CVE-2006-0767 - cgiwrap 3.9-3.1 [sarge] - cgiwrap (Only leaks information about the existance of users on a system) -CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...) +CVE-2006-0766 NOT-FOR-US: ICQ -CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...) +CVE-2006-0765 NOT-FOR-US: ICQ -CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...) +CVE-2006-0764 NOT-FOR-US: Cisco -CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in ...) +CVE-2006-0763 NOT-FOR-US: cPanel (not the same as in the cpanel package) -CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized ...) +CVE-2006-0762 NOT-FOR-US: WinAbility Folder Guard -CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...) +CVE-2006-0761 NOT-FOR-US: BlackBerry -CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...) +CVE-2006-0760 NOT-FOR-US: LightTPD on windows -CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier ...) +CVE-2006-0759 NOT-FOR-US: HiveMail -CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...) +CVE-2006-0758 NOT-FOR-US: HiveMail -CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...) +CVE-2006-0757 NOT-FOR-US: HiveMail -CVE-2006-0756 (** DISPUTED ** ...) +CVE-2006-0756 NOT-FOR-US: dotProject -CVE-2006-0755 (** DISPUTED ** ...) +CVE-2006-0755 NOT-FOR-US: dotProject -CVE-2006-0754 (** DISPUTED ** ...) +CVE-2006-0754 NOT-FOR-US: dotProject -CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...) +CVE-2006-0753 NOT-FOR-US: Microsoft -CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...) +CVE-2006-0752 - honeyd 1.5a-1 (bug #353064; low) [sarge] - honeyd (Too insignificant) -CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...) +CVE-2006-0751 NOT-FOR-US: Network Object Oriented File System (NOOFS) -CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) ...) +CVE-2006-0750 NOT-FOR-US: supersmashbrothers -CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ...) +CVE-2006-0749 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2 (low) - mozilla-firefox 1.5.dfsg+1.5.0.2 (low) - mozilla 2:1.7.13-0.1 (low) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) -CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...) +CVE-2006-0748 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high) @@ -14740,238 +14740,238 @@ CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x befo - thunderbird 1.5.0.2-1 (high) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high) - xulrunner 1.8.0.1-9 -CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ...) +CVE-2006-0747 {DSA-1095-1} - freetype 2.2.1-1 (medium) -CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...) +CVE-2006-0746 {DSA-1008-1} - kdegraphics 4:3.5.0-3 NOTE: Only affected the 3.3.2 KDE backport -CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...) +CVE-2006-0745 - xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium) - xorg-server 1:1.0.2-1 (bug #378465; medium) - xfree86 -CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical ...) +CVE-2006-0744 {DSA-1103} - linux-2.6 2.6.16-7 -CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net ...) +CVE-2006-0743 NOT-FOR-US: Log4Net -CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ...) +CVE-2006-0742 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.15-8 -CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...) +CVE-2006-0741 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.15-8 CVE-2006-0740 RESERVED -CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...) +CVE-2006-0739 NOT-FOR-US: eStara SIP softphone -CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...) +CVE-2006-0738 NOT-FOR-US: eStara SIP softphone -CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...) +CVE-2006-0737 NOT-FOR-US: eStara SIP softphone -CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...) +CVE-2006-0736 NOT-FOR-US: pam_micasa / Novell -CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick ...) +CVE-2006-2440 {DSA-1168-1} - imagemagick 6:6.2.4.5-0.6 (bug #345595) -CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...) +CVE-2006-0735 NOT-FOR-US: My Blog -CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...) +CVE-2006-0734 NOT-FOR-US: Half-Life -CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...) +CVE-2006-0733 - wordpress (unimportant) -CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...) +CVE-2006-0732 NOT-FOR-US: SAP Business Connector -CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and ...) +CVE-2006-0731 NOT-FOR-US: SAP Business Connector -CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...) +CVE-2006-0730 - dovecot 1.0.beta3-1 (bug #353341; medium) [sarge] - dovecot (Vulnerable code was introduced in 1.0beta1) -CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...) +CVE-2006-0729 NOT-FOR-US: Teca Diary -CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...) +CVE-2006-0728 NOT-FOR-US: webSPELL -CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...) +CVE-2006-0727 NOT-FOR-US: MusOX DF -CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...) +CVE-2006-0726 NOT-FOR-US: CPG-Nuke -CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...) +CVE-2006-0725 NOT-FOR-US: Plume CMS -CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...) +CVE-2006-0724 NOT-FOR-US: Reamday Enterprises Magic News Lite -CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday ...) +CVE-2006-0723 NOT-FOR-US: Reamday Enterprises Magic News Lite -CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...) +CVE-2006-0722 NOT-FOR-US: Reamday Enterprises Magic News Lite -CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...) +CVE-2006-0721 NOT-FOR-US: RunCMS -CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...) +CVE-2006-0720 NOT-FOR-US: Winamp -CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...) +CVE-2006-0719 NOT-FOR-US: PHP Classifieds -CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...) +CVE-2006-0718 NOT-FOR-US: Avaya VSU -CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...) +CVE-2006-0717 NOT-FOR-US: Tivoli -CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...) +CVE-2006-0716 NOT-FOR-US: sNews -CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...) +CVE-2006-0715 NOT-FOR-US: sNews -CVE-2006-0714 (Directory traversal vulnerability in the installation file ...) +CVE-2006-0714 - flyspray (Vulnerable code not included in Debian) -CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...) +CVE-2006-0713 NOT-FOR-US: LinPHA -CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...) +CVE-2006-0712 NOT-FOR-US: Squishdot -CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...) +CVE-2006-0711 NOT-FOR-US: NeoMail -CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...) +CVE-2006-0710 NOT-FOR-US: Isode M-Vault -CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...) +CVE-2006-0709 {DSA-995-1} - metamail 2.7-51 (bug #352482; bug #353539) -CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...) +CVE-2006-0708 NOT-FOR-US: Winamp -CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...) +CVE-2006-0707 - pyblosxom 1.3.2-1 (high) [sarge] - pyblosxom (Vulnerable path handling code not present) -CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...) +CVE-2006-0706 NOT-FOR-US: Gaestebuch -CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...) +CVE-2006-0705 NOT-FOR-US: Proprietary SFTP servers -CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error ...) +CVE-2006-0704 NOT-FOR-US: iE Integrator -CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...) +CVE-2006-0703 NOT-FOR-US: imageVue -CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...) +CVE-2006-0702 NOT-FOR-US: imageVue -CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...) +CVE-2006-0701 NOT-FOR-US: imageVue -CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...) +CVE-2006-0700 NOT-FOR-US: imageVue -CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...) +CVE-2006-0699 NOT-FOR-US: QWikiWiki -CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...) +CVE-2006-0698 NOT-FOR-US: Zen Cart -CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...) +CVE-2006-0697 NOT-FOR-US: Zen Cart -CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...) +CVE-2006-0696 NOT-FOR-US: Zen Cart -CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...) +CVE-2006-0695 NOT-FOR-US: Ansilove -CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...) +CVE-2006-0694 NOT-FOR-US: Ansilove -CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...) +CVE-2006-0693 NOT-FOR-US: Roberto Butti CALimba -CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...) +CVE-2006-0692 NOT-FOR-US: Carey Briggs Timesheet -CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...) +CVE-2006-0691 NOT-FOR-US: TTS Time Tracking Software -CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...) +CVE-2006-0690 NOT-FOR-US: TTS Time Tracking Software -CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...) +CVE-2006-0689 NOT-FOR-US: TTS Time Tracking Software -CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...) +CVE-2006-0688 NOT-FOR-US: nicecoder.com indexu -CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...) +CVE-2006-0687 NOT-FOR-US: DocMGR -CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...) +CVE-2006-0686 NOT-FOR-US: Virtual Hosting Control System -CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...) +CVE-2006-0685 NOT-FOR-US: Virtual Hosting Control System -CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...) +CVE-2006-0684 NOT-FOR-US: Virtual Hosting Control System -CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...) +CVE-2006-0683 NOT-FOR-US: Virtual Hosting Control System -CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...) +CVE-2006-0682 NOT-FOR-US: e107 -CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...) +CVE-2006-0681 NOT-FOR-US: powerd NOTE: powerd supposedly normally comes with sysvinit, but not in debian -CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...) +CVE-2006-0680 NOT-FOR-US: WebGUI -CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...) +CVE-2006-0679 NOT-FOR-US: PHP-Nuke -CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...) +CVE-2006-0678 NOTE: Only vulnerable when compiled with asserts - postgresql (unimportant) - postgresql-8.0 8.0.7-1 (unimportant) - postgresql-8.1 8.1.3-1 (unimportant) -CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...) +CVE-2006-0677 {DSA-977-1} - heimdal 0.7.2-1 -CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...) +CVE-2006-0676 NOT-FOR-US: PHP-Nuke -CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe ...) +CVE-2006-0675 NOT-FOR-US: SiteFrame -CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 ...) +CVE-2006-0674 NOT-FOR-US: IBM AIX -CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic ...) +CVE-2006-0673 NOT-FOR-US: Magic Calendar Lite -CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before ...) +CVE-2006-0672 NOT-FOR-US: HP PSC 1210 All-in-One printer -CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ...) +CVE-2006-0671 NOT-FOR-US: Sony Ericsson -CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...) +CVE-2006-0670 {DSA-990-1} - bluez-hcidump 1.30-1 (bug #351881; medium) -CVE-2006-0669 (** DISPUTED ** ...) +CVE-2006-0669 NOT-FOR-US: Forum Light -CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...) +CVE-2006-0668 NOT-FOR-US: PwsPHP -CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary ...) +CVE-2006-0667 NOT-FOR-US: AIX -CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...) +CVE-2006-0666 NOT-FOR-US: AIX -CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...) +CVE-2006-0665 {DSA-1133-1} - mantis 0.19.4-3 [woody] - mantis (Complete rewrite in 0.19) -CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...) +CVE-2006-0664 {DSA-1133-1} - mantis 0.19.4-3 [woody] - mantis (Complete rewrite in 0.19) -CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...) +CVE-2006-0663 NOT-FOR-US: Lotus Domino -CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...) +CVE-2006-0662 NOT-FOR-US: Lotus Domino -CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...) +CVE-2006-0661 NOT-FOR-US: SmE GB Host -CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...) +CVE-2006-0660 NOT-FOR-US: FarsiNews -CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...) +CVE-2006-0659 NOT-FOR-US: Runcms -CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...) +CVE-2006-0658 - knowledgeroot (fixed before first upload; see bug #381912) - moin 1.5.8-4.1 [etch] - moin (Vulnerable php code not present) - karrigell (Vulnerable php code not present) -CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...) +CVE-2006-0657 NOT-FOR-US: Softcomplex -CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...) +CVE-2006-0656 NOT-FOR-US: HP -CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2006-0655 NOT-FOR-US: Hinton Design phpht Topsites -CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...) +CVE-2006-0654 NOT-FOR-US: Hinton Design phpht Topsites -CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...) +CVE-2006-0653 NOT-FOR-US: Hinton Design phpht Topsites -CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...) +CVE-2006-0652 NOT-FOR-US: WHMCompleteSolution -CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...) +CVE-2006-0651 NOT-FOR-US: vwdev -CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...) +CVE-2006-0650 NOT-FOR-US: CPAINT -CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...) +CVE-2006-0649 NOT-FOR-US: DataparkSearch -CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...) +CVE-2006-0648 NOT-FOR-US: PHP iCalendar -CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...) +CVE-2006-0647 NOT-FOR-US: Sun Java System Directory Server -CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...) +CVE-2006-0646 - binutils (SuSE specific vulnerability) -CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...) +CVE-2006-0645 {DSA-986-1 DSA-985-1} - libtasn1-2 (bug #352182; bug #365234) NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change @@ -14982,36 +14982,36 @@ CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTL CVE-2006-XXXX [dpkg-sig: insecure temp file bug] - dpkg-sig 0.13 (bug #352723; low) [sarge] - dpkg-sig (Only affected in debug mode) -CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ...) +CVE-2006-2441 - pioneers 0.9.55-1 (bug #351986; medium) [sarge] - gnocatan (Not exploitable in Sarge per maintainer) -CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...) +CVE-2006-0644 NOT-FOR-US: CPG-Nuke Dragonfly CMS -CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...) +CVE-2006-0643 NOT-FOR-US: WiredRed e/pop Web Conferencing -CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...) +CVE-2006-0642 NOT-FOR-US: Trend Micro -CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...) +CVE-2006-0641 NOT-FOR-US: Orbicule Undercover -CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...) +CVE-2006-0640 NOT-FOR-US: Orbicule Undercover -CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...) +CVE-2006-0639 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...) +CVE-2006-0638 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...) +CVE-2006-0637 NOT-FOR-US: QUALCOMM Eudora WorldMail -CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...) +CVE-2006-0636 NOT-FOR-US: eyeOS -CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...) +CVE-2006-0635 - tcc 0.9.24~cvs20070502-1 (bug #352202; low) [sarge] - tcc (Only incorrect code gen, hardly any production use) [etch] - tcc (Documented as insecure; only incorrect code gen, hardly any production use) -CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...) +CVE-2006-0634 NOT-FOR-US: Borland C++Builder -CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...) +CVE-2006-0633 NOT-FOR-US: Invision Power Board -CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...) +CVE-2006-0632 - phpbb2 2.0.20 (low) [sarge] - phpbb2 (Minor issue) NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against @@ -15019,61 +15019,61 @@ CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts NOTE: instead of a million NOTE: Fixed in 2.0.20 -CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin ...) +CVE-2006-0631 NOT-FOR-US: Erik C. Thauvin mailback -CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...) +CVE-2006-0630 NOT-FOR-US: The Bat! -CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...) +CVE-2006-0629 NOT-FOR-US: AIM -CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...) +CVE-2006-0628 NOT-FOR-US: Dale Ray MyQuiz -CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...) +CVE-2006-0627 NOT-FOR-US: Clever Copy -CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...) +CVE-2006-0624 NOT-FOR-US: Whomp Real Estate Manager -CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...) +CVE-2006-0623 NOT-FOR-US: QNX -CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...) +CVE-2006-0622 NOT-FOR-US: QNX -CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...) +CVE-2006-0621 NOT-FOR-US: QNX -CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...) +CVE-2006-0620 NOT-FOR-US: QNX -CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...) +CVE-2006-0619 NOT-FOR-US: QNX -CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...) +CVE-2006-0618 NOT-FOR-US: QNX -CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...) +CVE-2006-0617 NOT-FOR-US: Sun Java -CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...) +CVE-2006-0616 NOT-FOR-US: Sun Java -CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...) +CVE-2006-0615 NOT-FOR-US: Sun Java -CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...) +CVE-2006-0614 NOT-FOR-US: Sun Java -CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...) +CVE-2006-0613 NOT-FOR-US: Sun Java -CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...) +CVE-2006-0612 - powersave 0.11.2-1 -CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...) +CVE-2006-0611 NOT-FOR-US: @Mail -CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...) +CVE-2006-0610 NOT-FOR-US: 2200net Calender system -CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...) +CVE-2006-0609 NOT-FOR-US: Hinton Design phphd -CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...) +CVE-2006-0608 NOT-FOR-US: Hinton Design phphd -CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...) +CVE-2006-0607 NOT-FOR-US: Hinton Design phphd -CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...) +CVE-2006-0606 NOT-FOR-US: Unknown Domain Shoutbox -CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...) +CVE-2006-0605 NOT-FOR-US: Unknown Domain Shoutbox -CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...) +CVE-2006-0604 NOT-FOR-US: Hinton Design phphd -CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...) +CVE-2006-0603 NOT-FOR-US: Hinton Design phphd -CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...) +CVE-2006-0602 NOT-FOR-US: Hinton Design phphd CVE-2006-0601 RESERVED @@ -15083,238 +15083,238 @@ CVE-2006-0595 RESERVED CVE-2006-0594 RESERVED -CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows ...) +CVE-2006-0598 {DSA-967-1} - elog 2.6.1+r1642-1 -CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...) +CVE-2006-0597 {DSA-967-1} - elog 2.6.1+r1642-1 -CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...) +CVE-2006-0599 {DSA-967-1} - elog 2.6.1+r1642-1 -CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...) +CVE-2006-0600 {DSA-967-1} - elog 2.6.1+r1642-1 -CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...) +CVE-2006-0593 NOT-FOR-US: PHP-Fusion -CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...) +CVE-2006-0592 NOT-FOR-US: Lexmark Printer -CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...) +CVE-2006-0591 NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian -CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...) +CVE-2006-0590 NOT-FOR-US: MyTopix -CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...) +CVE-2006-0589 NOT-FOR-US: MyTopix -CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows ...) +CVE-2006-0588 NOT-FOR-US: MyTopix -CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 ...) +CVE-2006-0587 - gallery 1.5.2-pl2-1 -CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before ...) +CVE-2006-0586 NOT-FOR-US: Oracle -CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows ...) +CVE-2006-0585 NOT-FOR-US: Microsoft -CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 ...) +CVE-2006-0584 NOT-FOR-US: PeopleSoft People Tools -CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...) +CVE-2006-0583 NOT-FOR-US: Clever Copy -CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...) +CVE-2006-0582 {DSA-977-1} - heimdal 0.7.2-1 -CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...) +CVE-2006-0581 NOT-FOR-US: Hosting Controller -CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial ...) +CVE-2006-0580 NOT-FOR-US: Lotus Domino -CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in ...) +CVE-2006-0579 - mplayer (fixed before first upload; 1.0pre7try3) NOTE: code not in ffmpeg and xine-lib -CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce ...) +CVE-2006-0578 NOT-FOR-US: Blue Coat Proxy Security Gateway OS -CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...) +CVE-2006-0577 NOT-FOR-US: Lexmark printer -CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...) +CVE-2006-0576 - oprofile 0.9.1-9 (bug #352910; low) [sarge] - oprofile (requires sudo access to