CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote s ...) - curl 7.10.7-1 NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...) NOT-FOR-US: GE Healthcare Discovery VH CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in t ...) - linux (Fixed before rename to src:linux) - linux-2.6 (Fixed before initial upload of linux-2.6 in Debian) NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2 CVE-2003-1602 REJECTED CVE-2003-1601 REJECTED CVE-2003-1600 REJECTED CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...) NOT-FOR-US: WordPress plugin wp-links CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...) - wordpress 1.0.1-1 CVE-2003-1597 RESERVED CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: Novell NetWare CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) NOT-FOR-US: Novell NetWare CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) NOT-FOR-US: Novell NetWare CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) NOT-FOR-US: Novell NetWare CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell Ne ...) NOT-FOR-US: Novell NetWare CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) NOT-FOR-US: Novell NetWare CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...) NOT-FOR-US: Sun ONE Web Server CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 befo ...) NOT-FOR-US: Sun ONE Web Server CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, s ...) NOT-FOR-US: Sun Cluster CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote att ...) NOT-FOR-US: LoganPro CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote at ...) NOT-FOR-US: WebExpert CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...) NOT-FOR-US: WebLogExpert CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote at ...) NOT-FOR-US: SurfStats CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote at ...) NOT-FOR-US: WebTrends CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...) NOT-FOR-US: Microsoft CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...) - apache (unimportant) - apache2 (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...) - apache (unimportant) - apache2 (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...) NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Mana ...) NOT-FOR-US: Sun Management Center CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patc ...) NOT-FOR-US: VERITAS File System CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ent ...) - tikiwiki CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference impleme ...) NOT-FOR-US: Historic issues in proprietary Java CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ap ...) NOT-FOR-US: Historic issues in proprietary Java CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root ...) NOT-FOR-US: Web Wiz Guestbook CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2 ...) NOT-FOR-US: Tivoli CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...) NOT-FOR-US: Windows CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a deni ...) NOT-FOR-US: GoAhead WebServer CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information Servic ...) NOT-FOR-US: IIS CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log request ...) NOT-FOR-US: IIS CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion dur ...) NOT-FOR-US: Old CVE id CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Applicat ...) NOT-FOR-US: Oracle CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...) - openssh 1:3.8.1p1-8.sarge.4 (low) CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...) NOT-FOR-US: ancient issue CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...) NOT-FOR-US: ancient issue CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...) NOT-FOR-US: ancient issue CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to cre ...) - fnord 1.7-1 (low) CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...) - spamassassin 3.1.7-2 CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI Cit ...) NOT-FOR-US: CGI City CC Guestbook CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...) NOT-FOR-US: ScozNet ScozBook CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNe ...) NOT-FOR-US: ScozNet ScozBook CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores se ...) NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...) NOT-FOR-US: Uploader CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before R ...) NOT-FOR-US: Novell GroupWise CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to o ...) NOT-FOR-US: XOOPS CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWe ...) NOT-FOR-US: MyABraCaDaWeb CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sens ...) NOT-FOR-US: MyABraCaDaWeb CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the Sp ...) NOT-FOR-US: Splatt Forum module for PHP-Nuke CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased gue ...) NOT-FOR-US: Filebased guestbook CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php a ...) NOT-FOR-US: nukestyles.com addon for PHP-Nuke CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows 2 ...) NOT-FOR-US: Windows CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95 ...) NOT-FOR-US: Bajie Http Web Server CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in phpWebFileMan ...) NOT-FOR-US: phpWebFileManager CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...) NOT-FOR-US: PlanetMoon Guestbook CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...) NOT-FOR-US: WF-Chat CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manag ...) NOT-FOR-US: ONEdotOH Simple File CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Op ...) NOT-FOR-US: predating security tracker CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...) NOT-FOR-US: PostNuke CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Techno ...) NOT-FOR-US: Codeworx Technologies DCP-Portal CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full insta ...) NOT-FOR-US: Justice Guestbook CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestb ...) NOT-FOR-US: Justice Guestbook CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows r ...) NOT-FOR-US: PhpPass CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows rem ...) NOT-FOR-US: PhpMyShop CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Sof ...) NOT-FOR-US: Lilikoi Software Ceilidh CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...) - phpbb2 (Vulnerable versions too old to have been in Debian) CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk a ...) NOT-FOR-US: Seagull Software Systems J Walk CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ov ...) NOT-FOR-US: Fujitsu Siemens NetWorker CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configur ...) NOT-FOR-US: not processed, predates tracker CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path v ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlie ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch u ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repea ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial o ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug- ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service (cras ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a defau ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access s ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast Arbei ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in cpCommerc ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP Manag ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6. ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allo ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incom ...) NOT-FOR-US: Kerio Personal Firewall CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to caus ...) NOT-FOR-US: SonicWall Pro CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read arbitrar ...) NOT-FOR-US: Truegalerie CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...) NOT-FOR-US: Truegalerie CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4 ...) NOT-FOR-US: Phorum CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full pa ...) NOT-FOR-US: Phorum CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to by ...) NOT-FOR-US: Clearswift MAILsweeper CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, whic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base stati ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, w ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, w ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write pe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust Exce ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote at ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 throug ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ex ...) NOT-FOR-US: HP-UX CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the destina ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and tt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum al ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, wh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer functi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ca ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the en ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption alg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files wit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does n ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores pass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passw ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthentic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the challe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface i ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the director ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitra ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to impor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin Streami ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS Syste ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1411 (PHP remote file inclusion vulnerability in emailreader_execute_on_each ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by s ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the so ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module fo ...) NOT-FOR-US: PhpNuke CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...) - eject 2.0.13-1 CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts fals ...) NOT-FOR-US: Cisco CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...) NOT-FOR-US: Opera CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote at ...) NOT-FOR-US: Opera CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...) NOT-FOR-US: KaZaA Media Desktop CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information su ...) NOT-FOR-US: CoffeeCup Software Password Wizard CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to caus ...) NOT-FOR-US: Gupta SQLBase CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to e ...) NOT-FOR-US: CryptoBuddy CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the p ...) NOT-FOR-US: CryptoBuddy CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byt ...) NOT-FOR-US: CryptoBuddy CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without war ...) NOT-FOR-US: CryptoBuddy CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to cr ...) NOT-FOR-US: Opera CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, a ...) NOT-FOR-US: Opera CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ob ...) NOT-FOR-US: AXIS 2400 Video Server CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ex ...) NOT-FOR-US: Invision Power Board CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1 ...) NOT-FOR-US: PY-Livredor CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: WEB-ERP CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...) NOT-FOR-US: ISMail CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Val ...) NOT-FOR-US: AMX Half-Life Server CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 allow ...) NOT-FOR-US: BisonFTP Server CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obt ...) NOT-FOR-US: clarkconnectd CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...) NOT-FOR-US: Microsoft Outlook CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...) NOT-FOR-US: Smart IRC Daemon CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected Z ...) NOT-FOR-US: WinZip 8.0 CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...) NOT-FOR-US: HP-UX 10.20 CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to exec ...) NOT-FOR-US: HP-UX 11.0 CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...) - phpbb2 (phpbb was the vulnerable one) CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in myPHPN ...) NOT-FOR-US: myPHPNuke CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote attacker ...) NOT-FOR-US: Nuked-Klan CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...) NOT-FOR-US: Nuked-Klan CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote attacker ...) NOT-FOR-US: ByteCatcher FTP client CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...) NOT-FOR-US: 32bit FTP client CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and possib ...) NOT-FOR-US: Majordomo CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...) NOT-FOR-US: OpenBSD 2.0 CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...) NOT-FOR-US: CGI::Lite 2.0 CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versi ...) NOT-FOR-US: Abyss Web Server CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...) NOT-FOR-US: Abyss Web Server CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configu ...) NOT-FOR-US: HP-UX CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli St ...) NOT-FOR-US: HP-UX CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) land ...) NOT-FOR-US: HP-UX CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...) NOT-FOR-US: HP-UX CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variabl ...) NOT-FOR-US: HP-UX CVE-2003-1357 (ProxyView has a default administrator password of Administrator for Em ...) NOT-FOR-US: ProxyView CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 th ...) NOT-FOR-US: HP-UX CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 a ...) NOT-FOR-US: Battlefield CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...) NOT-FOR-US: Battlefield CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach Projec ...) NOT-FOR-US: Outreach CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login an ...) - gabber 0.8.8-1 - gabber2 (No code to send data to update@jabber.org) CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...) NOT-FOR-US: EditTag CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by i ...) NOT-FOR-US: List Site Pro 2.0 CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...) NOT-FOR-US: NITE ftp-server CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...) NOT-FOR-US: Guestbook CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 a ...) NOT-FOR-US: Geeklog CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allo ...) NOT-FOR-US: DWL-900AP CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...) NOT-FOR-US: WebCollection CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote at ...) NOT-FOR-US: Trend Micro Virus Control System CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 mi ...) NOT-FOR-US: Trend Micro ScanMail for Exchange CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows re ...) NOT-FOR-US: Trend Micro Virus Control System CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 an ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...) NOT-FOR-US: Php-Nuke CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotosha ...) NOT-FOR-US: eZnet CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ea ...) NOT-FOR-US: Abyss Web Server CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earl ...) NOT-FOR-US: Abyss Web Server CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...) NOT-FOR-US: mIRC CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple a ...) NOT-FOR-US: snif CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge s ...) NOT-FOR-US: snif CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) implementati ...) NOT-FOR-US: InterSystems Cache CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba 2.2 ...) - samba (Vulnerable version not in any suite) CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...) - mysql-dfsg-5.0 (Newer versions in all suites apart oldstable) NOTE: oldstable is affected, everything else uses libmysqlclient15 CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on ...) NOT-FOR-US: MAILsweeper CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...) - wu-ftpd 2.6.2-4 CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlie ...) - wu-ftpd 2.6.2-26 (unimportant; bug #425162) NOTE: Linux' limit is 4096 chars CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...) NOT-FOR-US: Half-Life CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...) NOT-FOR-US: Elm, removed in 2002 CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the operatin ...) NOT-FOR-US: Elm, removed in 2002 CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...) NOT-FOR-US: MERCUR IMAPD CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...) NOT-FOR-US: Avant Browser CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a d ...) NOT-FOR-US: SonicWALL CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions befo ...) NOT-FOR-US: SmartFTP CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial o ...) NOT-FOR-US: Twilight Webserver CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 a ...) NOT-FOR-US: eNdonesia CMS CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: eNdonesia CMS CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...) NOT-FOR-US: Land Down Under (LDU) CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in EternalMa ...) NOT-FOR-US: EternalMart Guestbook (EMGB) CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart Mail ...) NOT-FOR-US: EternalMart Mailing List Manager (EMLM) CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a sess ...) NOT-FOR-US: Netegrity SiteMinder CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensu ...) NOT-FOR-US: Netegrity SiteMinder CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) i ...) NOT-FOR-US: Norton CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver (VSDATANT ...) NOT-FOR-US: ZoneAlarm CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x bef ...) - fvwm 2.5.10-1 CVE-2003-1307 NOTE: More of an apache flaw than a php flaw. And just one more reason NOTE: why you have lost as soon as an attacker can execute arbitrary NOTE: php scripts. NOTE: http://www.securityfocus.com/bid/9302 NOTE: Probably an unfixable design flaw. But if you can execute a malicious NOTE: program, you can do $BADSTUFF anyway. - apache (unimportant) - apache2 (unimportant) CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, all ...) NOT-FOR-US: Microsoft CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Microsoft CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...) NOT-FOR-US: EarlyImpact ProductCart CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP functi ...) NOT-FOR-US: Microsoft Internet Explore CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...) - php4 4:4.3.2+rc3-1 CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x befor ...) - sun-java5 1.5.0-06-1 (low; bug #384734) CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...) NOT-FOR-US: Baby FTP Server CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...) NOT-FOR-US: Baby FTP Server CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in AnyPor ...) NOT-FOR-US: Veritas Backup CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated use ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ver ...) - xscreensaver 4.21-1 NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included NOTE: in the Sarge version --jmm CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) dri ...) - xscreensaver 4.15-1 CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestB ...) NOT-FOR-US: NukedWeb CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 al ...) NOT-FOR-US: Derek Ashauer ashNews CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute a ...) NOT-FOR-US: VMware CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI a ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5. ...) NOT-FOR-US: NetBSD CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.2 ...) - kernel-patch-ctx 1:1.29-1 CVE-2003-XXXX [Insecure tempfile in x-face-el] - x-face-el 1.3.6.23-1 NOTE: DSA-340 CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...) NOT-FOR-US: Sambar CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...) NOT-FOR-US: Sambar CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server b ...) NOT-FOR-US: Sambar CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain sens ...) NOT-FOR-US: Sambar CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...) NOT-FOR-US: Kazaa CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information s ...) NOT-FOR-US: IBM Net.Data CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a sym ...) NOT-FOR-US: cgihtml CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote attack ...) NOT-FOR-US: cgihtml CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and possibl ...) NOT-FOR-US: S-PLUS CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows rem ...) NOT-FOR-US: OpenTopic CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Boa ...) NOT-FOR-US: YaBB CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...) NOT-FOR-US: NetTelephone CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...) NOT-FOR-US: Pocket Internet Explorer CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Winamp CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Winamp CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to caus ...) NOT-FOR-US: Winamp CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remot ...) NOT-FOR-US: AN HTTP CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service (bo ...) NOT-FOR-US: AN HTTP CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server pa ...) NOT-FOR-US: AN HTTP CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) add ...) NOT-FOR-US: a.shopKart CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: GuildFTPd CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...) NOT-FOR-US: EServer CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...) NOT-FOR-US: Ancient Mozilla issue CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, an ...) NOT-FOR-US: Longshine hardware CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: iCal CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1 ...) - libhttpfetcher 1.1.0-1 CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...) NOT-FOR-US: CuteFTP CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbi ...) NOT-FOR-US: CuteFTP CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to caus ...) NOT-FOR-US: CuteFTP CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows re ...) NOT-FOR-US: versatileBulletinBoard CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain sensi ...) NOT-FOR-US: E-theni CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute arb ...) NOT-FOR-US: E-theni CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote at ...) NOT-FOR-US: Active PHP Bookmarks CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute a ...) NOT-FOR-US: Active PHP Bookmarks CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows rem ...) NOT-FOR-US: Bookmark4U CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute arbitra ...) NOT-FOR-US: S8Forum CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...) NOT-FOR-US: N/X 2000 CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 confi ...) NOT-FOR-US: Efficient Networks hardware issue CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which allow ...) NOT-FOR-US: WebIntelligence CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary com ...) NOT-FOR-US: WebShell CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attack ...) NOT-FOR-US: WebShell CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...) NOT-FOR-US: Integrity Protection Driver CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain administrat ...) NOT-FOR-US: Mambo CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...) - phpbb2 (Fixed before upload into archive; 2.0.3) CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...) NOT-FOR-US: Sage CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...) NOT-FOR-US: Sage CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) a ...) NOT-FOR-US: MyGuestbook CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...) NOT-FOR-US: CuteNews CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 al ...) NOT-FOR-US: WihPhoto CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ea ...) NOT-FOR-US: Nuked-Klan CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earli ...) NOT-FOR-US: WWWBoard CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in netzi ...) NOT-FOR-US: Tanne CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...) NOT-FOR-US: BRW WebWeaver CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...) NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier al ...) NOT-FOR-US: Integrity Protection Driver CVE-2003-XXXX [fuzz: Insecure temp file usage] - fuzz 0.6-7.1 (bug #183047) CVE-2003-XXXX [Insecure temp files in lilo] - lilo 1:22.4-1 (bug #173238; bug #292073; low) CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp co ...) - emacs21 21.3-1 (bug #286183; medium) CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...) NOT-FOR-US: ECW-Shop CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...) NOT-FOR-US: (FreeBSD) NOTE: old freebsd, before it was introduced in Debian CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...) NOT-FOR-US: Sun JSSE and JRE CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...) - mathopd 1.5b14 CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...) - gallery 1.4.1 CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...) NOT-FOR-US: BEA CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 a ...) NOT-FOR-US: BEA CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 dis ...) NOT-FOR-US: BEA CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 S ...) NOT-FOR-US: BEA CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a for ...) NOT-FOR-US: BEA CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ci ...) NOT-FOR-US: BEA CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6 ...) NOT-FOR-US: BEA CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) NOT-FOR-US: osCommerce CVE-2003-1218 REJECTED CVE-2003-1217 REJECTED CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - phpbb2 2.0.8a-1 CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) - phpbb2 2.0.8a-1 CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) NOT-FOR-US: VisualShapers CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal databa ...) NOT-FOR-US: MaxWebPortal CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized acti ...) NOT-FOR-US: MaxWebPortal CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPorta ...) NOT-FOR-US: PHP-Nuke CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...) NOT-FOR-US: MaxWebPortal CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows rem ...) NOT-FOR-US: Monkey CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local us ...) NOT-FOR-US: Oracle CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a den ...) NOT-FOR-US: Crob CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote at ...) NOT-FOR-US: Crob CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a de ...) NOT-FOR-US: Crob CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...) NOT-FOR-US: Mambo CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site S ...) NOT-FOR-US: Mambo CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.c ...) NOT-FOR-US: LedForums CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: HTTP Commander CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and earli ...) NOT-FOR-US: omail webmail CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDA ...) - openldap2 2.1.17-1 CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 thr ...) NOT-FOR-US: MDaemon CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows re ...) NOT-FOR-US: MyProxy CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote attacke ...) - cherokee 0.4.21b01-1 CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows re ...) NOT-FOR-US: VieBoard CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 al ...) NOT-FOR-US: VieBoard CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 all ...) NOT-FOR-US: Booby CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of Va ...) NOT-FOR-US: Portal DB CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote a ...) NOT-FOR-US: IA WebMail Server CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) NOT-FOR-US: e107 CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) NOT-FOR-US: PHPRecipeBook CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, al ...) NOT-FOR-US: Nokia IPSO CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) b ...) NOT-FOR-US: Unichat CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6. ...) NOT-FOR-US: PHPKIT CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allo ...) NOT-FOR-US: TelCondex SimpleWebServer CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 a ...) NOT-FOR-US: ThWboard CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2 ...) NOT-FOR-US: ThWboard CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3 ...) NOT-FOR-US: Oracle Collaboration Suite CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows r ...) NOT-FOR-US: MPM Guestbook CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Advanced Poll CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) NOT-FOR-US: Advanced Poll CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2. ...) NOT-FOR-US: Advanced Poll CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 al ...) NOT-FOR-US: Advanced Poll CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) NOT-FOR-US: MERCUR Mailserver CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote m ...) NOT-FOR-US: Web Wiz Forums CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 a ...) NOT-FOR-US: Sympoll CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) NOT-FOR-US: NullSoft Shoutcast Server CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) NOT-FOR-US: Centrinity FirstClass CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in Ap ...) NOT-FOR-US: Apache Software Foundation Cocoon CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in mod_secur ...) - libapache-mod-security 1.8.4-1 CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) NOT-FOR-US: kpopup CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) NOT-FOR-US: DATEV Nutzungskontrolle CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killa ...) NOT-FOR-US: kpopup CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.as ...) NOT-FOR-US: HTTP Commander CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attack ...) NOT-FOR-US: BRS WebWeaver CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remo ...) - mldonkey 2.5.11-1 CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denia ...) NOT-FOR-US: Ganglia gmond CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) NOT-FOR-US: Tritanium Bulletin Board CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) - linux-2.6 (Never released, only temporary in Bitkeeper) CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass a ...) NOT-FOR-US: FlexWATCH CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to caus ...) NOT-FOR-US: Plug and Play Web Server CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web Serv ...) NOT-FOR-US: Plug and Play Web Server CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFr ...) NOT-FOR-US: Citrix CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4. ...) NOT-FOR-US: Sun JRE/SDK CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrit ...) - xcdroast 0.98+0alpha15-1 (bug #310046) CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus prote ...) NOT-FOR-US: MAILsweeper CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) NOT-FOR-US: byteHoard CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) NOT-FOR-US: WebTide CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6. ...) NOT-FOR-US: Fastream CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) NOT-FOR-US: Novell portmapper CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet S ...) NOT-FOR-US: Symantec Norton Internet Security CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...) NOT-FOR-US: Les Visiteurs CVE-2003-1147 REJECTED CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) NOT-FOR-US: Easy PHP Photo Album CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAuto ...) NOT-FOR-US: OpenAutoClassifieds CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe 1 ...) NOT-FOR-US: Perception LiteServe CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) NOT-FOR-US: Croteam Serious Sam demo CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) NOT-FOR-US: NIPrint LPD-LPR CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute arb ...) NOT-FOR-US: NIPrint LPD-LPR CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbi ...) NOT-FOR-US: Musicqueue CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by tr ...) NOT-FOR-US: Musicqueue CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat Li ...) - apache2 (Red Hat specific default config) CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to r ...) NOT-FOR-US: sh-httpd CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1. ...) NOT-FOR-US: Chi Kien Uong Guestbook CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cau ...) NOT-FOR-US: Yahoo! Messenger CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) NOT-FOR-US: Sun JVM CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts wit ...) NOT-FOR-US: The Bat! CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) NOT-FOR-US: Cisco CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in KnowledgeBuild ...) NOT-FOR-US: ActiveCampaign KnowledgeBuilder CVE-2003-1130 REJECTED CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) Acti ...) NOT-FOR-US: Yahoo Audio Conferencing ActiveX control CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) NOT-FOR-US: X2 XMMS Remote CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) NOT-FOR-US: e-Gap CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) NOT-FOR-US: SunOne/iPlanet CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5 ...) NOT-FOR-US: SunOne CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) NOT-FOR-US: Sun Management Center CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) NOT-FOR-US: Sun JRE CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses insecu ...) NOT-FOR-US: ScriptLogic CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) NOT-FOR-US: ScriptLogic CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) NOT-FOR-US: SSH Tectia Server CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a denia ...) - openssh CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) - setiathome 3.04 CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) NOT-FOR-US: RealSystem Server CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) NOT-FOR-US: Oracle E-Business Suite CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel Network ...) NOT-FOR-US: Nortel Networks Succession Communication Server CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix Tele ...) NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP Expr ...) NOT-FOR-US: IPTel SIP Express Router CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate Firewal ...) NOT-FOR-US: Ingate Firewall and Ingate SIParator CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple dynam ...) NOT-FOR-US: dynamicsoft CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP U ...) NOT-FOR-US: Columbia SIP User Agent CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) NOT-FOR-US: Cisco CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel OmniPC ...) NOT-FOR-US: Alcatel CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) NOT-FOR-US: Microsoft CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote at ...) NOT-FOR-US: Microsoft CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 al ...) NOT-FOR-US: MSIE CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remot ...) NOT-FOR-US: IBM Tivoli Firewall Toolbox CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) NOT-FOR-US: Hummingbird CyberDOCS CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ins ...) NOT-FOR-US: Hummingbird CyberDOCS CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to o ...) NOT-FOR-US: Hummingbird CyberDOCS CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird Cyb ...) NOT-FOR-US: Hummingbird CyberDOCS CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files wi ...) NOT-FOR-US: shar on HP-UX CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) NOT-FOR-US: HP-UX) CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) NOT-FOR-US: HP-UX) CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses passwo ...) NOT-FOR-US: Cisco CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" s ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain cod ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a J ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) - file 3.4.1 CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streamin ...) NOT-FOR-US: Apple QuickTime/Darwin Streaming Server CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attac ...) NOT-FOR-US: AbsoluteTelnet CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) NOT-FOR-US: Zorum CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 an ...) NOT-FOR-US: Zorum CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in H ...) NOT-FOR-US: diagmond on HP-UX CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...) NOT-FOR-US: pMachine CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) NOT-FOR-US: Thomson cable modem CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) - monit 1:4.2.1-1 CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attacker ...) - monit 1:4.2.1-1 CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Solaris CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Solaris CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local u ...) NOT-FOR-US: Solaris CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC ...) NOT-FOR-US: Solaris CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enab ...) NOT-FOR-US: Solaris CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ena ...) NOT-FOR-US: Solaris CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) NOT-FOR-US: Solaris CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 thro ...) NOT-FOR-US: Solaris CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local users to g ...) NOT-FOR-US: Solaris CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows lo ...) NOT-FOR-US: Solaris CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a deni ...) NOT-FOR-US: Solaris CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users t ...) NOT-FOR-US: Solaris CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remo ...) NOT-FOR-US: Solaris CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) NOT-FOR-US: Solaris CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Solaris CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ndb ...) NOT-FOR-US: Solaris CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) NOT-FOR-US: Solaris CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and 10899 ...) NOT-FOR-US: Solaris CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) NOT-FOR-US: Solaris CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 10880 ...) NOT-FOR-US: Solaris CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) NOT-FOR-US: Solaris CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) NOT-FOR-US: Solaris CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to caus ...) NOT-FOR-US: Solaris CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in S ...) NOT-FOR-US: Solaris CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) NOT-FOR-US: Solaris CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solari ...) NOT-FOR-US: Solaris CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to crea ...) NOT-FOR-US: Solaris CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 m ...) NOT-FOR-US: Solaris CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: mod_access_referer CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute arbitr ...) - xshisen 1.51-1-1 (bug #213957) CVE-2003-1565 REJECTED CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modi ...) NOT-FOR-US: IBM DB2 CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database 8 ...) NOT-FOR-US: IBM DB2 CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) NOT-FOR-US: IBM DB2 CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS dire ...) NOT-FOR-US: IBM DB2 CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of Intern ...) NOT-FOR-US: microsoft CVE-2003-1047 REJECTED CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) - bugzilla 2.16.4-1 CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, a ...) - bugzilla 2.16.4-1 CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) - bugzilla 2.16.4-1 CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) - bugzilla 2.16.4-1 CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) - bugzilla 2.16.4-1 CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute arbit ...) NOT-FOR-US: microsoft CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0 ...) NOTE: linux kernel kmod local DoS, fixed in all current kernels CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) NOT-FOR-US: SAP CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows r ...) NOT-FOR-US: SAP CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet Tr ...) NOT-FOR-US: SAP CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet Tran ...) NOT-FOR-US: SAP CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to b ...) NOT-FOR-US: SAP CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserv ...) NOT-FOR-US: SAP CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) NOT-FOR-US: SAP CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) NOT-FOR-US: Pi3Web not in debian CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) NOT-FOR-US: VBulletin CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows rem ...) NOT-FOR-US: Dameware CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote at ...) {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote attacke ...) NOT-FOR-US: microsoft CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) NOT-FOR-US: microsoft CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOT-FOR-US: microsoft CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) NOT-FOR-US: microsoft CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) NOT-FOR-US: solaris CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) {DSA-424} - mc 1:4.6.0-4.6.1-pre1-1 CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local user ...) NOT-FOR-US: SCO CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 al ...) - irssi-text 0.8.9-0.1 CVE-2003-1019 RESERVED CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 al ...) NOT-FOR-US: AIX CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) - flashplugin-nonfree 7.0.25-1 CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) NOTE: Multiple vendor MIME quote bypass filtering CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) - mime-tools 5.411-2 CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) NOTE: Multiple vendor MIME RFC822 comment bypass filtering CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows r ...) {DSA-407} - ethereal 0.10.0-1 CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) {DSA-407} - ethereal 0.10.0-1 CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keybo ...) NOT-FOR-US: Apple CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Ma ...) NOT-FOR-US: Apple CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 an ...) NOT-FOR-US: Apple CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) NOT-FOR-US: Apple CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not pro ...) NOT-FOR-US: Apple CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 a ...) NOT-FOR-US: Apple CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote atta ...) NOT-FOR-US: Apple CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Clien ...) NOT-FOR-US: Cisco CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attacke ...) NOT-FOR-US: Cisco CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) NOT-FOR-US: Cisco CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) NOT-FOR-US: Cisco CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service (cras ...) - xchat 2.0.7 CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint li ...) NOT-FOR-US: Solaris CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer Associat ...) NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer Associate ...) NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows r ...) NOT-FOR-US: Microsoft CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) - mailman 2.1.3 CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) - squirrelmail 1.4.2 (low) NOTE: Only potentially exploitable withexternel GPG Plugin, see NOTE: http://www.securityfocus.com/archive/1/348366 NOTE: The potential problems have been fixed as of 1.4.2 CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of serv ...) {DSA-425} - tcpdump 3.8.1 CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...) - apache 1.3.29.0.2-5 CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...) - kernel-source-2.4.27 (Fixed before initial upload; 2.4.24) - linux-2.6 (Fixed before upload into archive; 2.6.2) CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do n ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.2) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.24-rc1) CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that shoul ...) NOT-FOR-US: Cisco CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) NOT-FOR-US: Cisco CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) NOT-FOR-US: visitorbook.pl CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) NOT-FOR-US: visitorbook.pl CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape l ...) NOT-FOR-US: visitorbook.pl CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP interface ...) NOT-FOR-US: gpgkeys_hkp CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) - cvs 1:1.11.10 CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) NOT-FOR-US: netware CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 al ...) NOT-FOR-US: MacOS CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct unauth ...) NOT-FOR-US: Applied Watch Command Center CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x befo ...) {DSA-452} - libapache-mod-python 2:2.7.10-1 CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, a ...) {DSA-408} - screen 4.0.2-0.1 CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal typ ...) {DSA-429} - gnupg 1.2.4-1 CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote at ...) NOT-FOR-US: Sun Fire B1600 CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experim ...) - freeradius 1.0.1 (unimportant) NOTE: freeradius module in question is not built in debian package CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) - freeradius 0.9.2-4 CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) Un ...) NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for M ...) {DSA-436} - mailman 2.1.4-1 CVE-2003-0964 REJECTED CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) {DSA-406} - lftp 2.6.10-1 CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in serv ...) {DSA-404} - rsync 2.5.6-1.1 CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in Lin ...) {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.23-pre7) CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) NOT-FOR-US: OpenCA CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 architectu ...) - kernel-source-2.4.27 (Fixed before initial upload; 2.4.21) CVE-2003-0958 RESERVED CVE-2003-0957 RESERVED CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel p ...) - kernel-source-2.4.27 (Fixed before initial upload; 2.4.22) CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ser ...) NOT-FOR-US: OpenBSD CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users t ...) NOT-FOR-US: rcp CVE-2003-0953 REJECTED CVE-2003-0952 REJECTED CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) NOT-FOR-US: HP-UX CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) NOT-FOR-US: PeopleSoft PeopleTools CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and executi ...) {DSA-405} - xsok 1.02-11 CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary co ...) - wireless-tools (iwconfig not setuid/setgid in Debian) CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) - wireless-tools (iwconfig not setuid/setgid in Debian) CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 t ...) - clamav 0.65 CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 gene ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB b ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ar ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for S ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB ...) NOT-FOR-US: SAP database server (SAP DB) CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) NOT-FOR-US: SAP database server (SAP DB) CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to b ...) NOT-FOR-US: UnixWare CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows att ...) NOT-FOR-US: PCAnywhere CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) - net-snmp 5.0.9 CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the defa ...) NOT-FOR-US: Symbol Access Portable Data Terminal CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) {DSA-398} - conquest 7.2-5 CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute arbitr ...) {DSA-400} - omega-rpg 1:0.90-pa9-11 CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Sygate Enforcer CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect filename ...) NOT-FOR-US: Clearswift MAILsweeper CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...) NOT-FOR-US: Clearswift MAILsweeper CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...) NOT-FOR-US: Clearswift MAILsweeper CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remot ...) {DSA-407} - ethereal 0.9.16-0.1 CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) {DSA-407} - ethereal 0.9.16-0.1 CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) {DSA-407} - ethereal 0.9.16-0.1 CVE-2003-0923 REJECTED CVE-2003-0922 REJECTED CVE-2003-0921 REJECTED CVE-2003-0920 REJECTED CVE-2003-0919 REJECTED CVE-2003-0918 REJECTED CVE-2003-0917 REJECTED CVE-2003-0916 RESERVED CVE-2003-0915 RESERVED CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote att ...) {DSA-409} - bind 1:8.4.3-1 CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 (C ...) NOT-FOR-US: MacOS CVE-2003-0912 RESERVED CVE-2003-0911 RESERVED CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the Loca ...) NOT-FOR-US: Windows CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by creatin ...) NOT-FOR-US: Windows CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe wi ...) NOT-FOR-US: Windows CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) NOT-FOR-US: Windows CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) NOT-FOR-US: Windows CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) NOT-FOR-US: Windows CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) {DSA-402} - minimalist 2.4-1 CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3 ...) {DSA-397} - postgresql 7.3.4-1 NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the NOTE: DSA, that's why the DSA says that unstable is not affected. CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random numb ...) - perl 5.8.2 CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allo ...) {DSA-396} - thttpd 2.23beta1-2.3 CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, all ...) NOT-FOR-US: IBM DB2 CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) NOT-FOR-US: microsoft CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) NOT-FOR-US: Sun/Java CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) NOT-FOR-US: Apple CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9 ...) NOT-FOR-US: Oracle CVE-2003-0893 RESERVED CVE-2003-0892 RESERVED CVE-2003-0891 RESERVED CVE-2003-0890 RESERVED CVE-2003-0889 RESERVED CVE-2003-0888 RESERVED CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache file ...) NOTE: verified Debian is not explitable; we don't put the cache in /tmp CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier all ...) {DSA-401} - hylafax 1:4.1.8-1 CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have bee ...) - xscreensaver 4.15 CVE-2003-0884 RESERVED CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) NOT-FOR-US: Apple CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant num ...) NOT-FOR-US: Apple CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Res ...) NOT-FOR-US: Apple CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ac ...) NOT-FOR-US: Apple CVE-2003-0879 REJECTED CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ar ...) NOT-FOR-US: Apple CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ove ...) NOT-FOR-US: Apple CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute p ...) NOT-FOR-US: Apple CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for OpenS ...) NOTE: Vulnerable code not shipped in the binary package - openslp 1.0.11a-1 (unimportant) CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier al ...) NOT-FOR-US: Deskpro CVE-2003-0873 REJECTED CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to overwr ...) NOT-FOR-US: SCO CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) NOT-FOR-US: Apple CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attack ...) NOT-FOR-US: Opera CVE-2003-0869 REJECTED CVE-2003-0868 REJECTED CVE-2003-0867 REJECTED CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat 4.0. ...) {DSA-395} - tomcat4 4.1.24-2 CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) {DSA-435} - mpg123 0.59r-15 CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10. ...) - ircd-irc2 2.10.3p5-1 CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of PH ...) NOTE: php4, this bug appears not to have been fixed. NOTE: submitted to BTS on libapache-mod-php4 NOTE: developer claims there is no problem CVE-2003-0862 REJECTED CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) - php4 4:4.3.3-1 CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown a ...) - php4 4:4.3.3-1 CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows l ...) NOTE: affects glibc 2.2.4, Debian uses 2.3.2 CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) {DSA-415} - quagga 0.96.4x-4 CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...) NOT-FOR-US: Data predating security tracker CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of serv ...) {DSA-492} - iproute 20010824-13.1 CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of se ...) - pan 0.13.4-1 CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to consum ...) - coreutils 5.2.1-1 CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may a ...) - coreutils 5.2.1-1 CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) - sylpheed-claws 0.9.8claws-1 CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service (c ...) - openssl096 0.9.6l CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) {DSA-410} - libnids 1.18-1 CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote a ...) - cfengine2 2.0.9+2.1.0b3-1 CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly othe ...) {DSA-428} - slocate 2.7-3 CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows lo ...) NOT-FOR-US: SuSE CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allow ...) NOT-FOR-US: SuSE CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) NOT-FOR-US: JBoss CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) - libapache-mod-gzip (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) - libapache-mod-gzip (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) - libapache-mod-gzip (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in gues ...) NOT-FOR-US: Peoplesoft CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other oper ...) NOT-FOR-US: HPUX CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) NOT-FOR-US: microsoft CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) NOT-FOR-US: microsoft CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Win ...) NOT-FOR-US: IBM DB2 CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) NOT-FOR-US: IBM DB2 CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 a ...) NOTE: mplayer fixed before upload CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) NOT-FOR-US: CDE CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to e ...) {DSA-392} - webfs 1.20 CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote a ...) {DSA-392} - webfs 1.20 CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline cha ...) - proftpd 1.2.9-1 CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to gai ...) {DSA-390} - marbles CVE-2003-0829 RESERVED CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local user ...) {DSA-391} - freesweep 0.88-4.1 (bug #242616) CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) NOT-FOR-US: IBM DB2 CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ( ...) {DSA-717-1} - lsh-utils 1.4.2-6 CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Micr ...) NOT-FOR-US: microsoft CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) NOT-FOR-US: microsoft CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) NOT-FOR-US: microsoft CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) NOT-FOR-US: microsoft CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2 ...) NOT-FOR-US: microsoft CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) NOT-FOR-US: microsoft CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) NOT-FOR-US: microsoft CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOT-FOR-US: microsoft CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: microsoft CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: microsoft CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: microsoft CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) NOT-FOR-US: microsoft CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows Workstat ...) NOT-FOR-US: microsoft CVE-2003-0811 RESERVED CVE-2003-0810 RESERVED CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object tag ...) NOT-FOR-US: microsoft CVE-2003-0808 RESERVED CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) NOT-FOR-US: microsoft CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft W ...) NOT-FOR-US: microsoft CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x b ...) {DSA-387} - gopher 3.0.6 NOTE: gopherd was removed from the gopher package in version 3.0.6. CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10. ...) NOT-FOR-US: BSD CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to us ...) NOT-FOR-US: Nokia CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ob ...) NOT-FOR-US: Nokia CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic Documenta ...) NOT-FOR-US: Nokia CVE-2003-0800 REJECTED CVE-2003-0799 REJECTED CVE-2003-0798 REJECTED CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 all ...) NOT-FOR-US: SGI IRIX CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 all ...) NOT-FOR-US: SGI IRIX CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, do ...) {DSA-415} - quagga 0.96.4x-4 CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) - gdm 2.4.4.4 CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restr ...) - gdm 2.4.4.4 CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) - fetchmail 6.2.5 CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earl ...) - mozilla 2:1.5 CVE-2003-0790 REJECTED CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) - apache2 2.0.48 CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) implemen ...) - cups 1.1.19 - cupsys 1.1.19 CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) - openssh 1:3.7.1p2 CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3. ...) - openssh 1:3.7.1p2 CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets t ...) {DSA-389} - ipmasq 3.5.12 CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) NOT-FOR-US: IBM TSM CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) {DSA-385} - hztty 2.0-6 CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to c ...) {DSA-467} - ecartis 1.0.0+cvs.20030911 CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly valida ...) {DSA-467} - ecartis 1.0.0+cvs.20030911 CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4. ...) {DSA-381} - mysql-dfsg 4.0.15-1 CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging fu ...) - asterisk 0.7.0 CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) {DSA-379} - sane-backends 1.0.11-1 CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are enab ...) {DSA-379} - sane-backends 1.0.11-1 CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) {DSA-379} - sane-backends 1.0.11-1 CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrar ...) {DSA-379} - sane-backends 1.0.11-1 CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle conne ...) {DSA-379} - sane-backends 1.0.11-1 CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) {DSA-379} - sane-backends 1.0.11-1 CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) NOT-FOR-US: WS_FTP server CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary fi ...) - libapache-gallery-perl 0.7 CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not pro ...) NOT-FOR-US: IkonBoard CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestboo ...) NOT-FOR-US: ICQ Web Front CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) NOT-FOR-US: microsoft CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, de ...) NOT-FOR-US: RogerWilco CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and po ...) NOT-FOR-US: ftp desktop (windows) CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allow ...) NOT-FOR-US: winamp CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain sens ...) NOT-FOR-US: Escapade Scripting Engine (ESP CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) NOT-FOR-US: Escapade Scripting Engine (ESP CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 all ...) NOT-FOR-US: foxweb CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session Initi ...) - asterisk 0.5.0 CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: optisoft blubster CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before F ...) NOT-FOR-US: IBM DB2 CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before F ...) NOT-FOR-US: IBM DB2 CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) NOT-FOR-US: check point firewall CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1. ...) NOT-FOR-US: sitebuilder CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remo ...) NOT-FOR-US: gtkftpd CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) NOT-FOR-US: newsPHP CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read a ...) NOT-FOR-US: newsPHP CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possi ...) NOT-FOR-US: AttilaPHP CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ea ...) NOT-FOR-US: PY-Membres CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to by ...) NOT-FOR-US: PY-Membres CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) NOT-FOR-US: SAP CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet Transa ...) NOT-FOR-US: SAP CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 all ...) NOT-FOR-US: SAP CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, inclu ...) NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the c ...) NOT-FOR-US: castlerock SNMPc CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote at ...) - leafnode 1.9.42 CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) {DSA-376} - exim 3.36-8 CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary pr ...) NOT-FOR-US: SCO CVE-2003-0741 REJECTED CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) - stunnel 2:3.26 (bug #278942) - stunnel4 2:4.04 CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows loc ...) NOT-FOR-US: VMware CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...) NOT-FOR-US: phpWebSite CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...) NOT-FOR-US: phpWebSite CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9. ...) NOT-FOR-US: phpWebSite CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) NOT-FOR-US: phpWebSite CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before v ...) - libpam-ldap 164-1 - libnss-ldap 207-1 CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integr ...) NOT-FOR-US: BEA weblogic CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...) NOT-FOR-US: cisco CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...) NOT-FOR-US: cisco CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 all ...) {DSA-380} - xfree86 4.2.1-12 CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ex ...) NOT-FOR-US: tellurian tftpdNT CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) - horde2 2.2.4 CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) NOT-FOR-US: oracle CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) NOT-FOR-US: RealOne player CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source plug-i ...) NOT-FOR-US: Real Networks Server / Helix Server CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signat ...) NOT-FOR-US: HP Tru64 CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) - gkrellm 2.1.14 CVE-2003-0722 (The default installation of sadmind on Solaris uses weak authenticatio ...) NOT-FOR-US: solaris CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE b ...) - pine 4.58 - alpine (alpine is based on pine 4.64, this bug was in a previous version of pine) CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) - pine 4.58 - alpine (alpine is based on pine 4.64, this bug was in a previous version of pine) CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) NOT-FOR-US: microsoft CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) 5.0 ...) NOT-FOR-US: microsoft CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not prop ...) NOT-FOR-US: microsoft CVE-2003-0716 RESERVED CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ( ...) NOT-FOR-US: microsoft CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 all ...) NOT-FOR-US: microsoft CVE-2003-0713 RESERVED CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) NOT-FOR-US: microsoft CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and Sup ...) NOT-FOR-US: pchealth for windows CVE-2003-0710 RESERVED CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is someti ...) - whois 4.6.7 CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) {DSA-375} - node 0.3.2-1 CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attacke ...) {DSA-375} - node 0.3.2-1 CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote atta ...) {DSA-378} - mah-jong 1.5.6-2 CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) {DSA-378} - mah-jong 1.5.6-2 CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing file ...) NOT-FOR-US: KisMAC for Mac OS X CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary k ...) NOT-FOR-US: KisMAC for Mac OS X CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) NOT-FOR-US: microsoft CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) NOT-FOR-US: microsoft CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the g ...) NOTE: fixed in 2.4.22-pre3 CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the g ...) NOTE: fixed in 2.4.21-rc2 CVE-2003-0698 REJECTED CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) NOT-FOR-US: AIX CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close s ...) NOT-FOR-US: AIX CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) {DSA-383 DSA-382} - openssh 1:3.7.1 CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to exe ...) {DSA-384} - sendmail 8.12.10-1 CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for Ope ...) {DSA-383 DSA-382} - openssh 1:3.6.1p2-6.0 CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation alg ...) {DSA-388} - kdebase 4:3.2 CVE-2003-0691 REJECTED CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred f ...) {DSA-443 DSA-388} - xfree86 4.3.0-0pre1v2 - kdebase 4:3.2 CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) - glibc 2.2.5 CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdn ...) - sendmail 8.12.9 CVE-2003-0687 REJECTED CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when au ...) {DSA-374} - libpam-smb CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other version ...) {DSA-372} - netris 0.52-1 CVE-2003-0684 REJECTED CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certa ...) NOT-FOR-US: SGI CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...) {DSA-383 DSA-382} - openssh 1:3.6.1p2-9 CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) {DSA-384} - sendmail 8.12.10-1 CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) NOT-FOR-US: SGI IRIX CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) NOT-FOR-US: SGI IRIX CVE-2003-0678 REJECTED CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) NOT-FOR-US: Cisco CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet Administratio ...) NOT-FOR-US: Sun iPlanet CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remo ...) {DSA-370} - pam-pgsql 0.5.2-7 CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) NOT-FOR-US: sustworks IPNetSentryX CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ne ...) NOT-FOR-US: sustworks IPNetSentryX CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of serv ...) NOT-FOR-US: solaris CVE-2003-0668 RESERVED CVE-2003-0667 RESERVED CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote attac ...) NOT-FOR-US: microsoft CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot V ...) NOT-FOR-US: microsoft CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certa ...) NOT-FOR-US: microsoft CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem Servic ...) NOT-FOR-US: microsoft CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Micr ...) NOT-FOR-US: microsoft CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) NOT-FOR-US: microsoft CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server 200 ...) NOT-FOR-US: microsoft CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through Serv ...) NOT-FOR-US: microsoft CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenS ...) NOT-FOR-US: docview / caldera CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for phpgr ...) {DSA-365} - phpgroupware 0.9.14.007-1 CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) {DSA-366} - eroaster 2.2.0-0.5-1 CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite arb ...) - cdrtools 4:2.0+a18-1 CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute a ...) {DSA-373} - autorespond 2.0.4-1 CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier doe ...) NOT-FOR-US: NetBSD CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges v ...) {DSA-367} - xtokkaetama 1.0b-9 CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 an ...) NOT-FOR-US: mod_mylo for apache CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, po ...) NOT-FOR-US: gamespy CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local us ...) {DSA-368} - xpcd 2.08-9 CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow lo ...) {DSA-472} - fte 0.50.0-1.1 (bug #203871) CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allo ...) NOT-FOR-US: Cisco CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro Hous ...) NOT-FOR-US: ActiveX CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) {DSA-364} - man-db 2.4.1-13 CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc fil ...) - kdbg 1.2.9-1 CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation (fi ...) {DSA-358} - kernel-source-2.4.27 (Fixed before upload in archive; 2.4.22-pre10) CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local us ...) NOT-FOR-US: Watchguard / win CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local us ...) NOT-FOR-US: Watchguard / win CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start serve ...) NOT-FOR-US: BEA WebLogic CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allow ...) NOT-FOR-US: novell ichain CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, a ...) NOT-FOR-US: novell ichain CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a n ...) NOT-FOR-US: novell ichain CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) NOT-FOR-US: novell ichain CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before S ...) NOT-FOR-US: novell ichain CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Or ...) NOT-FOR-US: oracle CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) NOT-FOR-US: oracle CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) NOT-FOR-US: oracle CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 an ...) NOT-FOR-US: VMware CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of th ...) {DSA-359} - atari800 1.3.1-2 CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environ ...) NOT-FOR-US: peoplesoft CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) NOT-FOR-US: peoplesoft CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) NOT-FOR-US: peoplesoft CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) NOT-FOR-US: peoplesoft CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) {DSA-360} - xfstt 1.5.1-1 CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for B ...) NOT-FOR-US: BEA WebLogic CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: BEA Tuxedo CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...) NOT-FOR-US: BEA Tuxedo CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...) NOT-FOR-US: BEA Tuxedo CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) {DSA-364} - man-db 2.4.1-13 CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in Lin ...) {DSA-358} - kernel-source-2.4.27 (Fixed before upload in archive; 2.4.21-pre3) CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local u ...) {DSA-431} - perl 5.8.3-3 CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) {DSA-362} - mindi 0.86-1 CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy Orchestr ...) NOT-FOR-US: McAfee CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm all ...) {DSA-371} - perl 5.8.0-19 CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) {DSA-355} - gallery 1.3.4-3 CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows l ...) {DSA-369} - zblast 1.2.1-7 CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...) - crafty 19.3-1 CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain ...) {DSA-356} - xtokkaetama 1.0b-8 CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy Orch ...) NOT-FOR-US: McAfee CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) NOT-FOR-US: Solaris CVE-2003-0608 RESERVED CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of th ...) {DSA-354} - xconq 7.4.1-2.1 (bug #202963) CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which al ...) {DSA-353} - sup 1.8-9 CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attac ...) NOT-FOR-US: Microsoft CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer an ...) NOT-FOR-US: Microsoft CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versi ...) - bugzilla 2.16.3 CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) - bugzilla 2.16.3 CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does no ...) NOT-FOR-US: Apple CVE-2003-0600 RESERVED CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) {DSA-365} - phpgroupware 0.9.14.007-1 CVE-2003-0598 REJECTED CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7 ...) NOT-FOR-US: Unixware CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary dire ...) {DSA-352} - fdclone 2.04-1 CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows re ...) NOT-FOR-US: WiTango Application Server and Tango 2000 CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access restr ...) NOTE: cannot find reference to it being fixed. CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access restric ...) NOT-FOR-US: opera CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers t ...) {DSA-459} - kdelibs 4:3.1.3-1 CVE-2003-0591 REJECTED CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) NOT-FOR-US: Splatt Forum CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass authentica ...) NOT-FOR-US: Digi-ads CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass authentic ...) NOT-FOR-US: Digi-news CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB) CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain s ...) NOT-FOR-US: Brooky eStore CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 throug ...) NOT-FOR-US: Brooky eStore CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix (BR ...) NOT-FOR-US: BRU CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) NOT-FOR-US: BRU CVE-2003-0582 REJECTED CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) {DSA-360} - xfstt 1.5-1 CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier all ...) NOT-FOR-US: IBM U2 UniVerse CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-suppli ...) NOT-FOR-US: IBM U2 UniVerse CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) NOT-FOR-US: IBM U2 UniVerse CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) - mpg123 0.59r-1 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain (Minor issue) CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) NOT-FOR-US: IRIX CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI IR ...) NOT-FOR-US: IRIX CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly e ...) NOT-FOR-US: IRIX CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possib ...) NOT-FOR-US: IRIX CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and po ...) NOT-FOR-US: IRIX CVE-2003-0571 REJECTED CVE-2003-0570 REJECTED CVE-2003-0569 REJECTED CVE-2003-0568 REJECTED CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2003-0566 RESERVED CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the X.4 ...) NOTE: affects many implementations of the X.400 protocol CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the Sec ...) NOTE: affects multiple S/MIME implementations NOTE: checked current mozilla, which contains safe NSS 3.9.1 - mozilla 2:1.7.3 CVE-2003-0563 RESERVED CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) NOT-FOR-US: Novell Netware CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) NOT-FOR-US: IglooFTP CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote at ...) NOT-FOR-US: VP-ASP CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) NOT-FOR-US: phpforum CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to exec ...) NOT-FOR-US: LeapFTP CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and possi ...) NOT-FOR-US: StoreFront CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: Polycom MGC CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, allo ...) NOT-FOR-US: NeoModus Direct Connect CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) NOT-FOR-US: Netscape CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding tab ...) {DSA-423 DSA-358} - kernel-source-2.4.27 (Fixed before upload in the archive; 2.4.22-pre3) CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly verif ...) {DSA-423 DSA-358} - kernel-source-2.4.27 (Fixed before upload in the archive; 2.4.22-pre3) CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide sufficie ...) {DSA-423 DSA-358} - kernel-source-2.4.27 (Fixed before upload in the archive; 2.4.22-pre3) CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - gdm 2.4.1.5 CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - gdm 2.4.1.5 CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, a ...) - gdm 2.4.1.5 CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) NOT-FOR-US: up2date CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characte ...) {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rew ...) - apache2 2.0.48 - apache 1.3.29 CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers t ...) {DSA-710-1} - evolution (Does not affect evolution on debian) - gtkhtml 1.0.4-6.2 CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote at ...) {DSA-363} - postfix 1.1.12 CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and th ...) {DSA-343} - skk 10.62a-6 - ddskk 12.1.cvs.20030622-1 CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications t ...) {DSA-342} - mozart 1.2.5.20030212-2 CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporar ...) {DSA-341} - liece 2.0+0.20030527cvs-1 CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) {DSA-346} - phpsysinfo 2.1-1 CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain pri ...) {DSA-345} - xbl 1.0k-6 CVE-2003-0534 RESERVED CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service functi ...) NOT-FOR-US: Microsoft CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) NOT-FOR-US: Microsoft CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2003-0529 RESERVED CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ( ...) NOT-FOR-US: Microsoft CVE-2003-0527 RESERVED CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Securit ...) NOT-FOR-US: Microsoft CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that i ...) NOT-FOR-US: Microsoft CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary fi ...) - qt-x11-free (appears specific to the knoppix CD) CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain versio ...) NOT-FOR-US: ProductCart CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 al ...) NOT-FOR-US: ProductCart CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) NOT-FOR-US: cPanel is not our cpanel CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) NOT-FOR-US: Cerulean Trillian CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows envi ...) NOT-FOR-US: Microsoft CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) NOT-FOR-US: MacOS CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwri ...) - mgetty 1.1.29 (bug #199351) CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printa ...) - mgetty 1.1.29 (bug #199351) CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authe ...) {DSA-347} - teapop 0.3.5-2 CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) NOT-FOR-US: Safari CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) NOT-FOR-US: MSIE CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message inste ...) NOT-FOR-US: Cisco CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices runnin ...) NOT-FOR-US: Cisco CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) NOT-FOR-US: ezbounce CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allow ...) NOT-FOR-US: Cyberstrong eShop CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Rea ...) NOT-FOR-US: acroread CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) NOT-FOR-US: Microsoft CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to c ...) NOT-FOR-US: Microsoft CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 be ...) NOT-FOR-US: Microsoft CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0. ...) {DSA-365} - phpgroupware 0.9.14.007-1 CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in Win ...) NOT-FOR-US: Microsoft CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) NOT-FOR-US: Apple Quicktime CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive i ...) {DSA-423 DSA-358} - kernel-source-2.4.27 (Fixed before upload in the archive; 2.4.22-pre10) CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module (m ...) {DSA-338} - proftpd 1.2.8-8 CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) {DSA-335} - mantis 0.17.5-6 CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with inse ...) NOT-FOR-US: Intersystems Cache database CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writab ...) NOT-FOR-US: Intersystems Cache database CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to gai ...) NOT-FOR-US: Microsoft CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) NOT-FOR-US: lednews; not in debian CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote attacker ...) NOT-FOR-US: snitz forums; not in debian CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) NOT-FOR-US: snitz forums; not in debian CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forum ...) NOT-FOR-US: snitz forums; not in debian CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) NOT-FOR-US: Xoops CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) NOT-FOR-US: Dantz Retrospect CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after obt ...) {DSA-330} - tcptraceroute 1.4-4 CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...) NOT-FOR-US: Kerio Mail server CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authe ...) NOT-FOR-US: Kerio Mail server CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earli ...) - phpbb2 2.0.6 CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows att ...) NOT-FOR-US: Progress 4GL Compiler CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB al ...) - phpbb2 2.0.6d-3 CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) NOT-FOR-US: XMB Forum CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by uploadi ...) - tutos 1.1.20030715-1 CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - tutos 1.1.20030715-1 CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite arbit ...) NOT-FOR-US: VMware CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS a ...) NOT-FOR-US: WebBBS; not in debian CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, an ...) NOT-FOR-US: bahamut and other irc daemons; not in debian CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial o ...) - wzdftpd 0.2 CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of t ...) {DSA-423 DSA-358} - kernel-source-2.4.27 (Fixed before upload in the archive; 2.4.22-pre4) CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote attac ...) NOT-FOR-US: iWeb server CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote attacke ...) NOT-FOR-US: iWeb server CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes sno ...) NOT-FOR-US: SGI IRIX CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) NOT-FOR-US: SGI IRIX CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers t ...) NOT-FOR-US: webadmin / win CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuF ...) NOT-FOR-US: symantec activex CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) NOT-FOR-US: microsoft CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to c ...) {DSA-363} - postfix 1.1.12 CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kern ...) NOTE: fixed in linux 2.4.21 CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the re ...) {DSA-357} - wu-ftpd 2.6.2-12 CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) - linux-2.6 (Generic C version fixed in 2.6.x) NOTE: generic .c version fixed in 2.6.x but not in 2.4.x NOTE: arch specific asm versions: NOTE: x86 is not affected NOTE: ppc32 fixed in 2.4.22-rc4 NOTE: not an issue on alpha, see bug #280492 - kernel-source-2.4.27 2.4.27-8 NOTE: above fixes s390x, ppc64 and s390 and generic C version CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) NOTE: fixed in linux 2.4.22-pre8 CVE-2003-0463 REJECTED CVE-2003-0462 (A race condition in the way env_start and env_end pointers are initial ...) {DSA-423 DSA-358} - linux-2.6 (Fixed before upload into archive; 2.6.1) - kernel-source-2.4.27 (Fixed before upload in the archive; 2.4.22-pre10) CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of cha ...) {DSA-423 DSA-358} [sarge] - kernel-source-2.6.8 (Fixed before upload into archive; 2.6.1) - linux-2.6 (Fixed before upload into archive; 2.6.1) - kernel-source-2.4.27 2.4.27-1 CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 s ...) - apache (Affects only Apache for Windows and OS/2) CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) {DSA-361} - kdelibs 4:3.1.3-1 CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) NOT-FOR-US: HP CVE-2003-0457 RESERVED CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full pathna ...) NOT-FOR-US: visnetic website CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary fi ...) {DSA-331} - imagemagick 4:5.5.7-1 CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local us ...) {DSA-334} - xgalaga 2.0.34-22 CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized me ...) {DSA-348} - traceroute-nanog 6.3.6-3 CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute arb ...) {DSA-329} - osh 1.7-12 CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) {DSA-327} - xbl 1.0k-5 CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remot ...) {DSA-321} - radiusd-cistron 1.6.6-2 CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load lib ...) NOT-FOR-US: progress database CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read a ...) NOT-FOR-US: portmon; not in debian CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6 ...) NOT-FOR-US: microsoft CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) NOT-FOR-US: microsoft CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to exec ...) {DSA-328} - webfs 1.20 CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attac ...) {DSA-337} - gtksee 0.5.6-1 CVE-2003-0443 RESERVED CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID suppor ...) {DSA-351} - php4 4:4.3.2+rc3-1 CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ea ...) {DSA-326} - orville-write 2.54-1 CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) {DSA-339} - semi 1.14.5+20030609-1 (bug #223456) - wemi CVE-2003-0439 REJECTED CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) {DSA-325} - eldav 0.7.2-1 CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote att ...) - mnogosearch 3.2.11 CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote att ...) - mnogosearch 3.2.11 CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allow ...) {DSA-322} - typespeed 0.4.4 CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) - kdegraphics (kdf does not seem to support hyperlinks; so not vulnerable) - gpdf (gpdf 2.8.0 does not seem to be vulnerable) - xpdf 2.02pl1-1 CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attacker ...) {DSA-315} - gnocatan 0.8.0-1 (bug #328136) - pioneers (bug #328136) CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) {DSA-324} - ethereal 0.9.13-1 CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) {DSA-324} - ethereal 0.9.13-1 CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote atta ...) - ethereal 0.9.13-1 CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote attacke ...) {DSA-324} - ethereal 0.9.13-1 CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0. ...) {DSA-324} - ethereal 0.9.13-1 CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) {DSA-320} - mikmod 3.1.6-6 CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before 4 ...) NOT-FOR-US: Apple CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin Streamin ...) NOT-FOR-US: Apple CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Apple CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1. ...) NOT-FOR-US: Apple CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Apple CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Apple CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server 10. ...) NOT-FOR-US: Apple CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) NOT-FOR-US: SMC CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) - kernel-source-2.4.27 (Affects only Linux 2.0.x) - linux-2.6 (Affects only Linux 2.0.x) CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote att ...) NOT-FOR-US: Son hServer CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) NOT-FOR-US: bandmin; CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) NOT-FOR-US: Remote PC Access CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) NOT-FOR-US: Sun ONE CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) NOT-FOR-US: Sun ONE CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the co ...) NOT-FOR-US: Sun ONE CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attac ...) NOT-FOR-US: Sun ONE CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execu ...) NOT-FOR-US: AnalogX proxy CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attack ...) NOT-FOR-US: BRS WebWeaver CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) NOT-FOR-US: Uptimes Project upclient; CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remo ...) - gbatnav 1.0.4-4 CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCD ...) NOT-FOR-US: PalmVNC CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to exe ...) NOT-FOR-US: Vignette CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryS ...) NOT-FOR-US: Vignette CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to rea ...) NOT-FOR-US: Vignette CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) NOT-FOR-US: Vignette CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to obtai ...) NOT-FOR-US: Vignette CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) NOT-FOR-US: Vignette / AIX CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other version ...) NOT-FOR-US: Vignette StoryServer CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI E ...) NOT-FOR-US: Vignette StoryServer CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) NOT-FOR-US: FastTrack network code (Kazaa) CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if u ...) - linux-atm 2.4.1 CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitr ...) NOT-FOR-US: Ultimate PHP Board CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ar ...) NOT-FOR-US: BLNews CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming packet ...) NOT-FOR-US: Privacyware Privatefirewall CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) NOT-FOR-US: ST FTP Service (DOS) CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) NOT-FOR-US: Magic WinMail Server CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) - opt 3.19 CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect functi ...) NOT-FOR-US: RSA ACE/Agent CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use ...) - pam (pam is not vulnerable at all in sarge, according to maintainer) NOTE: From the libc documentation: NOTE: "The user cannot do anything to fool these functions." NOTE: This means that this is not a bug in getlogin. CVE-2003-0387 RESERVED CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) - openssh 1:3.8p1-1 CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allow ...) {DSA-310} - xaos 3.1r-4 CVE-2003-0384 RESERVED CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges v ...) {DSA-309} - eterm 0.9.2-1 CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary fi ...) {DSA-323} - noweb 2.10c-3.1 (bug #271146) CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possib ...) {DSA-314} - atftp 0.6.2 CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) NOT-FOR-US: MaxOS CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) NOT-FOR-US: MaxOS CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) NOT-FOR-US: iisPROTECT CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a den ...) NOT-FOR-US: Eudora CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) NOT-FOR-US: XMBforum aka Partagium) CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) - nessus-core 2.0.6 CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow loca ...) - nessus-core 2.0.6 CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...) - nessus-core 2.0.6 CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) NOT-FOR-US: Prishtina FTP client CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Com ...) {DSA-361} - kdelibs 4:3.1.3-1 CVE-2003-0369 RESERVED CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to caus ...) NOT-FOR-US: Nokia Gateway GPRS CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary fil ...) {DSA-308} - gzip 1.3.5-6 CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) {DSA-318} - lyskom-server 2.0.7-2 CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Con ...) NOT-FOR-US: ICQLite CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) {DSA-442 DSA-336 DSA-332 DSA-311} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.21-rc6) CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ve ...) - licq 1.2-7-1 CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) {DSA-307} - gps 1.1.0-1 CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) {DSA-307} - gps 1.1.0-1 CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) {DSA-307} - gps 1.1.0-1 CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with insecu ...) {DSA-316} - nethack 3.4.1-1 - jnethack 1.1.5-15 - slashem 0.0.6E4F8-6 CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1 ...) {DSA-350 DSA-316} - falconseye 1.9.3-9 - nethack 3.4.1-1 - slashem 0.0.6E4F8-6 - jnethack 1.1.5-15 CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earli ...) {DSA-313} - ethereal 0.9.12-1 CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier all ...) {DSA-313} - ethereal 0.9.12-1 CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) NOT-FOR-US: Safari CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) - gs-gpl 7.07 CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access