CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b mispar ...) - libid3tag 0.15.1b-5 (bug #304913) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647 NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/ CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending o ...) NOT-FOR-US: Gentoo ebuilds dir permissions at install time CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...) NOT-FOR-US: GE Healthcare Centricity Image Vault CVE-2004-XXXX [base-passwd: sets valid shells for system services] - base-passwd 3.5.30 (unimportant; bug #274229) NOTE: Hardening, not a direct vulnerability CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Montitorix CVE-2004-2775 REJECTED CVE-2004-2774 REJECTED CVE-2004-2773 REJECTED CVE-2004-2772 REJECTED CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and BS ...) {DSA-3105-1 DLA-114-1} - heirloom-mailx 12.5-3.1 (bug #773417) - bsd-mailx 8.1.2-0.20071201cvs-1 - mailx 1:8.1.2-0.20040524cvs-2 (bug #278748) CVE-2004-2770 REJECTED CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users t ...) NOT-FOR-US: Cerberus FTP Server CVE-2004-2768 (dpkg 1.9.21 does not properly reset the metadata of a file during repl ...) - dpkg 1.10.19 (bug #225692) CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: Novell NetWare CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5 ...) NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messagi ...) NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server CVE-2004-2764 (Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4 ...) NOT-FOR-US: Historic issues in proprietary Java CVE-2004-2763 (The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 throug ...) NOT-FOR-US: Sun ONE iPlanet Web Server CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x b ...) NOT-FOR-US: Tivoli CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which mak ...) NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately c ...) - openssh 1:3.6p1-1 (unimportant) CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilizati ...) NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol implementat ...) NOT-FOR-US: Sun SunForum CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in N ...) NOT-FOR-US: Novell iChain CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x ...) NOT-FOR-US: Xoops CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...) NOT-FOR-US: Symantec Web Security CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and po ...) NOT-FOR-US: YaBB CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B. ...) NOT-FOR-US: HP-UX CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in Po ...) NOT-FOR-US: PostNuke CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke 0.7 ...) NOT-FOR-US: PostNuke CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 throu ...) NOT-FOR-US: JBrowser CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire Gate ...) NOT-FOR-US: 2Wire Gateway CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6 ...) NOT-FOR-US: WebTrends Reporting Center CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...) NOT-FOR-US: Quick 'n Easy FTP Server (Windows only) CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gall ...) NOT-FOR-US: XTREME ASP Photo Gallery CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies OwnSer ...) NOT-FOR-US: Anteco Visual Technologies OwnServer CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...) NOT-FOR-US: Tincan Limited PHPlist CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attac ...) NOT-FOR-US: Mega Upload Progress Bar CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in Cryst ...) NOT-FOR-US: Crystal Enterprise CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" (help.ph ...) - horde2 CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in PHProje ...) NOT-FOR-US: PHProjekt CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows re ...) NOT-FOR-US: PHProjekt CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroB ...) NOT-FOR-US: Zero board CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...) NOT-FOR-US: NetSupport DNA HelpDesk CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...) NOT-FOR-US: Polar HelpDesk CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allo ...) NOT-FOR-US: P4DB CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...) NOT-FOR-US: Novell NetWare CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, w ...) NOT-FOR-US: Web Wiz Forums CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensi ...) NOT-FOR-US: Netbilling CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/open ...) {DSA-1503-2 DSA-1503-1} - linux-2.6 2.6.18-1 NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2 ...) NOT-FOR-US: PsTools CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 al ...) NOT-FOR-US: Hummingbird Connectivity CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and ...) NOT-FOR-US: Hummingbird Connectivity CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 t ...) NOT-FOR-US: MailEnable CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly han ...) NOT-FOR-US: MailEnable CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...) NOT-FOR-US: Aztek Forum CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause ...) NOT-FOR-US: Chat Anywhere CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session files ...) NOT-FOR-US: NessusWXdd CVE-2004-2722 - nessus-core (unimportant) NOTE: this is no security issue assuming correct permissions CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public k ...) NOT-FOR-US: openSkat CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz Foru ...) NOT-FOR-US: Snitz Forums CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5 ...) NOT-FOR-US: Foxmail CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after installat ...) NOT-FOR-US: PHPMyChat CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in PHPMyCha ...) NOT-FOR-US: PHPMyChat CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.1 ...) NOT-FOR-US: PHPMyChat CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass aut ...) NOT-FOR-US: PHPMyChat CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows at ...) - wmaker 0.90-1 CVE-2004-2713 NOT-FOR-US: ZoneAlarm CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 a ...) NOT-FOR-US: Gyach-E CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 all ...) NOT-FOR-US: Gyach-E CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 all ...) NOT-FOR-US: Gyach-E CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyac ...) NOT-FOR-US: Gyach-E CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, w ...) NOT-FOR-US: Gyach-E CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) befor ...) NOT-FOR-US: Gyach-E CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 all ...) NOT-FOR-US: Gyach-E CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) ...) - pvpgn 1.6.4+20040826-1 CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...) - hastymail CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweep ...) NOT-FOR-US: MIMEsweeper CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...) NOT-FOR-US: Plesk CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetS ...) NOT-FOR-US: AspDotNetStorefront CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allo ...) NOT-FOR-US: AspDotNetStorefront CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to ...) NOT-FOR-US: AspDotNetStorefront CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with th ...) - imwheel 1.0.0pre12-1 CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...) NOT-FOR-US: InvScoutd CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...) NOT-FOR-US: BEA WebLogic CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code (subscr ...) NOT-FOR-US: vBulletin CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass intend ...) NOT-FOR-US: Outlook CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installe ...) NOT-FOR-US: HP-UX CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mo ...) NOT-FOR-US: php-exec-dir patch CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firm ...) NOT-FOR-US: 3Com firmware CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...) NOT-FOR-US: NewsPHP CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ac ...) NOT-FOR-US: NewsPHP CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allow ...) NOT-FOR-US: NewsPHP CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to re ...) - distcc 2.18.1-1 (low) NOTE: since 2.18.1-1 there is the --allow switch to control network access NOTE: https://github.com/distcc/distcc/issues/155 NOTE: Fix in depth is only in later version 3.3, cf. NOTE: https://bugs.debian.org/892973 CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in Sola ...) NOT-FOR-US: Solaris CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote at ...) NOT-FOR-US: Ccproxy CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems Cac ...) NOT-FOR-US: InterSystems Cache CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in Inte ...) NOT-FOR-US: InterSystems Cache CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which al ...) - matrixssl 1.1-1 CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely l ...) - matrixssl 1.1-1 CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...) - libapache2-mod-python 3.2.8-1 (low) CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...) NOT-FOR-US: CheckPoint Firewall CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24 ...) NOT-FOR-US: HP Tru64 UNIX CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smt ...) NOT-FOR-US: QwikMail SMTP CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...) NOT-FOR-US: WebRoot Spy Sweeper CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users t ...) NOT-FOR-US: ArgoSoft FTP Server CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1. ...) NOT-FOR-US: ArgoSoft FTP Server CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...) NOT-FOR-US: ArgoSoft FTP Server CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...) NOT-FOR-US: ArgoSoft FTP Server CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: eNdonesia CMS CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdo ...) NOT-FOR-US: eNdonesia CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 a ...) NOT-FOR-US: Land Down Under CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...) - interchange 4.9.8-1 CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before ...) NOT-FOR-US: Lotus Domino CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...) - mantis 0.19.2-1 CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...) - libphp-adodb - egroupware - moodle - phppgadmin 4.0.1-2 (unimportant) - gallery2 - phpwiki (unimportant) CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Suppor ...) NOT-FOR-US: IBM CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a de ...) NOT-FOR-US: 04WebServer CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, w ...) NOT-FOR-US: 04WebServer CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...) {DSA-1184-2} - linux-2.6 (fixed before the first upload) CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...) NOT-FOR-US: Opera CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...) - resmgr CVE-2004-2657 - mozilla-firefox - firefox CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like A ...) - slash (Vulnerable code introduced in 2002, while Debian's is older!, see #390469) CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, wh ...) - xscreensaver 4.18-1 (low) CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...) - squid 2.5.6 CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows a ...) NOT-FOR-US: PD9 Software MegaBBS CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...) - snort 2.3.0-1 CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.3 ...) NOT-FOR-US: YaCy CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...) NOT-FOR-US: Apache James CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...) NOT-FOR-US: Eudora CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...) NOT-FOR-US: FreezeX CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Free Web Chat CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows r ...) NOT-FOR-US: Free Web Chat CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has u ...) - asn1c (Fixed before upload into archive; 0.9.7) CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has u ...) - asn1c (Fixed before upload into archive; 0.9.7) CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote at ...) NOT-FOR-US: Microsoft cabarc CVE-2004-2642 (Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which ...) NOT-FOR-US: Yeemp CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1 ...) NOT-FOR-US: Sun appliances CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3 ...) NOT-FOR-US: LinuxStat CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows remo ...) NOT-FOR-US: Journalness CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...) NOT-FOR-US: osCommerce CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...) NOT-FOR-US: Zyxel hardware CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...) NOT-FOR-US: TinyWeb CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System 4.0.0. ...) NOT-FOR-US: McAfee CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5. ...) NOT-FOR-US: AIX CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attac ...) NOT-FOR-US: Sesamie CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configu ...) - phpmyadmin 1:2.5.7-pl1-1 CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5 ...) - phpmyadmin 1:2.5.7-pl1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2004-1/ CVE-2004-2630 (The MIME transformation system (transformations/text_plain__external.i ...) - phpmyadmin 2:2.6.0-pl2-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2004-2/ CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for Firs ...) NOT-FOR-US: Click to Meet express CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...) - thttpd (Windows-specific vulnerabilities) CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...) NOT-FOR-US: J2ME CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular phon ...) NOT-FOR-US: Siemens cell phone CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows remo ...) NOT-FOR-US: Outblaze Email CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...) NOT-FOR-US: WackoWiki CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when regist ...) NOT-FOR-US: Rippy the Aggregator CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not requir ...) NOT-FOR-US: Altiris Deployment Solution CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when