be vulnerable) -CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...) +CVE-2006-0575 - fcron (Not included in Debian package) -CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...) +CVE-2006-0574 NOT-FOR-US: cPanel -CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ...) +CVE-2006-0573 NOT-FOR-US: cPanel -CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to ...) +CVE-2006-0572 NOT-FOR-US: phpstatus -CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 ...) +CVE-2006-0571 NOT-FOR-US: phpstatus -CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when ...) +CVE-2006-0570 NOT-FOR-US: phpstatus -CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo ...) +CVE-2006-0569 NOT-FOR-US: Papoo -CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze ...) +CVE-2006-0568 NOT-FOR-US: Outblaze -CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...) +CVE-2006-0567 NOT-FOR-US: Xaraya -CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...) +CVE-2006-0566 NOT-FOR-US: Communigate Pro -CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...) +CVE-2006-0565 NOT-FOR-US: LoudBlog -CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...) +CVE-2006-0564 NOT-FOR-US: Microsoft -CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...) +CVE-2006-0563 NOT-FOR-US: PluggedOut Blog -CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...) +CVE-2006-0562 NOT-FOR-US: PluggedOut Blog -CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...) +CVE-2006-0561 NOT-FOR-US: Cisco CVE-2006-0560 REJECTED -CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...) +CVE-2006-0559 NOT-FOR-US: McAfee WebShield -CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...) +CVE-2006-0558 {DSA-1103} - linux-2.6 2.6.16-1 (bug #365375; low) -CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...) +CVE-2006-0557 {DSA-1103} - linux-2.6 2.6.15-8 CVE-2006-0556 REJECTED -CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...) +CVE-2006-0555 {DSA-1103} - linux-2.6 2.6.15-8 -CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain ...) +CVE-2006-0554 {DSA-1103} - linux-2.6 2.6.15-8 -CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...) +CVE-2006-0553 - postgresql-8.1 8.1.3-1 -CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...) +CVE-2006-0552 NOT-FOR-US: Oracle -CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...) +CVE-2006-0551 NOT-FOR-US: Oracle -CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...) +CVE-2006-0550 NOT-FOR-US: Oracle -CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...) +CVE-2006-0549 NOT-FOR-US: Oracle -CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...) +CVE-2006-0548 NOT-FOR-US: Oracle -CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...) +CVE-2006-0547 NOT-FOR-US: Oracle -CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...) +CVE-2006-0546 NOT-FOR-US: Strange app at www.egeinternet.com -CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...) +CVE-2006-0545 NOT-FOR-US: UBB.threads -CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...) +CVE-2006-0544 NOT-FOR-US: Microsoft -CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...) +CVE-2006-0543 NOT-FOR-US: Cerulean Trillian -CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...) +CVE-2006-0542 NOT-FOR-US: NukedWeb -CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...) +CVE-2006-0541 NOT-FOR-US: Tachyon Vanilla Guestbook -CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...) +CVE-2006-0540 NOT-FOR-US: Tachyon Vanilla Guestbook -CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...) +CVE-2006-0539 - fcron (Vulnerable app in the Debian package, not setuid anyway) -CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ...) +CVE-2006-0538 NOT-FOR-US: IronMail -CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange ...) +CVE-2006-0537 NOT-FOR-US: eXchange POP3 -CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...) +CVE-2006-0536 NOT-FOR-US: NeoMail -CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...) +CVE-2006-0535 NOT-FOR-US: Community Server -CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) +CVE-2006-0534 NOT-FOR-US: CyberShop Ultimate E-commerce -CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...) +CVE-2006-0533 NOT-FOR-US: cPanel NOTE: Not Debian's cpanel -CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...) +CVE-2006-0532 NOT-FOR-US: SoftMaker Shop -CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...) +CVE-2006-0531 NOT-FOR-US: Sun Java System Access Manager -CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...) +CVE-2006-0530 NOT-FOR-US: CA Message Queuing NOTE: CA Message Queuing is embeded in a lot of products, but they all seem NOTE: to be commercial products (see list in referenced URL) -CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...) +CVE-2006-0529 NOT-FOR-US: CA Message Queuing NOTE: CA Message Queuing is embeded in a lot of products, but they all seem NOTE: to be commercial products (see list in referenced URL) -CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...) +CVE-2006-0528 - evolution 2.2.3-4 (low) [sarge] - evolution (Vulnerability was apparantly introduced in 2.3.1) [woody] - evolution (Vulnerability was apparantly introduced in 2.3.1) -CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...) +CVE-2006-0527 - bind 1:8.4.7-1 (low) [sarge] - bind (Architectual limitatiom, upgrade to BIND 9 as a a fix) NOTE: BIND 8 is unsuitable for forwarder use because of its NOTE: architecture. Upgrade to BIND 9 as a fix. NOTE: This was fixed in sid by documenting it as an unfixable design limitation -CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...) +CVE-2006-0526 NOT-FOR-US: AOL -CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...) +CVE-2006-0525 NOT-FOR-US: Windows issue -CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...) +CVE-2006-0524 NOT-FOR-US: Derek Ashauer ashnews -CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows ...) +CVE-2006-0523 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...) +CVE-2006-0522 NOT-FOR-US: Symantec Sygate Management Server -CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...) +CVE-2006-0521 NOT-FOR-US: Browser CRM -CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...) +CVE-2006-0520 NOT-FOR-US: Invision Power Board -CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...) +CVE-2006-0519 - spip 2.0.6-1 (medium; bug #351336) -CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...) +CVE-2006-0518 - spip 2.0.6-1 (medium; bug #351335) -CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...) +CVE-2006-0517 - spip 2.0.6-1 (medium; bug #351334) -CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...) +CVE-2006-0625 - spip 2.0.6-1 (medium; bug #352076) NOTE: http://www.securityfocus.com/bid/16556 -CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...) +CVE-2006-0626 - spip 2.0.6-1 (medium; bug #352077) NOTE: http://www.securityfocus.com/bid/16551 -CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...) +CVE-2006-0516 NOT-FOR-US: Solaris -CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x ...) +CVE-2006-0515 NOT-FOR-US: Cisco CVE-2006-0514 RESERVED -CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...) +CVE-2006-0513 NOT-FOR-US: Tivoli -CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...) +CVE-2006-0512 {DSA-1187-1} - migrationtools 46-2.1 (bug #338920; medium) -CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...) +CVE-2006-0511 NOT-FOR-US: Blackboard Academic Suite -CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...) +CVE-2006-0510 NOT-FOR-US: Daffodil -CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...) +CVE-2006-0509 NOT-FOR-US: Cerberus Helpdesk -CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...) +CVE-2006-0508 NOT-FOR-US: Easy CMS -CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...) +CVE-2006-0507 NOT-FOR-US: Easy CMS -CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN ...) +CVE-2006-0506 NOT-FOR-US: Nuked-klaN -CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to ...) +CVE-2006-0505 NOT-FOR-US: Zbattle -CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...) +CVE-2006-0504 NOT-FOR-US: MailEnable Enterprise Edition -CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows ...) +CVE-2006-0503 NOT-FOR-US: MailEnable Professional Edition -CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews ...) +CVE-2006-0502 NOT-FOR-US: FarsiNews -CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...) +CVE-2006-0501 NOT-FOR-US: MyCo Guestbook -CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document ...) +CVE-2006-0500 NOT-FOR-US: MyCo Guestbook -CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 ...) +CVE-2006-0499 NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package) -CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) +CVE-2006-0498 NOT-FOR-US: PHP GEN -CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...) +CVE-2006-0497 NOT-FOR-US: PHP GEN -CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...) +CVE-2006-0496 - iceweasel 3.0-1 (unimportant; bug #349339) - mozilla-firefox (unimportant; bug #349339) - iceape (unimportant) @@ -15322,437 +15322,437 @@ CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and .. NOTE: This is not a direct vulnerability, but rather the lack of protection NOTE: for shooting into own's own foot, so we should treat it as a security NOTE: enhancement bug and not as a vulnerability. -CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...) +CVE-2006-0495 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...) +CVE-2006-0494 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...) +CVE-2006-0493 NOT-FOR-US: MG2 -CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...) +CVE-2006-0492 NOT-FOR-US: Calendarix -CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...) +CVE-2006-0491 NOT-FOR-US: SZUserMgnt -CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...) +CVE-2006-0490 NOT-FOR-US: ASPThai Forums -CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...) +CVE-2006-0489 NOT-FOR-US: mIRC -CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...) +CVE-2006-0488 NOT-FOR-US: Microsoft -CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...) +CVE-2006-0487 NOT-FOR-US: Tumbleweed MailGate Email Firewall -CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...) +CVE-2006-0486 NOT-FOR-US: IOS -CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...) +CVE-2006-0485 NOT-FOR-US: IOS -CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...) +CVE-2006-0484 NOT-FOR-US: FACE CONTROL product -CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...) +CVE-2006-0483 NOT-FOR-US: Cisco -CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...) +CVE-2006-0482 {DSA-1017-1} - linux-2.6 2.6.15-4 -CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...) +CVE-2006-0481 - libpng 1.2.8rel-3 (bug #352902; bug #352918) [sarge] - libpng (Only 1.2.7 affected) [woody] - libpng (Only 1.2.7 affected) [sarge] - libpng3 1.2.8rel-1 -CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...) +CVE-2006-0480 NOT-FOR-US: sPaiz-Nuke -CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...) +CVE-2006-0479 NOT-FOR-US: PmWiki -CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...) +CVE-2006-0478 NOT-FOR-US: CRE Loaded -CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...) +CVE-2006-0477 - git-core 1.1.5-1 (bug #350274) -CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...) +CVE-2006-0476 NOT-FOR-US: Winamp -CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...) +CVE-2006-0475 NOT-FOR-US: PHP-Ping -CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...) +CVE-2006-0474 NOT-FOR-US: Shareaza -CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) +CVE-2006-0473 NOT-FOR-US: My little homepage -CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...) +CVE-2006-0472 NOT-FOR-US: My little homepage -CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) +CVE-2006-0471 NOT-FOR-US: My little homepage -CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...) +CVE-2006-0470 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...) +CVE-2006-0469 NOT-FOR-US: uebimiau NOTE: this had an ITP back in 2002, but it never was done (bug #164116) -CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...) +CVE-2006-0468 NOT-FOR-US: CommuniGate Pro -CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...) +CVE-2006-0467 {DSA-964-1} [woody] - gnocatan 0.6.1-5woody3 [sarge] - gnocatan 0.8.1.59-1sarge1 - pioneers 0.9.49-1 (bug #350237; medium) -CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...) +CVE-2006-0466 NOT-FOR-US: Goldstag Content Management System -CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...) +CVE-2006-0465 NOT-FOR-US: active121 Site Manager -CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...) +CVE-2006-0464 NOT-FOR-US: IdeoContent Manager -CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...) +CVE-2006-0463 NOT-FOR-US: IdeoContent Manager -CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...) +CVE-2006-0462 NOT-FOR-US: AndoNET Blog -CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...) +CVE-2006-0461 NOT-FOR-US: ExpressionEngine -CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...) +CVE-2006-0460 {DSA-997-1} - bomberclone 0.11.6.2-1 -CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer ...) +CVE-2006-0459 {DSA-1020-1} - flex 2.5.33-1 -CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...) +CVE-2006-0458 - irssi-text (Only 0.8.10rc versions are affected) -CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...) +CVE-2006-0457 - linux-2.6 2.6.15-6 -CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 ...) +CVE-2006-0456 {DSA-1103} - linux-2.6 2.6.16-1 -CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...) +CVE-2006-0455 {DSA-978-1} - gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium) - gnupg2 (Vulnerable code not activated) -CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ...) +CVE-2006-0454 - linux-2.6 2.6.15-5 [sarge] - kernel-source-2.6.8 [sarge] - kernel-source-2.4.27 -CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...) +CVE-2006-0453 NOT-FOR-US: Fedora Directory Server -CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...) +CVE-2006-0452 NOT-FOR-US: Fedora Directory Server -CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...) +CVE-2006-0451 NOT-FOR-US: Fedora Directory Server -CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...) +CVE-2006-0450 - phpbb2 (unimportant) NOTE: As discussed with the phpbb maintainers; this is only a lack of feature NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for NOTE: a certain time frame), but not a directly fixable security problem -CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...) +CVE-2006-0449 NOT-FOR-US: E-Post Mail / SPA-PRO Mail -CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...) +CVE-2006-0448 NOT-FOR-US: E-Post Mail / SPA-PRO Mail -CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...) +CVE-2006-0447 NOT-FOR-US: E-Post Mail / SPA-PRO Mail -CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...) +CVE-2006-0446 NOT-FOR-US: WeBWorK -CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...) +CVE-2006-0445 NOT-FOR-US: Phpclanwebsite -CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...) +CVE-2006-0444 NOT-FOR-US: Phpclanwebsite -CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...) +CVE-2006-0443 NOT-FOR-US: CheesyBlog -CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...) +CVE-2006-0442 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...) +CVE-2006-0441 NOT-FOR-US: Sami FTP Server -CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...) +CVE-2006-0440 NOT-FOR-US: Text Rider -CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...) +CVE-2006-0439 NOT-FOR-US: Text Rider -CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...) +CVE-2006-0438 - phpbb2 (unimportant) NOTE: No real world risk according to maintainer -CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...) +CVE-2006-0437 - phpbb2 (unimportant) NOTE: Intended behaviour according to maintainer -CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...) +CVE-2006-0436 NOT-FOR-US: HP-UX -CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in ...) +CVE-2006-0435 NOT-FOR-US: Oracle -CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...) +CVE-2006-0434 NOT-FOR-US: phpXplorer -CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not ...) +CVE-2006-0433 - kfreebsd-5 5.4-13 -CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) +CVE-2006-0432 NOT-FOR-US: BEA WebLogic -CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) +CVE-2006-0431 NOT-FOR-US: BEA WebLogic -CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express ...) +CVE-2006-0430 NOT-FOR-US: BEA WebLogic -CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security ...) +CVE-2006-0429 NOT-FOR-US: BEA WebLogic -CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, ...) +CVE-2006-0428 NOT-FOR-US: BEA WebLogic -CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) +CVE-2006-0427 NOT-FOR-US: BEA WebLogic -CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when ...) +CVE-2006-0426 NOT-FOR-US: BEA WebLogic -CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain ...) +CVE-2006-0425 NOT-FOR-US: BEA WebLogic -CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) +CVE-2006-0424 NOT-FOR-US: BEA WebLogic -CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS ...) +CVE-2006-0423 NOT-FOR-US: BEA WebLogic -CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and ...) +CVE-2006-0422 NOT-FOR-US: BEA WebLogic -CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when ...) +CVE-2006-0421 NOT-FOR-US: BEA WebLogic -CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 ...) +CVE-2006-0420 NOT-FOR-US: BEA WebLogic -CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...) +CVE-2006-0419 NOT-FOR-US: BEA WebLogic -CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...) +CVE-2006-0418 NOT-FOR-US: 123 Flash Chat Server -CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...) +CVE-2006-0417 NOT-FOR-US: miniBloggie -CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass ...) +CVE-2006-0416 NOT-FOR-US: SleeperChat -CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...) +CVE-2006-0415 NOT-FOR-US: SleeperChat -CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...) +CVE-2006-0414 - tor 0.1.1.11-alpha-1 (bug #349283) -CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...) +CVE-2006-0413 NOT-FOR-US: NewsPHP -CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...) +CVE-2006-0412 NOT-FOR-US: CyberShop -CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...) +CVE-2006-0411 NOT-FOR-US: Claroline -CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...) +CVE-2006-0410 {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (bug #349985; medium) - moodle 1.6-1 (bug #360395; medium) - cacti 0.8.6d-1 (medium) -CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...) +CVE-2006-0409 NOT-FOR-US: Pixelpost Photoblog -CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...) +CVE-2006-0408 NOT-FOR-US: Sun Grid Engine -CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...) +CVE-2006-0407 NOT-FOR-US: AZ Bulletin Board -CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...) +CVE-2006-0406 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...) +CVE-2006-0405 - tiff 3.8.0-2 (bug #350715) - tiff3 (fixed prior to initial upload) [sarge] - tiff (Vulnerability was introduced later) [woody] - tiff (Vulnerability was introduced later) -CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...) +CVE-2006-0404 NOT-FOR-US: Note-A-Day Weblog -CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...) +CVE-2006-0403 NOT-FOR-US: e-moBLOG -CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...) +CVE-2006-0402 {DSA-989-1} - zoph 0.5-1 (bug #350717) -CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on ...) +CVE-2006-0401 NOT-FOR-US: Apple -CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...) +CVE-2006-0400 NOT-FOR-US: Apple -CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) +CVE-2006-0399 NOT-FOR-US: Apple -CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) +CVE-2006-0398 NOT-FOR-US: Apple -CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) +CVE-2006-0397 NOT-FOR-US: Apple -CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when ...) +CVE-2006-0396 NOT-FOR-US: Apple -CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly ...) +CVE-2006-0395 NOT-FOR-US: Apple CVE-2006-0394 REJECTED -CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a ...) +CVE-2006-0393 NOT-FOR-US: Apple -CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted ...) +CVE-2006-0392 NOT-FOR-US: Apple -CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...) +CVE-2006-0391 NOT-FOR-US: Apple CVE-2006-0390 REJECTED -CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...) +CVE-2006-0389 NOT-FOR-US: Apple -CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...) +CVE-2006-0388 NOT-FOR-US: Apple -CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...) +CVE-2006-0387 NOT-FOR-US: Apple -CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...) +CVE-2006-0386 NOT-FOR-US: Apple CVE-2006-0385 RESERVED -CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...) +CVE-2006-0384 NOT-FOR-US: Apple -CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...) +CVE-2006-0383 