Co ...) NOT-FOR-US: Microsoft CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft Windo ...) NOT-FOR-US: Microsoft CVE-2003-0351 REJECTED CVE-2003-0350 (The control for listing accessibility options in the Accessibility Uti ...) NOT-FOR-US: Microsoft CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) NOT-FOR-US: Microsoft CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control allo ...) NOT-FOR-US: Microsoft CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) NOT-FOR-US: Microsoft CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) NOT-FOR-US: Microsoft CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) NOT-FOR-US: Microsoft CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allo ...) NOT-FOR-US: Microsoft CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...) NOT-FOR-US: BlackMoon FTP Server CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...) NOT-FOR-US: BlackMoon FTP Server CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 a ...) NOT-FOR-US: Owl Intranet Engine CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the loggin ...) NOT-FOR-US: Puresecure CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 a ...) NOT-FOR-US: WsMp3 CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) NOT-FOR-US: WsMp3 CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 al ...) NOT-FOR-US: lsadmin CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: Eudora CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which cause ...) NOT-FOR-US: Slaskware specific CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a de ...) - ircii-pana 1:1.0-0c19.20030512-1 CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) NOT-FOR-US: C-Kermit on HP-UX CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier v ...) NOT-FOR-US: BadBlue CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to exec ...) NOT-FOR-US: ttForum CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) - maelstrom (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.) CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the set ...) NOT-FOR-US: CesarFTP CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later version ...) {DSA-399 DSA-306} - epic4 1:1.1.11.20030409-2 - ircii-pana 1:1.0-0c19-8 CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers t ...) NOT-FOR-US: Sybase Adaptive Server Enterprise CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) - slocate (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments) NOTE: Even if exploited, you get only slocate gid. CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local us ...) - maelstrom (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.) CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malici ...) {DSA-287} - epic4 1:1.1.11.20030409-1 - epic 3.004-19 CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious IR ...) {DSA-298 DSA-291} - epic4 1:1.1.11.20030409-1 - ircii 20030315-1 CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remo ...) {DSA-306} - ircii-pana 1:1.0-0c19-8 CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier al ...) {DSA-306} - ircii-pana 1:1.0-0c19-8 CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) NOT-FOR-US: ttCMS CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0. ...) NOT-FOR-US: SmartMax MailMax CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) NOT-FOR-US: PHP-Nuke CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authenticatio ...) NOT-FOR-US: iisPROTECT CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi Wir ...) NOT-FOR-US: Venturi Client CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Snowblind Web Server CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Snowblind Web Server CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...) NOT-FOR-US: Snowblind Web Server CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...) NOT-FOR-US: Snowblind Web Server CVE-2003-0311 RESERVED CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ pub ...) - ezpublish 2.2.8-1 CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) NOT-FOR-US: MSIE CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) {DSA-305} - sendmail 8.12.9-2 CVE-2003-0307 (Poster version.two allows remote authenticated users to gain administr ...) NOT-FOR-US: Poster version.two CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to exec ...) NOT-FOR-US: Windows CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) NOT-FOR-US: Cisco CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers t ...) NOT-FOR-US: one||zero (aka One or Zero) Helpdesk CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1. ...) NOT-FOR-US: one||zero (aka One or Zero) Helpdesk CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) NOT-FOR-US: Eudora CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malic ...) NOT-FOR-US: Microsort CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP serve ...) NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) - mozilla 2:1.5-1 NOTE: May have been fixed in an earlier version. Not clear how NOTE: Mozilla's a/b versions map to the Debian version. CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remo ...) - uw-imap 7:2002c - pine 4.62-1 - alpine (this was fixed in pine before alpine was released to the public) NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP serve ...) - evolution 1.3.2 CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) NOT-FOR-US: vBulletin CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) NOT-FOR-US: php-proxima CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU consu ...) NOT-FOR-US: PalmOS CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5 ...) NOT-FOR-US: Inktomi CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clea ...) NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) NOT-FOR-US: eServ CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in c ...) - cdrtools 4:2.0+a14-1 CVE-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP Mes ...) NOT-FOR-US: IP Messenger for Win CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, a ...) NOT-FOR-US: Movable Type CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 befor ...) NOT-FOR-US: Snitz Forums CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) NOT-FOR-US: bad sendmail config on AIX CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, wh ...) NOT-FOR-US: Adobe Acrobat CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) NOT-FOR-US: Phorum CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ov ...) {DSA-344} - unzip 5.50-3 CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and p ...) - firebird2 1.5.1-1 (bug #251458) CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4. ...) NOT-FOR-US: SMTP Service for ESMTP CMailServer CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...) NOT-FOR-US: PHP-Nuke CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycg ...) NOT-FOR-US: HappyMail CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com H ...) NOT-FOR-US: HappyMail CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a den ...) NOT-FOR-US: Pi3Web CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) NOT-FOR-US: YaBB SE CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remo ...) NOT-FOR-US: ListProc CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for Requ ...) - request-tracker3.4 (Affects older versions of Request Tracker not in Debian) CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain administrativ ...) NOT-FOR-US: miniPortail CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to exec ...) NOT-FOR-US: Personal FTP Server CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) NOT-FOR-US: Apple Airport CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) NOT-FOR-US: youbin CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) NOT-FOR-US: SLWebMail on Windows CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attacke ...) NOT-FOR-US: SLWebMail on Windows CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows rem ...) NOT-FOR-US: SLWebMail on Windows CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical f ...) NOT-FOR-US: SDBINST for SAP database CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) NOT-FOR-US: SLMail CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGate ...) NOT-FOR-US: FTGatePro CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) {DSA-299} - leksbot 1.2-5 (bug #186421) CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could a ...) {DSA-302} - fuzz 0.6-7.1 CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Cisco CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Cisco CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Cisco CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) NOT-FOR-US: AIX CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) - kdenetwork 3.2.0 CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly determ ...) - gnupg 1.2.2 CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) - apache2 2.0.47 CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle cer ...) - apache2 2.0.47 CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) {DSA-349} - nfs-utils 1:1.0.3-2 CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 - nis 3.11 CVE-2003-0250 RESERVED CVE-2003-0249 NOTE: unimportant (php) CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU stat ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.22-pre10) - linux-2.6 CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.21-rc4) - linux-2.6 CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not pro ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.21-rc4) - linux-2.6 CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable Runt ...) - apache2 2.0.46 CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP conn ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.21-rc2) - linux-2.6 CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) NOT-FOR-US: Happycgi.com Happymall CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain incom ...) NOT-FOR-US: MacOS CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sen ...) NOT-FOR-US: FrontRange GoldMine / win CVE-2003-0240 (The web-based administration capability for various Axis Network Camer ...) NOT-FOR-US: Axis Network Camera CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a a ...) NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote at ...) NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 200 ...) NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0234 RESERVED CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5 ...) NOT-FOR-US: microsoft CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute a ...) NOT-FOR-US: microsoft CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenti ...) NOT-FOR-US: microsoft CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain priv ...) NOT-FOR-US: microsoft CVE-2003-0229 RESERVED CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player 7. ...) NOT-FOR-US: microsoft CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) NOT-FOR-US: microsoft CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remot ...) NOT-FOR-US: microsoft CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) NOT-FOR-US: microsoft CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information Servic ...) NOT-FOR-US: microsoft CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function responsib ...) NOT-FOR-US: microsoft CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) NOT-FOR-US: oracle CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) NOT-FOR-US: HP tru64 CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) NOT-FOR-US: Kerio Personal Firewall CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...) NOT-FOR-US: Kerio Personal Firewall CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monke ...) NOT-FOR-US: Monkey http daemon; not in debian CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual E ...) NOT-FOR-US: Neoteris Instant Virtual Extranet CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to b ...) NOT-FOR-US: cisco CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allo ...) NOT-FOR-US: bttlxeForum / win CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ove ...) {DSA-292} - mime-support 3.23-1 CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attac ...) {DSA-295} - pptpd 1.1.4-0.b3.2 CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the connec ...) {DSA-289} - rinetd 0.61-2 CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) - xinetd 1:2.3.11 CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco Secu ...) NOT-FOR-US: cisco CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for Sno ...) {DSA-297} - snort 2.0.0-1 CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user t ...) NOT-FOR-US: macromedia flash CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, whi ...) {DSA-286} - gs-common 0.3.3.1 CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...) {DSA-294} - gkrellm-newsticker CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...) {DSA-294} - gkrellm-newsticker CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execu ...) {DSA-296 DSA-293 DSA-284} - kdebase 4:3.1.0-1 - kdegraphics 4:3.1.0-1 CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) {DSA-281} - moxftp 2.2-18.20 CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow loc ...) {DSA-279} - metrics CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) {DSA-280} - samba 3.0 CVE-2003-0200 REJECTED CVE-2003-0199 REJECTED CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) NOT-FOR-US: MacOS CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local us ...) NOT-FOR-US: Interbase Database CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote atta ...) {DSA-280} - samba 3.0 CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of servic ...) {DSA-317} - cups 1.1.19final-1 - cupsys 1.1.19final-1 CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when starti ...) - tcpdump (Apparently a Red Hat specific compilation packaging flaw) CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) {DSA-575-1} - catdoc 0.91.5-2 CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3 ...) - apache2 2.0.47 CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enable ...) - openssh 1:3.8.1p1-8.sarge.4 (bug #196413) CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix doe ...) - apache2 2.0.46 CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows l ...) {DSA-304} - lv 4.49.5-2 CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with CONFI ...) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.21) CVE-2003-0186 RESERVED CVE-2003-0185 RESERVED CVE-2003-0184 RESERVED CVE-2003-0183 RESERVED CVE-2003-0182 RESERVED CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...) NOT-FOR-US: Lotus Domino Web Server CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...) NOT-FOR-US: Lotus Domino Web Server CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0 ...) NOT-FOR-US: Lotus Domino Web Server CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allo ...) NOT-FOR-US: Lotus Domino Web Server CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does no ...) NOT-FOR-US: IRIX CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI IR ...) NOT-FOR-US: IRIX CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) NOT-FOR-US: IRIX CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not proper ...) NOT-FOR-US: IRIX CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, whi ...) {DSA-283} - xfsdump 2.2.8-1 CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) - php4 (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2) CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to l ...) NOT-FOR-US: MacOS CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use K ...) NOT-FOR-US: AIX CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) NOT-FOR-US: HP Instant TopTools CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allo ...) NOT-FOR-US: Apple QuickTime Player CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1 ...) {DSA-300 DSA-274} - balsa 2.0.10 - mutt 1.4.0 CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 al ...) - php4 (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2) CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) - eog 2.2.1 CVE-2003-0164 RESERVED CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) - gaim-encryption (fixed before first upload; 1.16) CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) {DSA-271} - ecartis 1.0.0+cvs.20030321-1 CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) {DSA-290 DSA-278} - sendmail-wide 8.12.9+3.5Wbeta-1 - sendmail 8.12.9-1 CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...) - squirrelmail 1:1.2.11 CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) - ethereal 0.9.10 CVE-2003-0158 REJECTED CVE-2003-0157 REJECTED CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) all ...) {DSA-264} - lxr 0.3-4 CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access t ...) {DSA-265} - bonsai 1.3+cvs20030317-1 CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) {DSA-265} - bonsai 1.3+cvs20030317-1 CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) {DSA-265} - bonsai 1.3+cvs20030317-1 CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote a ...) {DSA-265} - bonsai 1.3+cvs20030317-1 CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly rest ...) NOT-FOR-US: BEA WebLogic Server CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows mys ...) - mysql CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrato ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 t ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and r ...) {DSA-288} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly othe ...) {DSA-263} - lpr 1:2000.05.07-4.20 - netpbm-free 2:9.20-9 CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) {DSA-275 DSA-267} - lpr 1:2000.05.07-4.20 - lpr-ppd 1:0.72-3 CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ru ...) NOT-FOR-US: acroread CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, Real ...) NOT-FOR-US: Real CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) {DSA-268} - mutt 1.5.4-1 CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) {DSA-273 DSA-266} - krb4 1.2.2-1 - krb5 1.2.7-3 CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and othe ...) {DSA-273 DSA-269 DSA-266} - krb4 1.2.2-1 - heimdal 0.5.2-1 - krb5 1.2.7-3 CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) NOT-FOR-US: Nokia Serving GPRS support node CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite arbitrar ...) {DSA-285} - lprng 3.8.20-4. CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrapp ...) - vsftpd (Red Hat specific packaging flaw) CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, version ...) - apache2 2.0.46 CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote attacker ...) - evolution 1.2.4 CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) - apache2 2.0.45 CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) {DSA-288} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail U ...) - evolution 1.2.3 CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attac ...) - evolution 1.2.3 CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) - evolution 1.2.3 CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4. ...) {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} [sarge] - kernel-source-2.6.8 - linux-2.6 - kernel-source-2.4.27 (Fixed before upload in the archive, in 2.4.21) CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) NOT-FOR-US: SOHO Routefinder 550 firmware CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass attachmen ...) NOT-FOR-US: Clearswift MAILsweeper CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socke ...) NOT-FOR-US: AIX CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and Administratio ...) NOT-FOR-US: Microsoft CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) NOT-FOR-US: Microsoft CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOT-FOR-US: Microsoft CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOT-FOR-US: Microsoft CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) NOT-FOR-US: Microsoft CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) NOT-FOR-US: Microsoft CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain privilege ...) NOT-FOR-US: Microsoft CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) buil ...) NOT-FOR-US: Microsoft CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Micros ...) NOT-FOR-US: Microsoft CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4 ...) NOT-FOR-US: Microsoft CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) NOT-FOR-US: Symantec Enterprise Firewall CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Statu ...) NOT-FOR-US: ServerMask CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 do ...) {DSA-319} - webmin 1.070-1 CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3 ...) {DSA-277} - apcupsd 3.8.5-1.2 CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10. ...) {DSA-277} - apcupsd 3.8.5-1.2 CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) NOT-FOR-US: Oracle CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Sola ...) NOT-FOR-US: Solaris CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on Sol ...) NOT-FOR-US: Solaris CVE-2003-0090 REJECTED CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX B.11.0 ...) NOT-FOR-US: HP-UX CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local user ...) {DSA-262} - samba 2.2.8 CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for S ...) {DSA-262} - samba 2.2.8 CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operati ...) NOT-FOR-US: mod_auth_any not in Debian CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) - apache2 2.0.46 - apache 1.3.25 CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...) {DSA-266} - krb5 1.3.3-2 CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not inc ...) - gnome-lokkit 0.50.22-4 CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 Lin ...) - dcgui 0.2.2 CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools pa ...) - plptools 0.12-0 CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...) {DSA-266} - krb5 1.2.7-3 NOTE: changelog does not mention this one, verified patch from upstream was applied to this version. CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to exec ...) NOT-FOR-US: HP UX CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) - krb5 1.2.4 CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote at ...) {DSA-248} - hypermail 2.1.6-1 CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local use ...) {DSA-252} - slocate 2.7-1 CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrat ...) NOT-FOR-US: MacOS CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) - putty 0.53-b-2003-01-04-1 NOTE: apparently fixed upstream 2002-11-12 changelog CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2 ...) NOT-FOR-US: commercial ssh clients CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from memor ...) NOT-FOR-US: commercial ssh clients CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) example ...) {DSA-246} - tomcat CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, all ...) {DSA-246} - tomcat CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) - krb5 (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs) CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) {DSA-436} - mailman 2.1.1-1 CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) {DSA-244} - noffle 1.1.2-1 CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers packag ...) NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the printe ...) - mtink (Not installed setuid or setgid, so this is not exploitable) NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in NOTE: chooser/mtinkc.c's version, which goes into mtinkc CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) {DSA-228} - libmcrypt 2.5.5-1 CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) NOT-FOR-US: Protegrity Secure.Data Extension Feature CVE-2003-0029 RESERVED CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) {DSA-282 DSA-272 DSA-266} - glibc 2.3.1-16 - dietlibc 0.22-2 - krb5 1.3.3-2 NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version. CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines o ...) {DSA-231} - dhcp3 3.0+3.0.1rc11-1 CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) {DSA-229} - imp 2.2.6-7 - imp3 CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbi ...) {DSA-633-1} - bmv 1.2-17 CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application filte ...) NOT-FOR-US: Microsoft CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows S ...) NOT-FOR-US: Windows Script Engine for JScript CVE-2003-0008 RESERVED CVE-2003-0006 RESERVED CVE-2003-0005 RESERVED CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not p ...) {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.21-pre5) CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...) NOT-FOR-US: windows CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to byp ...) NOT-FOR-US: windows CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...) {DSA-416} - fsp 2.81.b18-1 CVE-2003-0994 (The GUI functionality for an interactive session in Symantec LiveUpdat ...) NOT-FOR-US: norton CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...) - apache 1.3.29.0.2-4 CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before 2. ...) {DSA-436} - mailman 2.1-1 NOTE: I have mailed Tollef Fog Heen about this. NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal In ...) - kdepim 4:3.1.5-1 CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...) {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.24-rc1) CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...) {DSA-411} - mpg321 0.2.10.3 CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and possi ...) NOT-FOR-US: elm CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, whic ...) {DSA-426} - netpbm-free 2:9.25-9 CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows Med ...) NOT-FOR-US: microsoft CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components (MD ...) NOT-FOR-US: microsoft CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows Serve ...) NOT-FOR-US: microsoft CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...) {DSA-261} - tcpdump 3.7.2-1 CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null te ...) {DSA-259} - qpopper 4.0.4-9 CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before f ...) NOT-FOR-US: SOHO Routefinder CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a malfo ...) NOT-FOR-US: man before 1.51 CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 th ...) NOT-FOR-US: lotus notes CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.1 ...) NOT-FOR-US: lotus notes CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...) {DSA-256} - mhc 0.25+20030224-1 CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...) {DSA-255} - tcpdump 3.7.1-1.2 CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is c ...) - zlib 1:1.1.4-10 CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8. ...) NOT-FOR-US: peopletools CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote attack ...) NOT-FOR-US: nokia handset CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows at ...) {DSA-260} - file 3.40-1.1 CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...) NOT-FOR-US: cisco CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...) - php4 4:4.3.2+rc3-1 CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7 ...) NOT-FOR-US: oracle CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 a ...) NOT-FOR-US: mandrake specific CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attacker ...) {DSA-261} - tcpdump 3.7.1-1 CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...) NOT-FOR-US: macosX CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language Suppo ...) NOT-FOR-US: AIX CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector f ...) {DSA-258} - ethereal 0.9.9-2 CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal em ...) NOT-FOR-US: hanterm before 2.0.5 CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...) {DSA-253} - openssl 0.9.7a-1 CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and poss ...) NOT-FOR-US: hanterm before 2.0.5 CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for Bla ...) NOT-FOR-US: blade encoder not in Debian CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows at ...) {DSA-303} - mysql-dfsg 4.0.12-2 CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in XFree ...) {DSA-380} - xfree86 4.2.1-11 CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...) - vte 1:0.11.10-1 CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...) - putty 0.54-1 CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to modi ...) {DSA-496} - eterm 0.9.2-6 CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...) NOTE: I have mailed Goran Weinholt about this. NOTE: Goran Weinholt tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to modif ...) - rxvt 1:2.6.4-6.1 (bug #244810) NOTE: woody version is still vulnerable CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window tit ...) NOT-FOR-US: uxterm not in Debian CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window tit ...) NOT-FOR-US: dtterm not in Debian CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows attack ...) {DSA-380} - xfree86 4.2.1-11 CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows lo ...) NOT-FOR-US: NOD32 not in Debian CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for MI ...) - krb5 1.2.5-1 CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remo ...) - krb5 1.2.5-1 CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin Streami ...) NOT-FOR-US: apple CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Strea ...) NOT-FOR-US: apple CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Dar ...) NOT-FOR-US: apple CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...) NOT-FOR-US: apple CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...) NOT-FOR-US: apple CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...) NOT-FOR-US: apple CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remo ...) NOT-FOR-US: windows CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, use ...) {DSA-246} - tomcat 3.3.1a-1 CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...) {DSA-247} - courier 0.40.2-3 - courier-ssl 0.40.2-3 CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versi ...) {DSA-245} - dhcp3 3.0+3.0.1rc11-3 NOTE: Version information in DSA is wrong. CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...) {DSA-297} - snort 2.0.0-1 CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a deni ...) {DSA-228} - libmcrypt 2.5.5-1 CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...) NOT-FOR-US: sun CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu opti ...) NOTE: I have mailed Goran Weinholt about this. NOTE: Goran Weinholt tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu opti ...) - rxvt 1:2.6.4-6.1 CVE-2003-0022 (The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite ...) - rxvt 1:2.6.4-6.1 CVE-2003-0021 (The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers ...) - eterm 0.9.2-1 NOTE: According to upstream changelog and http://marc.info/?l=bugtraq&m=104612710031920&w=2 NOTE: this is fixed in eterm 0.9.2 CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...) - apache2 2.0.49 - apache 1.3.29.0.2-4 CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrec ...) NOT-FOR-US: redhat 8.0 only CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O ...) {DSA-423 DSA-358} - linux-2.6 (Fixed before upload into archive; in 2.5.27) - kernel-source-2.4.27 (Fixed before upload into archive; in 2.4.21) CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...) NOT-FOR-US: apache on windows CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me oper ...) NOT-FOR-US: apache on windows CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote atta ...) {DSA-233} - cvs 1.11.2-5.1 CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16. ...) {DSA-230} - bugzilla 2.16.2-1 CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x b ...) {DSA-230} - bugzilla 2.16.2-1 CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center fo ...) NOT-FOR-US: windows CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt em ...) NOT-FOR-US: windows CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft Window ...) NOT-FOR-US: windows CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT 4. ...) NOT-FOR-US: windows CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...) NOT-FOR-US: windows