NOT-FOR-US: Apple -CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...) +CVE-2006-0382 NOT-FOR-US: Apple -CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...) +CVE-2006-0381 - kfreebsd-5 5.4-14 -CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...) +CVE-2006-0380 NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5 -CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...) +CVE-2006-0379 NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5 -CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...) +CVE-2006-0378 NOT-FOR-US: Netrix X-Site Manager -CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...) +CVE-2006-0377 {DSA-988-1} - squirrelmail 2:1.4.6-1 (bug #354063; bug #355424) -CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...) +CVE-2006-0376 NOT-FOR-US: Windows -CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...) +CVE-2006-0375 NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone -CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...) +CVE-2006-0374 NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone -CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...) +CVE-2006-0373 NOT-FOR-US: Douran FollowWeb -CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...) +CVE-2006-0372 NOT-FOR-US: Insane Visions BlogPHP -CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...) +CVE-2006-0371 NOT-FOR-US: Noah Medling RCBlog -CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...) +CVE-2006-0370 NOT-FOR-US: Noah Medling RCBlog -CVE-2006-0369 (** DISPUTED ** ...) +CVE-2006-0369 - mysql-dfsg-4.1 (unimportant) NOTE: This isn't a security hole, it's expected behaviour -CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...) +CVE-2006-0368 NOT-FOR-US: Cisco -CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...) +CVE-2006-0367 NOT-FOR-US: Cisco -CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...) +CVE-2006-0366 NOT-FOR-US: Phpclanwebsite -CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...) +CVE-2006-0365 NOT-FOR-US: XMB -CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...) +CVE-2006-0364 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores ...) +CVE-2006-0363 NOT-FOR-US: MSN Messenger -CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...) +CVE-2006-0362 NOT-FOR-US: TippingPoint IPS -CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...) +CVE-2006-0361 NOT-FOR-US: Bit 5 Blog -CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...) +CVE-2006-0360 NOT-FOR-US: MPM SIP IP Phone -CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...) +CVE-2006-0359 NOT-FOR-US: eyeBeam SIP Softphone -CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...) +CVE-2006-0358 NOT-FOR-US: PowerPortal -CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...) +CVE-2006-0357 NOT-FOR-US: Grant Averett Cerberus FTP Server -CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...) +CVE-2006-0356 NOT-FOR-US: Ari Pikivirta Home Ftp Server -CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...) +CVE-2006-0355 NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp -CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...) +CVE-2006-0354 NOT-FOR-US: Cisco -CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...) +CVE-2006-0352 NOT-FOR-US: Fluffington FLog -CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) +CVE-2006-0351 {DSA-963-1} [sarge] - mydns 1.0.0-4sarge1 - mydns 1.1.0+pre-3 (medium; bug #348826) -CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...) +CVE-2006-0350 NOT-FOR-US: eggblog -CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...) +CVE-2006-0349 NOT-FOR-US: eggblog -CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...) +CVE-2006-0348 {DSA-967-1} - elog 2.6.1+r1642-1 (bug #349528; medium) -CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...) +CVE-2006-0347 {DSA-967-1} - elog 2.6.1+r1642-1 (bug #349528; medium) -CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...) +CVE-2006-0346 NOT-FOR-US: SaralBlog -CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...) +CVE-2006-0345 NOT-FOR-US: SaralBlog -CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...) +CVE-2006-0344 NOT-FOR-US: FileCOPA FTP Server -CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...) +CVE-2006-0343 NOT-FOR-US: Hitachi JP1/NetInsight II -CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...) +CVE-2006-0342 NOT-FOR-US: RockLiffe MailSite -CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...) +CVE-2006-0341 NOT-FOR-US: RockLiffe MailSite -CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...) +CVE-2006-0340 NOT-FOR-US: Cisco -CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...) +CVE-2006-0339 NOT-FOR-US: BitComet -CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...) +CVE-2006-0338 NOT-FOR-US: F-Secure -CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...) +CVE-2006-0337 NOT-FOR-US: F-Secure -CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...) +CVE-2006-0336 NOT-FOR-US: Kerio Firewall -CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...) +CVE-2006-0335 NOT-FOR-US: Kerio Firewall -CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...) +CVE-2006-0334 NOT-FOR-US: My Amazon Store Manager -CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...) +CVE-2006-0333 NOT-FOR-US: ar-blog -CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...) +CVE-2006-0332 - ecartis 1.0.0+cvs.20030911-11 (low; bug #348824) [sarge] - ecartis (No real fix available, only rare setups affected, minor exploit potential) -CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...) +CVE-2006-0331 NOT-FOR-US: Squirrelmail plugin -CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...) +CVE-2006-0330 {DSA-1148-1} - gallery 1.5.2-1 -CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...) +CVE-2006-0329 NOT-FOR-US: HITSENSER Data Mart Server BS -CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...) +CVE-2006-0328 NOT-FOR-US: Tftpd32, different from the tftpd in Debian -CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...) +CVE-2006-0327 - typo3-src 4.0.2-1 (bug #364351; unimportant) NOTE: Only path disclosure CVE-2006-0326 RESERVED -CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...) +CVE-2006-0325 NOT-FOR-US: Etomite CMS -CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...) +CVE-2006-0324 NOT-FOR-US: WebspotBlogging -CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...) +CVE-2006-0323 NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect -CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...) +CVE-2006-0322 - mediawiki 1.4.15-1 (low) -CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...) +CVE-2006-0353 {DSA-956-1} - lsh-utils 2.0.1cdbs-4 (low; bug #349303) NOTE: woody seems to be vulnerable as well (looking at the source code). -CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...) +CVE-2006-0283 NOT-FOR-US: Oracle -CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...) +CVE-2006-0321 - fetchmail 6.3.2-1 (bug #348747; low) [sarge] - fetchmail (regression in fetchmail 6.3.0 and 6.3.1) [woody] - fetchmail (regression in fetchmail 6.3.0 and 6.3.1) -CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...) +CVE-2006-0320 NOT-FOR-US: Bit 5 Blog -CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...) +CVE-2006-0319 NOT-FOR-US: Farmers WIFE -CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...) +CVE-2006-0318 NOT-FOR-US: BlogPHP -CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...) +CVE-2006-0317 NOT-FOR-US: RedKernel Referrer Tracker -CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...) +CVE-2006-0316 NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control -CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...) +CVE-2006-0315 NOT-FOR-US: EZDatabase -CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...) +CVE-2006-0314 NOT-FOR-US: PDFdirectory -CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...) +CVE-2006-0313 NOT-FOR-US: PDFdirectory -CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...) +CVE-2006-0312 NOT-FOR-US: aoblogger -CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...) +CVE-2006-0311 NOT-FOR-US: aoblogger -CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...) +CVE-2006-0310 NOT-FOR-US: aoblogger -CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...) +CVE-2006-0309 NOT-FOR-US: Linksys hardware issue -CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the ...) +CVE-2006-0308 NOT-FOR-US: HTMLtoNuke -CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...) +CVE-2006-0307 NOT-FOR-US: CA BrightStor products -CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...) +CVE-2006-0306 NOT-FOR-US: CA BrightStor products -CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...) +CVE-2006-0305 NOT-FOR-US: Clipcomm hardware -CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...) +CVE-2006-0304 NOT-FOR-US: dual dns server -CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...) +CVE-2006-0303 NOT-FOR-US: Joomla! -CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) +CVE-2006-0302 NOT-FOR-US: ZyXel hardware -CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...) +CVE-2006-0301 {DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1} - poppler 0.4.5-1 (medium) - tetex-bin 3.0-12 (medium) @@ -15764,563 +15764,563 @@ CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other - libextractor 0.5.10-1 (medium) - pdfkit.framework 0.8-4 (medium) - swftools (splash/ is not included, therefore no vulnerable code) -CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...) +CVE-2006-0300 {DSA-987-1} - tar 1.15.1-3 (bug #354091; high) - dpkg (has completely different tar implementation) [woody] - tar -CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...) +CVE-2006-0299 [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - mozilla (E4X not implemented in Mozilla 1.7) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 -CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...) +CVE-2006-0298 [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - mozilla (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 -CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...) +CVE-2006-0297 [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - mozilla (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 - xulrunner 1.8.0.1-9 -CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...) +CVE-2006-0296 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla 2:1.7.13-0.1 - thunderbird 1.5.0.2-1 -CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...) +CVE-2006-0295 - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 -CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...) +CVE-2006-0294 - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - mozilla-thunderbird - thunderbird 1.5.0.2-1 -CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...) +CVE-2006-0293 {DSA-1051-1 DSA-1046-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - mozilla 2:1.7.13-0.1 -CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...) +CVE-2006-0292 {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox 1.0.4-2sarge6 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 - mozilla 2:1.7.13-0.1 -CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...) +CVE-2006-0291 NOT-FOR-US: Oracle -CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...) +CVE-2006-0290 NOT-FOR-US: Oracle -CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...) +CVE-2006-0289 NOT-FOR-US: Oracle -CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer ...) +CVE-2006-0288 NOT-FOR-US: Oracle -CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...) +CVE-2006-0287 NOT-FOR-US: Oracle -CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...) +CVE-2006-0286 NOT-FOR-US: Oracle -CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...) +CVE-2006-0285 NOT-FOR-US: Oracle -CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...) +CVE-2006-0284 NOT-FOR-US: Oracle -CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) +CVE-2006-0282 NOT-FOR-US: Oracle -CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...) +CVE-2006-0281 NOT-FOR-US: Oracle -CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...) +CVE-2006-0280 NOT-FOR-US: Oracle -CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-0279 NOT-FOR-US: Oracle -CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-0278 NOT-FOR-US: Oracle -CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) +CVE-2006-0277 NOT-FOR-US: Oracle -CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) +CVE-2006-0276 NOT-FOR-US: Oracle -CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...) +CVE-2006-0275 NOT-FOR-US: Oracle -CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...) +CVE-2006-0274 NOT-FOR-US: Oracle -CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...) +CVE-2006-0273 NOT-FOR-US: Oracle -CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...) +CVE-2006-0272 NOT-FOR-US: Oracle -CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...) +CVE-2006-0271 NOT-FOR-US: Oracle -CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) ...) +CVE-2006-0270 NOT-FOR-US: Oracle -CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...) +CVE-2006-0269 NOT-FOR-US: Oracle -CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...) +CVE-2006-0268 NOT-FOR-US: Oracle -CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...) +CVE-2006-0267 NOT-FOR-US: Oracle -CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...) +CVE-2006-0266 NOT-FOR-US: Oracle -CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...) +CVE-2006-0265 NOT-FOR-US: Oracle CVE-2006-0264 REJECTED -CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...) +CVE-2006-0263 NOT-FOR-US: Oracle -CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...) +CVE-2006-0262 NOT-FOR-US: Oracle -CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...) +CVE-2006-0261 NOT-FOR-US: Oracle -CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...) +CVE-2006-0260 NOT-FOR-US: Oracle -CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server ...) +CVE-2006-0259 NOT-FOR-US: Oracle -CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...) +CVE-2006-0258 NOT-FOR-US: Oracle -CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...) +CVE-2006-0257 NOT-FOR-US: Oracle -CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...) +CVE-2006-0256 NOT-FOR-US: Oracle -CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...) +CVE-2006-0255 NOT-FOR-US: Check Point VPN -CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...) +CVE-2006-0254 - geronimo (bug #481869) -CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue ...) +CVE-2006-0253 NOT-FOR-US: AmbiCom Blue Neighbors -CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...) +CVE-2006-0252 NOT-FOR-US: Benders Calendar -CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...) +CVE-2006-0251 - faqomatic 2.712-3 -CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...) +CVE-2006-0250 NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP NOTE: This bug is present in a fork, not in the mainline NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions. -CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...) +CVE-2006-0249 NOT-FOR-US: geoBlog -CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...) +CVE-2006-0248 NOT-FOR-US: Virata-EmWeb web server -CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...) +CVE-2006-0247 NOT-FOR-US: Anyboard -CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...) +CVE-2006-0246 NOT-FOR-US: Widexl Download Tracker -CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...) +CVE-2006-0245 NOT-FOR-US: CubeCart -CVE-2006-0244 (** DISPUTED ** ...) +CVE-2006-0244 NOT-FOR-US: phpXplorer -CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...) +CVE-2006-0243 NOT-FOR-US: SMBCMS -CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...) +CVE-2006-0242 NOT-FOR-US: PHP Fusebox -CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...) +CVE-2006-0241 NOT-FOR-US: WBNews -CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...) +CVE-2006-0240 NOT-FOR-US: Simple Blog -CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...) +CVE-2006-0239 NOT-FOR-US: Simple Blog -CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...) +CVE-2006-0238 NOT-FOR-US: GaMerZ WP-Stats -CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...) +CVE-2006-0237 NOT-FOR-US: GTP iCommerce -CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...) +CVE-2006-0236 [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) -CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...) +CVE-2006-0235 NOT-FOR-US: WhiteAlbum -CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...) +CVE-2006-0234 NOT-FOR-US: microBlog -CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...) +CVE-2006-0233 NOT-FOR-US: microBlog -CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...) +CVE-2006-0232 NOT-FOR-US: Symantec Scan Engine -CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...) +CVE-2006-0231 NOT-FOR-US: Symantec Scan Engine -CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...) +CVE-2006-0230 NOT-FOR-US: Symantec Scan Engine -CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...) +CVE-2006-0229 NOT-FOR-US: Wehntrust -CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...) +CVE-2006-0228 - kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium) - kernel-patch-2.4-grsecurity (bug #349247; medium) -CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...) +CVE-2006-0227 NOT-FOR-US: lpsched in Sun Solaris -CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...) +CVE-2006-0226 NOT-FOR-US: freebsd kernel -CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...) +CVE-2006-0225 - openssh 1:4.3p2-1 (low; bug #349645; bug #352254) [sarge] - openssh (Protocol flaws inherited from rcp) - dropbear 0.48-1 (unimportant) NOTE: dropbear doesn't include scp in binary package -CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...) +CVE-2006-0224 {DSA-976-1} - libast 0.7-1 -CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...) +CVE-2006-0223 NOT-FOR-US: TopCMM -CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...) +CVE-2006-0222 NOT-FOR-US: AlstraSoft Template Seller Pro -CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...) +CVE-2006-0221 NOT-FOR-US: Dragon Design Services Network (DDSN) -CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...) +CVE-2006-0220 NOT-FOR-US: DCP-Portal -CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...) +CVE-2006-0219 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) +CVE-2006-0218 NOT-FOR-US: MyBB (aka MyBulletinBoard) -CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...) +CVE-2006-0217 NOT-FOR-US: Ultimate Auction -CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...) +CVE-2006-0216 NOT-FOR-US: QualityEBiz Quality PPC -CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...) +CVE-2006-0215 NOT-FOR-US: QualityEBiz Quality PPC -CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...) +CVE-2006-0214 NOT-FOR-US: ezDatabase -CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...) +CVE-2006-0213 NOT-FOR-US: Kolab Server NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian -CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...) +CVE-2006-0212 NOT-FOR-US: Toshiba Bluetooth Stack -CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...) +CVE-2006-0211 NOT-FOR-US: Helm Hosting Control Panel -CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...) +CVE-2006-0210 NOT-FOR-US: Interspire TrackPoint NX -CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...) +CVE-2006-0209 NOT-FOR-US: TankLogger -CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...) +CVE-2006-0208 - php5 5.1.2-1 - php4 4:4.4.2-1 (bug #354682; low) [sarge] - php4 (html_errors shouldn't be used) -CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...) +CVE-2006-0207 {DSA-1331-1} - php5 5.1.2-1 (bug #347894) - php4 4:4.4.2-1 (bug #354683) -CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...) +CVE-2006-0206 NOT-FOR-US: Light Weight Calendar -CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...) +CVE-2006-0205 NOT-FOR-US: Wordcircle -CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...) +CVE-2006-0204 NOT-FOR-US: Wordcircle -CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...) +CVE-2006-0203 NOT-FOR-US: Mini-Nuke -CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...) +CVE-2006-0202 NOT-FOR-US: PayPal Web Services -CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...) +CVE-2006-0201 NOT-FOR-US: PayPal Web Services -CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...) +CVE-2006-0200 - php5 5.1.2-1 (bug #347894; unimportant) - php4 (vulnerable code was introduced in PHP5) NOTE: Not built into the binary packages -CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...) +CVE-2006-0199 NOT-FOR-US: Mini-Nuke -CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...) +CVE-2006-0198 NOT-FOR-US: XOOPS -CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...) +CVE-2006-0197 NOTE: Historic X11 bug #349251 -CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...) +CVE-2006-0196 NOT-FOR-US: slsnif -CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...) +CVE-2006-0195 {DSA-988-1} - squirrelmail 2:1.4.6-1 (bug #354062) -CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...) +CVE-2006-0194 NOT-FOR-US: FogBugz -CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...) +CVE-2006-0193 NOT-FOR-US: Positive Software H-Sphere -CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...) +CVE-2006-0192 NOT-FOR-US: ASPSurvey -CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...) +CVE-2006-0191 NOT-FOR-US: Sun Solaris -CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...) +CVE-2006-0190 NOT-FOR-US: Sun Solaris -CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...) +CVE-2006-0189 NOT-FOR-US: eStara Softphone -CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...) +CVE-2006-0188 {DSA-988-1} - squirrelmail 2:1.4.6-1 (bug #354064) -CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...) +CVE-2006-2443 - knowledgetree 2.0.7-2 (bug #348306; medium) -CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...) +CVE-2006-0187 NOT-FOR-US: Microsoft CVE-2006-0186 REJECTED -CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...) +CVE-2006-0185 NOT-FOR-US: PHP-Nuke -CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...) +CVE-2006-0184 NOT-FOR-US: AspTopSites -CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...) +CVE-2006-0183 NOT-FOR-US: ACal Calendar Project -CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...) +CVE-2006-0182 NOT-FOR-US: ACal Calendar Project -CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) +CVE-2006-0181 NOT-FOR-US: Cisco -CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...) +CVE-2006-0180 NOT-FOR-US: CaLogic Calendars -CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...) +CVE-2006-0179 NOT-FOR-US: Cisco -CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...) +CVE-2006-0178 NOT-FOR-US: Cray UNICOS -CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...) +CVE-2006-0177 NOT-FOR-US: Cray UNICOS -CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...) +CVE-2006-0176 - xmame 0.104-1 (medium; bug #349653) NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf NOTE: question, that makes it very clear that setuid root is only for single-user NOTE: systems and xmame-sdl and xmess aren't setuid at all [sarge] - xmame (XMame is non-free software) -CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...) +CVE-2006-0175 NOT-FOR-US: Web Wiz Forums -CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...) +CVE-2006-0174 NOT-FOR-US: Hummingbird Collaboration -CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...) +CVE-2006-0173 NOT-FOR-US: Hummingbird Collaboration -CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...) +CVE-2006-0172 NOT-FOR-US: Hummingbird Collaboration -CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...) +CVE-2006-0171 NOT-FOR-US: OrjinWeb E-commerce CVE-2006-0170 REJECTED -CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...) +CVE-2006-0169 NOT-FOR-US: MyPhPim -CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...) +CVE-2006-0168 NOT-FOR-US: MyPhPim -CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...) +CVE-2006-0167 NOT-FOR-US: MyPhPim -CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...) +CVE-2006-0166 NOT-FOR-US: Symantec SystemWorks -CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...) +CVE-2006-0165 NOT-FOR-US: WebGUI -CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...) +CVE-2006-0164 NOT-FOR-US: phgstats -CVE-2006-0163 (SQL injection vulnerability in the search module ...) +CVE-2006-0163 NOT-FOR-US: PHP-Nuke -CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...) +CVE-2006-0161 NOT-FOR-US: Solaris -CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...) +CVE-2006-0160 NOT-FOR-US: Venom Board -CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...) +CVE-2006-0159 NOT-FOR-US: Foro Domus -CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS ...) +CVE-2006-0158 NOT-FOR-US: CyberDoc SiteSuite CMS -CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows ...) +CVE-2006-0157 NOT-FOR-US: Reamday Enterprises Magic News Plus -CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows ...) +CVE-2006-0156 NOT-FOR-US: Foxforum -CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...) +CVE-2006-0155 NOT-FOR-US: 427BB -CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 ...) +CVE-2006-0154 NOT-FOR-US: 427BB -CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the ...) +CVE-2006-0153 NOT-FOR-US: 427BB -CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...) +CVE-2006-0152 NOT-FOR-US: phpChamber -CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...) +CVE-2006-0151 {DSA-946-2} - sudo 1.6.8p12-1 (medium) NOTE: The whole black list approach is flawed, for the DSA we'll switch to NOTE: a white list approach of known to be safe env vars. -CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...) +CVE-2006-0150 {DSA-952-1} - libapache-auth-ldap (bug #347416) -CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...) +CVE-2006-0149 NOT-FOR-US: SimpBook -CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...) +CVE-2006-0148 NOT-FOR-US: NetSarang Xlpd -CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...) +CVE-2006-0147 {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (medium; bug #349985) - cacti 0.8.6d-1 (medium) - moodle 1.6.3-2 (medium) NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2 -CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in ...) +CVE-2006-0146 {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (medium; bug #349985) - cacti 0.8.6d-1 (medium) - moodle 1.6.3-2 (medium) NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2 -CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and ...) +CVE-2006-0145 NOT-FOR-US: NetBSD -CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...) +CVE-2006-0144 NOT-FOR-US: Neither php-pear nor php4-pear ship this file -CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...) +CVE-2006-0143 NOT-FOR-US: Windows -CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...) +CVE-2006-0142 NOT-FOR-US: Andromeda -CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...) +CVE-2006-0141 NOT-FOR-US: Eudora -CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 ...) +CVE-2006-0140 NOT-FOR-US: Navboard -CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in ...) +CVE-2006-0139 NOT-FOR-US: PD9 Software MegaBBS -CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...) +CVE-2006-0162 {DSA-947-1} - clamav 0.88-1 -CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...) +CVE-2006-0138 - amsn 0.98.9-1 (low; bug #557754) [squeeze] - amsn (minor issue) [etch] - amsn (minor issue) [lenny] - amsn (minor issue) -CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...) +CVE-2006-0137 NOT-FOR-US: Phanatic Softwares Chimera Web Portal System -CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...) +CVE-2006-0136 NOT-FOR-US: Phanatic Softwares Chimera Web Portal System -CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 ...) +CVE-2006-0135 NOT-FOR-US: TheWebForum -CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...) +CVE-2006-0134 NOT-FOR-US: TheWebForum -CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow ...) +CVE-2006-0133 NOT-FOR-US: AIX -CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...) +CVE-2006-0132 NOT-FOR-US: SysCP WebFTP -CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...) +CVE-2006-0131 NOT-FOR-US: boastMachine -CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...) +CVE-2006-0130 NOT-FOR-US: Mail Management Agent -CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...) +CVE-2006-0129 NOT-FOR-US: Mail Management Agent -CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...) +CVE-2006-0128 NOT-FOR-US: Rockliffe MailSite -CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...) +CVE-2006-0127 NOT-FOR-US: Rockliffe MailSite -CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and ...) +CVE-2006-0126 - rxvt-unicode 6.3-1 [sarge] - rxvt-unicode (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes) [woody] - rxvt-unicode (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes) -CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...) +CVE-2006-0125 NOT-FOR-US: AppServ -CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum ...) +CVE-2006-0124 NOT-FOR-US: ADN Forum -CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...) +CVE-2006-0123 NOT-FOR-US: ADN Forum -CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...) +CVE-2006-0122 NOT-FOR-US: Aquifer CMS -CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...) +CVE-2006-0121 NOT-FOR-US: Notes/Domino -CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...) +CVE-2006-0120 NOT-FOR-US: Notes/Domino -CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...) +CVE-2006-0119 NOT-FOR-US: Notes/Domino -CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...) +CVE-2006-0118 NOT-FOR-US: Notes/Domino -CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 ...) +CVE-2006-0117 NOT-FOR-US: Notes/Domino -CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore ...) +CVE-2006-0116 NOT-FOR-US: iNETstore Ebusiness Software -CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug ...) +CVE-2006-0115 NOT-FOR-US: OnePlug Solutions OnePlug CMS -CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs ...) +CVE-2006-0114 NOT-FOR-US: Joomla! -CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...) +CVE-2006-0113 NOT-FOR-US: Enhanced Simple PHP Gallery -CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...) +CVE-2006-0112 NOT-FOR-US: Enhanced Simple PHP Gallery -CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...) +CVE-2006-0111 NOT-FOR-US: Boxcar Media Shopping Cart -CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...) +CVE-2006-0110 NOT-FOR-US: Foro Domus -CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...) +CVE-2006-0109 NOT-FOR-US: Modular Merchant Shopping Cart -CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...) +CVE-2006-0108 NOT-FOR-US: Timecan CMS -CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...) +CVE-2006-0107 NOT-FOR-US: Timecan CMS -CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...) +CVE-2006-0105 NOT-FOR-US: PostgreSQL on Windows -CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...) +CVE-2006-0104 NOT-FOR-US: TinyPHPForum -CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...) +CVE-2006-0103 NOT-FOR-US: TinyPHPForum -CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...) +CVE-2006-0102 NOT-FOR-US: TinyPHPForum -CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...) +CVE-2006-0101 NOT-FOR-US: sBLOG -CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...) +CVE-2006-0100 NOT-FOR-US: NicoFTP -CVE-2006-0099 (PHP remote file include vulnerability in (1) ...) +CVE-2006-0099 NOT-FOR-US: Valdersoft Shopping Cart -CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...) +CVE-2006-0098 NOT-FOR-US: OpenBSD -CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...) +CVE-2006-0097 - php4 (Windows specific) - php5 (Windows specific) -CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...) +CVE-2006-0096 {DSA-1017-1} - linux-2.6 (Fixed before upload into archive; 2.6.11) - kernel-source-2.4.27 2.4.27-8 -CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...) +CVE-2006-0095 {DSA-1017-1} - linux-2.6 2.6.16-1 - kernel-source-2.4.27 (2.4 doesn't have dm-crypt) -CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...) +CVE-2006-0094 NOT-FOR-US: oaBoard -CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...) +CVE-2006-0093 NOT-FOR-US: @Card ME PHP CVE-2006-0092 REJECTED -CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...) +CVE-2006-0091 NOT-FOR-US: Open-Xchange -CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...) +CVE-2006-0090 NOT-FOR-US: IDV Directory Viewer -CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...) +CVE-2006-0089 NOT-FOR-US: ESRI ArcPad -CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...) +CVE-2006-0088 NOT-FOR-US: inTouch -CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...) +CVE-2006-0087 NOT-FOR-US: Lizard Cart -CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...) +CVE-2006-0086 NOT-FOR-US: Next Generation Image Gallery -CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...) +CVE-2006-0085 NOT-FOR-US: Nkads -CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...) +CVE-2006-0084 NOT-FOR-US: raSMP -CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...) +CVE-2006-0083 {DSA-930-2 DSA-930-1} - smstools 1.16-1.1 (bug #347221; medium) -CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...) +CVE-2006-0106 {DSA-954-1 CVE-2005-4560} - wine 0.9.2-1 (bug #346197; medium) -CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...) +CVE-2006-0082 {DSA-1213} - imagemagick 6:6.2.4.5-0.6 (bug #345876) -CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics ...) +CVE-2006-0081 NOT-FOR-US: Intel -CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...) +CVE-2006-0080 NOT-FOR-US: vBulletin -CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...) +CVE-2006-0079 NOT-FOR-US: ScozNet -CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...) +CVE-2006-0078 NOT-FOR-US: B-Net Software -CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...) +CVE-2006-0077 NOT-FOR-US: File::ExtAttr -CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...) +CVE-2006-0076 NOT-FOR-US: oaBoard -CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...) +CVE-2006-0075 NOT-FOR-US: phpBook -CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...) +CVE-2006-0074 NOT-FOR-US: PHPenpals -CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...) +CVE-2006-0073 NOT-FOR-US: DiscusWare Discus -CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...) +CVE-2006-0072 NOT-FOR-US: SCO Openserver -CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...) +CVE-2006-0071 - pinentry (Gentoo-specific packaging flaw) -CVE-2006-0070 (** DISPUTED ** ...) +CVE-2006-0070 - drupal (According to upstream advisory is junk, behaviour intentional) NOTE: This will probably be REJECTED anyway -CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...) +CVE-2006-0069 NOT-FOR-US: Chipmunk Guestbook -CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...) +CVE-2006-0068 NOT-FOR-US: Primo Cart -CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...) +CVE-2006-0067 NOT-FOR-US: VEGO Links Builder -CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...) +CVE-2006-0066 NOT-FOR-US: PHPjournaler -CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...) +CVE-2006-0065 NOT-FOR-US: VEGO Web Forum -CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...) +CVE-2006-0064 NOT-FOR-US: CubeCart -CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...) +CVE-2006-0063 - phpbb2 2.0.21-1 (unimportant) [sarge] - phpbb2 (Affects only an inherently unsafe option only suitable for trusted users) NOTE: According to the maintainer only affects a config option that is strongly @@ -16335,114 +16335,114 @@ CVE-2006-0061 [xlock segfaults when using libpam-opensc] [sarge] - xlockmore (Minor issue) CVE-2006-0060 RESERVED -CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...) +CVE-2006-0059 NOT-FOR-US: LiveData -CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...) +CVE-2006-0058 {DSA-1015-1} - sendmail 8.13.6-1 (bug #358440; high) -CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) +CVE-2006-0057 NOT-FOR-US: Windows -CVE-2006-0056 (Double free vulnerability in the authentication and authentication ...) +CVE-2006-0056 - pam-mysql 0.6.2-1 (bug #353589; medium) [sarge] - pam-mysql (Vulnerable code not present) -CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...) +CVE-2006-0055 - ee 1:1.4.2-5 (bug #348322) -CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ...) +CVE-2006-0054 NOT-FOR-US: FreeBSD -CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to ...) +CVE-2006-0053 {DSA-1028-1} - libimager-perl 0.50-1 (bug #359661) -CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...) +CVE-2006-0052 {DSA-1027-1} - mailman 2.1.6-1 (bug #358892) -CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...) +CVE-2006-0051 {DSA-1023-1} - kaffeine 0.8-1 -CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...) +CVE-2006-0050 {DSA-1013-1} - snmptrapfmt 1.10 -CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...) +CVE-2006-0049 {DSA-993-2} - gnupg 1.4.2.2-1 (bug #356125; medium) - gnupg2 (Vulnerable code not activated) -CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a ...) +CVE-2006-0048 - tcpick 0.2.1-3 (bug #360571; low) [sarge] - tcpick (Minor issue) -CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...) +CVE-2006-0047 {DSA-994-1} - freeciv 2.0.8-1 (medium; bug #355211) -CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...) +CVE-2006-0046 {DSA-966-1} - adzapper 20060115-1 -CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...) +CVE-2006-0045 {DSA-949-1} - crawl 1:4.0.0beta26-7 (medium) -CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...) +CVE-2006-0044 {DSA-942-1} - albatross 1.33-1 -CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...) +CVE-2006-0043 {DSA-975-1} - nfs-user-server 2.2beta47-22 (high; bug #350020) NOTE: nfs-utils (kernel NFS server) is not affected NOTE: (it uses PATH_MAX for the buffer passed to realpath). -CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...) +CVE-2006-0042 {DSA-1000-2} - libapreq2 2.07-1 CVE-2006-0041 REJECTED -CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...) +CVE-2006-0040 - evolution 2.10.1 (bug #398064; low) [etch] - evolution (Minor issue) [sarge] - evolution (Not reproducable on Sarge) -CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...) +CVE-2006-0039 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-14 -CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...) +CVE-2006-0038 {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-1 -CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...) +CVE-2006-0037 - linux-2.6 2.6.15-3 [sarge] - kernel-source-2.6.8 (Vulnerable code not present) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) -CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...) +CVE-2006-0036 - linux-2.6 2.6.15-3 [sarge] - kernel-source-2.6.8 (Vulnerable code not present) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) -CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 ...) +CVE-2006-0035 - linux-2.6 2.6.15-3 -CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...) +CVE-2006-0019 {DSA-948-1} - kdelibs 4:3.5.1-1 (medium) -CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...) +CVE-2006-0034 NOT-FOR-US: Microsoft -CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) +CVE-2006-0033 NOT-FOR-US: Microsoft -CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in ...) +CVE-2006-0032 NOT-FOR-US: Microsoft -CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...) +CVE-2006-0031 NOT-FOR-US: Microsoft -CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) +CVE-2006-0030 NOT-FOR-US: Microsoft -CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) +CVE-2006-0029 NOT-FOR-US: Microsoft -CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) +CVE-2006-0028 NOT-FOR-US: Microsoft -CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...) +CVE-2006-0027 NOT-FOR-US: Microsoft -CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...) +CVE-2006-0026 NOT-FOR-US: Microsoft -CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...) +CVE-2006-0025 NOT-FOR-US: Microsoft Windows Media Player -CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 ...) +CVE-2006-0024 - flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105) [sarge] - flashplugin-nonfree (Only affects proprietary Flash plugin) -CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly ...) +CVE-2006-0023 NOT-FOR-US: Microsoft -CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office ...) +CVE-2006-0022 NOT-FOR-US: Microsoft PowerPoint -CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows ...) +CVE-2006-0021 NOT-FOR-US: Microsoft -CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...) +CVE-2006-0020 NOT-FOR-US: Microsoft CVE-2006-0018 REJECTED @@ -16450,33 +16450,33 @@ CVE-2006-0017 RESERVED CVE-2006-0016 RESERVED -CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...) +CVE-2006-0015 NOT-FOR-US: Microsoft -CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...) +CVE-2006-0014 NOT-FOR-US: Microsoft -CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...) +CVE-2006-0013 NOT-FOR-US: Microsoft -CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...) +CVE-2006-0012 NOT-FOR-US: Microsoft CVE-2006-0011 REJECTED -CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...) +CVE-2006-0010 NOT-FOR-US: Microsoft -CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...) +CVE-2006-0009 NOT-FOR-US: Microsoft -CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...) +CVE-2006-0008 NOT-FOR-US: Microsoft -CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 ...) +CVE-2006-0007 NOT-FOR-US: Microsoft -CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...) +CVE-2006-0006 NOT-FOR-US: Microsoft -CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...) +CVE-2006-0005 NOT-FOR-US: Microsoft -CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...) +CVE-2006-0004 NOT-FOR-US: Microsoft -CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...) +CVE-2006-0003 NOT-FOR-US: RDS.Dataspace -CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...) +CVE-2006-0002 NOT-FOR-US: Microsoft -CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 ...) +CVE-2006-0001 NOT-FOR-US: Microsoft -- cgit v1.2.3