op ...) NOT-FOR-US: Nortel Contivity VPN client CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly h ...) NOT-FOR-US: ripMIME CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail p ...) NOT-FOR-US: ripMIME CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0. ...) NOT-FOR-US: Pegasi Web Server CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 all ...) NOT-FOR-US: Pegasi Web Server CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote a ...) NOT-FOR-US: ActivePost Standard CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions speci ...) NOT-FOR-US: Cutenews CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...) NOT-FOR-US: MyWeb CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...) - kernel-patch-ctx 1:1.28-1 (bug #262903; medium) CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, w ...) NOT-FOR-US: BNC CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...) NOT-FOR-US: Sophster suite CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain priv ...) NOT-FOR-US: mntd CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boo ...) NOT-FOR-US: Symantec PowerQuest DeployCenter CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news d ...) NOT-FOR-US: SmartWebby Smart Guest Book CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...) {DSA-1018-1} - linux-2.6 (Fixed before upload into archive; 2.6.6) CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...) NOT-FOR-US: Linksys hardware CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a sym ...) - astats (bug #287604) CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy allow ...) NOT-FOR-US: PHProxy CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in UberT ...) NOT-FOR-US: UberTec Help Center Live CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live (H ...) NOT-FOR-US: UberTec Help Center Live CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live (H ...) NOT-FOR-US: UberTec Help Center Live CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) 1.5- ...) NOT-FOR-US: Intel hardware CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in m ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) NOTE: There is a big note in the quake2 package stating that it is not secure. NOTE: Otherwise severity would be high. CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows remo ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows remo ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows remo ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 o ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 o ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows remo ...) - quake2 (bug #280573; low) [sarge] - quake2 (Documented to be insecure, contrib) CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...) NOT-FOR-US: ButtUglySoftware CleanCache CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...) NOT-FOR-US: meindlSOFT Cute PHP Library CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service (a ...) - gaim 0.82-1 (medium) CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme messag ...) NOT-FOR-US: XMB CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows re ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in SmarterT ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in Smarter ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 al ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the pro ...) NOT-FOR-US: iChain CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...) NOT-FOR-US: iChain CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows r ...) NOT-FOR-US: iChain CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...) NOT-FOR-US: iChain CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...) - phpgroupware 0.9.16.002-1 CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...) - phpgroupware 0.9.14-0.RC3.1 CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htac ...) - phpgroupware 0.9.16.000.1.cvs.20040620-1 CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain s ...) - phpgroupware 0.9.14.007 CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...) - phpgroupware 0.9.14.007 CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ph ...) - phpgroupware 0.9.14.007 CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensit ...) NOT-FOR-US: AMAX Magic Winmail CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote atta ...) - isoqlog 2.2-0.1 CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and met ...) NOT-FOR-US: Opera CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...) NOT-FOR-US: ReciPants CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...) NOT-FOR-US: ReciPants CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld produ ...) NOT-FOR-US: LiveWorld CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...) NOT-FOR-US: Sambar CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6 ...) NOT-FOR-US: Sambar CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive inf ...) NOT-FOR-US: Serena TeamTrack CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business Enterpris ...) NOT-FOR-US: Leigh Business Enterprises CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences W ...) NOT-FOR-US: ISS Web+Center CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits exe ...) - dokuwiki (Fixed before upload into the archive) CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access administr ...) - dokuwiki (Fixed before upload into the archive) CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...) {DSA-907-1} - ipmenu 0.0.3-5 CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...) NOT-FOR-US: Tivoli CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcod ...) NOT-FOR-US: Netgear hardware CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...) NOT-FOR-US: Netgear hardware CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses w ...) NOT-FOR-US: FoolProof Security CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Fire ...) NOT-FOR-US: Novell Client Firewall CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remo ...) NOT-FOR-US: ignitionServer CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...) - xboard 4.2.7-3 (bug #343560; unimportant) CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow r ...) NOT-FOR-US: Layton HelpBox CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified Per ...) NOT-FOR-US: SandSurfer CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allo ...) NOT-FOR-US: Nortel hardware CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) Surg ...) NOT-FOR-US: SurgeMail CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attacker ...) NOT-FOR-US: SurgeMail CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...) - samba 3.0.6-1 CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote atta ...) NOT-FOR-US: Sidewinder G2 CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 e ...) NOT-FOR-US: Sidewinder G2 CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...) NOT-FOR-US: Sidewinder G2 CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as epi ...) NOT-FOR-US: Dynix WebPac CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, allow ...) {DSA-1064-1} - cscope 15.5+cvs20050816-1.1 (bug #340177; medium) NOTE: Sarge and Woody are affected CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software Deve ...) NOT-FOR-US: Proprietary Java CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) NOT-FOR-US: NetCache CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple applicati ...) NOT-FOR-US: phpCodeGenie CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impac ...) NOT-FOR-US: SurgeMail CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...) - linux-2.6 (Fixed before upload into archive; 2.6.6) - kernel-source-2.4.27 [sarge] - kernel-source-2.6.8 (Fixed before upload into archive; 2.6.6) CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...) NOT-FOR-US: Sticker CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive conn ...) NOT-FOR-US: NETFile Server CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...) NOT-FOR-US: Serv-U FTP Server CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password fo ...) NOT-FOR-US: Serv-U FTP Server CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer securi ...) - gnutls11 1.0.16-8 (bug #336006; low) - gnutls12 (fixed before upload) CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers t ...) NOT-FOR-US: Gadu-Gadu CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...) NOT-FOR-US: Gadu-Gadu CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watc ...) NOT-FOR-US: Webcam Watchdog CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP bef ...) NOT-FOR-US: Microsoft CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Director ...) NOT-FOR-US: Tivoli CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...) - serendipity 1.0-1 CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allow ...) NOT-FOR-US: WHM AutoPilot CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function i ...) NOT-FOR-US: OpenFTPD CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...) NOT-FOR-US: Gattaca CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...) NOT-FOR-US: Gattaca CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authentica ...) NOT-FOR-US: Gattaca CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Gattaca CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensiti ...) NOT-FOR-US: Gattaca CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: myServer CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote attack ...) NOT-FOR-US: myServer CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...) NOT-FOR-US: VMWare Workstation CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in modules/private_messages/i ...) NOT-FOR-US: PowerPortal CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 all ...) NOT-FOR-US: Mercury Mail CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and e ...) NOT-FOR-US: DCP-Portal CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3. ...) NOT-FOR-US: DCP-Portal CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UB ...) NOT-FOR-US: Infopop UBB.Threads CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) lo ...) NOT-FOR-US: Infopop UBB.Threads CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...) NOT-FOR-US: Linksys hardware CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wi ...) NOT-FOR-US: Linksys hardware CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g a ...) NOT-FOR-US: WIKINDX CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of erro ...) NOT-FOR-US: ColdFusion CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...) NOT-FOR-US: Alt-N Technologies Mdaemon CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Inweb Mail Server CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to over ...) - im-switch (Debian's version is somehow derived from RH, but not affected) CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...) NOT-FOR-US: MailEnable Professional CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impac ...) - ilohamail 0.8.14-0rc1 CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page G ...) NOT-FOR-US: Hitachi Web Page Generator CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page Gen ...) NOT-FOR-US: Hitachi Web Page Generator CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in Hitac ...) NOT-FOR-US: Hitachi Web Page Generator CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attac ...) NOT-FOR-US: OpenText FirstClass CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Serv ...) NOT-FOR-US: Ability Mail Server CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail Ser ...) NOT-FOR-US: Ability Mail Server CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...) NOT-FOR-US: GmaxWWW CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (G ...) NOT-FOR-US: GmaxWWW CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...) NOT-FOR-US: Opera CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40 ...) NOT-FOR-US: Informix Dynamic Server CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) befor ...) NOT-FOR-US: Informix Dynamic Server CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) NOT-FOR-US: Nexgen FTP Server CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) NOT-FOR-US: Nexgen FTP Server CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees uni ...) - dropbear 0.43-2 CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major s ...) NOT-FOR-US: PHP Live! CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 an ...) NOT-FOR-US: PHP Gift Registry CVE-2004-XXXX [Unspecified buffer overflow in libmng] - libmng 1.0.8-1 (bug #250106) CVE-2004-XXXX [Multiple buffer overflows in isoqlog] - isoqlog 2.2-0.1 (bug #254101; bug #202634) CVE-2004-XXXX [asciijump: /var/games/asciijump world writable] - asciijump 0.0.6-1.2 (bug #269186) CVE-2004-XXXX [Barrendero spool world-readable] - barrendero 1.1-1 (bug #279163) CVE-2004-XXXX [Two vulnerabilities in sredird] - sredird 2.2.1-1.1 (bug #267098) CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host] - phpwiki 1.3.12p2-1 (bug #282565; medium) CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...) NOT-FOR-US: Kerio WinRoute Firewall CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...) NOT-FOR-US: Outlook CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to con ...) NOT-FOR-US: MyProxy CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass se ...) NOTE: could not reproduce this with squid 2.5, neither could the redhat guys NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522 - squid 2.5 CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensi ...) - squid 2.5.8 CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Tra ...) NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name." CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the p ...) NOT-FOR-US: DiamondCS CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...) NOT-FOR-US: MS IE CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 a ...) NOT-FOR-US: Google Toolbar CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers t ...) NOT-FOR-US: PHPNews CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows lo ...) NOT-FOR-US: wmFrog CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a de ...) NOT-FOR-US: Outpost Pro CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine bef ...) NOT-FOR-US: QuoteEngine CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact an ...) NOT-FOR-US: MadBMS CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1 ...) NOT-FOR-US: phpScheduleIt CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlie ...) NOT-FOR-US: SillySearch CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a larg ...) NOT-FOR-US: Easy Chat Server CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a de ...) NOT-FOR-US: Easy Chat Server CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Serv ...) NOT-FOR-US: Easy Chat Server CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 all ...) NOT-FOR-US: ADA Image Server CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attacke ...) NOT-FOR-US: ADA Image Server CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files vi ...) - cplay 1.49-3 (medium) CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...) - gnubiff 2.0.0 (medium) CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote at ...) - gnubiff 2.0.0 (medium) CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...) - gnubiff 2.0.0 (medium) CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or crea ...) NOT-FOR-US: Open WebMail CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...) NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier al ...) NOT-FOR-US: miniBB CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...) NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...) NOT-FOR-US: aMSN 0.90 for Microsoft Windows CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4 ...) NOT-FOR-US: Tutti Nova CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01 ...) NOT-FOR-US: Hitachi Cosminexus Portal Framework CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...) NOT-FOR-US: Roger Wilco CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wil ...) NOT-FOR-US: Roger Wilco CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...) NOT-FOR-US: Roger Wilco CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...) NOT-FOR-US: S-Mart Shopping Cart or RediCart CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...) NOT-FOR-US: *1st Class Mail Server CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...) NOT-FOR-US: *1st Class Mail Server CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...) NOT-FOR-US: Jaws CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allo ...) NOT-FOR-US: Jaws CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an H ...) NOT-FOR-US: Jaws CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...) NOT-FOR-US: Kerio CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlie ...) - proxytunnel 1.2.0-1 CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers do ...) NOT-FOR-US: HP printers CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows rem ...) NOT-FOR-US: PHP-Fusion CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...) NOT-FOR-US: PHP-Fusion CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores t ...) NOT-FOR-US: Computer Associates Unicenter Common Services CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...) NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS) CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: MS IE CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...) NOT-FOR-US: ADM ActiveX control CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: WinAgents TFTP Server CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 thr ...) NOT-FOR-US: ignitionServer CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not d ...) NOT-FOR-US: Trend OfficeScan CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX spam ...) NOT-FOR-US: EnderUNIX spamGuard CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...) NOT-FOR-US: WWWguestbook CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie ...) NOT-FOR-US: Axis Network Camera CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and earl ...) NOT-FOR-US: Axis Network Camera CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie ...) NOT-FOR-US: Axis Network Camera CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow rem ...) NOT-FOR-US: BEA CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch IMa ...) NOT-FOR-US: Ipswitch IMail Server CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote at ...) NOT-FOR-US: Ipswitch IMail Server CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...) NOT-FOR-US: Hitachi Job Management Partner CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...) NOT-FOR-US: Hitachi Job Management Partner CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain username ...) NOT-FOR-US: Keene Digital Media Server CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to exe ...) NOT-FOR-US: slimftpd not in debian CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...) NOT-FOR-US: smtp.proxy CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote atta ...) NOT-FOR-US: ccproxy CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...) NOT-FOR-US: Davenport CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Over ...) NOT-FOR-US: Novell NetWare CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 al ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 thr ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4. ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2. ...) - samhain 2.0.2 CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 thr ...) - samhain 2.0.2 CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earli ...) - kernel-patch-vserver 1.9.2 CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown at ...) - phpgroupware 0.9.14.002 CVE-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before 0 ...) - phpgroupware 0.9.14.002 CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including F- ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2004-2404 REJECTED CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3. ...) NOT-FOR-US: YaBB CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...) NOT-FOR-US: YaBB CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging be ...) NOT-FOR-US: Ipswitch IMail CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in plaintex ...) NOT-FOR-US: WinFTP Server CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote atta ...) NOT-FOR-US: Sidewinder CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...) NOT-FOR-US: Netenberg Fantastico De Luxe CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...) NOT-FOR-US: Blue Coat CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...) NOTE: shadow is a different code base, and does not have this problem CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ser ...) NOTE: shadow is a different code base, and does not have this problem CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin op ...) NOTE: shadow is a different code base, and does not have this problem CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not pro ...) NOT-FOR-US: Sun JSSE CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...) NOT-FOR-US: libuser CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2 ...) NOT-FOR-US: jabber-gg-transport CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. ...) NOT-FOR-US: jabber-gg-transport CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg- ...) NOT-FOR-US: jabber-gg-transport CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd str ...) NOT-FOR-US: rexecd CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...) NOT-FOR-US: sercd CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before 2.3 ...) NOT-FOR-US: sercd CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path inf ...) NOT-FOR-US: EMU Webmail CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Winamp CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote at ...) NOT-FOR-US: Microsoft CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote atta ...) - jetty 4.2.19-1 (medium) CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight Utiliti ...) NOT-FOR-US: Twilight Utilities Web Server CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...) NOT-FOR-US: @Mail CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of se ...) NOT-FOR-US: @Mail CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a de ...) NOT-FOR-US: Alcatel OmniSwitch CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0. ...) NOT-FOR-US: Twilight Utilities Web Server CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...) NOT-FOR-US: 1st Class Mail Server CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the serv ...) NOT-FOR-US: BadBlue CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...) NOT-FOR-US: AIM CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows loc ...) - bochs 2.1.1-1 CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and earl ...) NOT-FOR-US: Red Storm Games CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillia ...) NOT-FOR-US: Cerulean Trillian CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...) NOT-FOR-US: Lotus Domino CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 a ...) NOT-FOR-US: Opt-X CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...) NOT-FOR-US: WFTPD CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 all ...) NOT-FOR-US: GlobalScape Secure FTP Server CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows loc ...) NOT-FOR-US: Microsoft CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3. ...) NOT-FOR-US: PHPX CMS CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...) NOT-FOR-US: PHPX CMS CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...) NOT-FOR-US: PHPX CMS CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 a ...) NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0 CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Targem Battle Mages CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...) NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...) - phpbb2 2.0.6c (low) CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does no ...) NOT-FOR-US: roofpoint Protection Server CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...) NOT-FOR-US: Fizmez CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (C ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 throu ...) NOT-FOR-US: 4nGuestbook CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...) NOT-FOR-US: BugPort CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 all ...) NOT-FOR-US: GBook CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 all ...) NOT-FOR-US: GBook CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...) - phpbb2 2.0.8 (low) CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) NOT-FOR-US: Tunez CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...) NOT-FOR-US: Sybari AntiGen for Domino CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attack ...) NOT-FOR-US: Leif M. Wright Web Blog CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Serve ...) NOT-FOR-US: Forum Web Server CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...) NOT-FOR-US: Oracle CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW12 ...) NOT-FOR-US: VocalTec CVE-2004-2343 (** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local user ...) NOTE: apache disputes this and I agree -- joeyh CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service (s ...) NOT-FOR-US: ChatterBox CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for iSearc ...) NOT-FOR-US: iSearch CVE-2004-2340 NOT-FOR-US: PunkBuster Screenshot Database CVE-2004-2339 (** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows lo ...) NOT-FOR-US: Microsoft CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules with ...) NOT-FOR-US: OpenBSD CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed wit ...) NOT-FOR-US: inlook CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...) NOT-FOR-US: Novel Groupwise CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...) NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2 ...) NOT-FOR-US: EMU Webmail CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...) NOT-FOR-US: Bodington CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...) NOT-FOR-US: WWW::Form CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox se ...) NOT-FOR-US: ColdFusion CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a deni ...) NOT-FOR-US: ColdFusion CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbi ...) NOT-FOR-US: Kerio Personal Firewal CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...) NOT-FOR-US: Clearswift MAILsweeper CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Vizer CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...) NOT-FOR-US: IP3 Networks NetAccess CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNet ...) NOT-FOR-US: DotNetNuke CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...) NOT-FOR-US: DotNetNuke CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows re ...) NOT-FOR-US: DotNetNuke CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...) NOT-FOR-US: phpWebSite CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...) NOT-FOR-US: BEA WebLogic CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 a ...) NOT-FOR-US: BEA WebLogic CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users t ...) NOT-FOR-US: IBM Informatik Dynamic Server CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0 ...) NOT-FOR-US: SurgeFTP Server CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allo ...) NOT-FOR-US: AppWeb HTTP server CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ca ...) NOT-FOR-US: AppWeb HTTP server CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ca ...) NOT-FOR-US: AppWeb HTTP server CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...) NOT-FOR-US: Novell iChain Server CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error message ...) - courier (unimportant) NOTE: This is a lack of a security feature, but not a direct vulnerability CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...) NOT-FOR-US: AIX only CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6 ...) NOT-FOR-US: Lotus Domino CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domi ...) NOT-FOR-US: Lotus Domino CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows loca ...) NOT-FOR-US: Crob FTP Server CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...) NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attac ...) NOT-FOR-US: MS IE CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled a ...) NOT-FOR-US: Solaris CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...) NOT-FOR-US: Computer Associates CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 a ...) NOT-FOR-US: Cerulean Trillian CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...) - mtools 3.9.9 CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions i ...) {DSA-922-1 DTSA-16-1} - linux-2.6 (Fixed before upload into archive; 2.6.10) - kernel-source-2.4.27 CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Eudora CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...) - net-snmp (snmpd is neither setuid nor setgid in Debian) CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote a ...) NOT-FOR-US: Omnicron CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 a ...) NOT-FOR-US: Novell Internet Messaging System CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) {DSA-980-1} - tutos 1.1.20031017-2.1 (bug #318633; medium) CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows r ...) {DSA-980-1} - tutos 1.1.20031017-2.1 (bug #318633; medium) CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to c ...) NOT-FOR-US: PHP-Nuke CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7 ...) NOT-FOR-US: PHP-Nuke CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7 ...) NOT-FOR-US: PHP-Nuke CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the Re ...) NOT-FOR-US: PHP-Nuke CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...) NOT-FOR-US: PHP-Nuke CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to caus ...) NOT-FOR-US: Alt-N Technologies Mdaemon CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary co ...) NOT-FOR-US: Microsoft CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...) NOT-FOR-US: Microsoft CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBull ...) NOT-FOR-US: vBulletin CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web Fil ...) NOT-FOR-US: Light Web File Manager CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows remo ...) NOT-FOR-US: ActivePerl CVE-2004-2285 REJECTED CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...) NOT-FOR-US: OpenWebmail CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote at ...) - dansguardian 2.6.1-13 (medium) CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filt ...) - dansguardian 2.7.7-2 CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...) NOT-FOR-US: IBM Lotus Notes CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...) NOT-FOR-US: IBM Lotus Notes CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 F ...) NOT-FOR-US: Invision Power Board CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHo ...) NOT-FOR-US: vHost CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life serve ...) NOT-FOR-US: aGSM Half-Life CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbit ...) NOT-FOR-US: I-Mall Commerce CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and at ...) NOT-FOR-US: w3m Jigsaw CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...) NOT-FOR-US: efFingerD CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD 0. ...) NOT-FOR-US: efFingerD CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...) NOT-FOR-US: MiniShare CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 all ...) NOT-FOR-US: IBM Parallel Environment CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection Syste ...) - pads 1.1.1 (high) CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...) NOT-FOR-US: PimenGest2 CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allo ...) NOT-FOR-US: Ansel CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote att ...) NOT-FOR-US: Ansel CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...) - uudeview 0.5.20-2.1 (bug #320541; low) [sarge] - uudeview (Hardly exploitable) NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500) CVE-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in filen ...) - less (less is not suid, explotability unlikely) CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in Pl ...) NOT-FOR-US: PlaySMS CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...) NOT-FOR-US: e107 CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote attacke ...) NOT-FOR-US: e107 CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the addres ...) NOT-FOR-US: Opera CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...) - vsftpd 2.0.1-1 (low) CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definiti ...) NOT-FOR-US: Hummingbird Exceed CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...) NOT-FOR-US: phpMyFAQ CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remot ...) NOT-FOR-US: phpMyFAQ CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote att ...) NOT-FOR-US: phpMyFAQ CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, al ...) NOT-FOR-US: SurgeLDAP CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ea ...) NOT-FOR-US: SurgeLDAP CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...) NOT-FOR-US: Astaro suite CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides informa ...) NOT-FOR-US: Astaro suite CVE-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before 0.1. ...) NOT-FOR-US: RemoteEditor CVE-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before 0.1. ...) NOT-FOR-US: SecureEditor CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...) NOT-FOR-US: RemoteEditor CVE-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in Audi ...) NOT-FOR-US: AudienceConnect CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allo ...) NOT-FOR-US: Goollery CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remot ...) NOT-FOR-US: Goollery CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9 ...) NOT-FOR-US: Oracle CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by st ...) NOT-FOR-US: Phorum CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, poss ...) NOT-FOR-US: Phorum CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...) NOT-FOR-US: Phorum CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier al ...) NOT-FOR-US: Phorum CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...) - vpopmail (bug #320608; low) CVE-2004-2238 (** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5. ...) NOTE: format string vuln in vpopmail doesn't seem to be real CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and at ...) - moodle 1.4-1 CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and at ...) - moodle 1.3.3-1 CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and atta ...) - moodle 1.2.1-1 CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in a ...) - moodle 1.2.1-1 CVE-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle befo ...) - moodle 1.3.2-1 CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in Moodl ...) - moodle 1.4.2-1 CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...) NOT-FOR-US: InstallAnywhere CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allow ...) NOT-FOR-US: OpenBSD CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0 ...) NOT-FOR-US: Oracle CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable permission ...) - mozilla-firefox (Only affects Firefox on MacOS) CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file downlo ...) - mozilla-firefox 1.0-1 CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Ma ...) - mozilla-thunderbird 1.0-3 CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitr ...) - mozilla-firefox 0.99+1.0RC1-1 CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...) NOT-FOR-US: Message Foundry CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of s ...) NOT-FOR-US: FsPHPGallery CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...) NOT-FOR-US: FsPHPGallery CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows rem ...) NOT-FOR-US: SoftCart CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not prop ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the add ...) NOT-FOR-US: Microsoft CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and e ...) NOT-FOR-US: PHPMyWebHosting CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow r ...) NOT-FOR-US: yChat CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlie ...) NOT-FOR-US: Sun Java CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, whi ...) - rxvt-unicode 3.8-1 CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to by ...) NOT-FOR-US: AppWeb HTTP server CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ob ...) NOT-FOR-US: AppWeb HTTP server CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allo ...) NOT-FOR-US: AliveSites CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allo ...) NOT-FOR-US: AliveSites CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Con ...) NOT-FOR-US: Express-Web CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5 ...) NOT-FOR-US: IdealBB CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1. ...) NOT-FOR-US: IdealBB CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4. ...) NOT-FOR-US: IdealBB CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...) NOT-FOR-US: NatterChat CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allo ...) NOT-FOR-US: Veritas CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...) NOT-FOR-US: Cold Fusion CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) NOT-FOR-US: Ansel CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 thro ...) NOT-FOR-US: DUclassified CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows r ...) NOT-FOR-US: DUforum CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...) NOT-FOR-US: DUforum CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 al ...) NOT-FOR-US: DUclassified CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attack ...) NOT-FOR-US: DUclassmate CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the own ...) NOT-FOR-US: kdocker CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...) NOT-FOR-US: Zanfi CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...) NOT-FOR-US: Zanfi CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition bef ...) NOT-FOR-US: MailEnable CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4 ...) NOT-FOR-US: CJOverkill CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...) NOT-FOR-US: Turbo Traffic Trader CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) NOT-FOR-US: Turbo Traffic Trader CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact an ...) - unzoo 4.4-3 (bug #306164) CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows re ...) NOT-FOR-US: DMXReady CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Mana ...) NOT-FOR-US: DMXReady CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "fi ...) - mediawiki 1.4.9 (bug #276057) CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...) - mediawiki 1.4.9 (bug #276057) CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...) - mediawiki 1.4.9 (bug #276057) CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...) NOT-FOR-US: Digicraft Yak! CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to exec ...) NOT-FOR-US: WeHelpBUS CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote at ...) NOT-FOR-US: Macromedia JRun CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remot ...) NOT-FOR-US: WowBB Forum CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.6 ...) NOT-FOR-US: WowBB Forum CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...) NOT-FOR-US: Microsoft CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote a ...) NOT-FOR-US: DevoyBB CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 al ...) NOT-FOR-US: DevoyBB CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...) NOT-FOR-US: Microsoft CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow rem ...) NOT-FOR-US: ReviewPost CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...) NOT-FOR-US: EarlyImpact CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductC ...) NOT-FOR-US: EarlyImpact CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt passw ...) NOT-FOR-US: EarlyImpact CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allo ...) - cherokee 0.4.8 CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan 2 ...) NOT-FOR-US: Caravan CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote aut ...) NOT-FOR-US: Application Access Server (A-A-S) CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service (CP ...) NOT-FOR-US: BaSoMail CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other vers ...) - latex2rtf 1.9.16 CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C ...) NOT-FOR-US: Canon ImageRUNNER CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, allo ...) NOT-FOR-US: Lords of the Realm CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database connect ...) NOT-FOR-US: VP-ASP CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...) NOT-FOR-US: OpenBSD CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...) - xmlstarlet 1.0.0-1 CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...) - xmlstarlet 1.0.0-1 CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote att ...) - serendipity 1.0-1 CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...) - serendipity 1.0-1 CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...) NOT-FOR-US: Online Recruitment Agency CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its au ...) NOT-FOR-US: Online-bookmarks CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as cas ...) - cups 1.1.20final+rc1-1 (low) - cupsys 1.1.20final+rc1-1 (low) CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software 1. ...) NOT-FOR-US: Real Estate Management Software CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...) - mediawiki 1.4.9 (bug #276057) CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denia ...) NOT-FOR-US: Chatman CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different e ...) NOT-FOR-US: INTELLIPEER Email Server CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for M ...) - mysql-dfsg-4.1 4.1.5-1 CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava Asta ...) - fprobe-ng 1.1-1 - fprobe 1.1-4 NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package NOTE: replaced fprobe therefore marking as fixed in 1.1-4 CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook al ...) NOT-FOR-US: Symantec Antivirus CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...) NOT-FOR-US: MegaBBS CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows r ...) NOT-FOR-US: MegaBBS CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass authenti ...) NOT-FOR-US: Baal Smart Forms CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...) NOT-FOR-US: Mambo Portal CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...) - sdd 1.52-1 CVE-2004-2141 REJECTED CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...) NOT-FOR-US: YaBB CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...) NOT-FOR-US: YaBB CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScri ...) NOT-FOR-US: MySQLGuest CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...) NOT-FOR-US: Microsoft CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems with ...) - linux-2.6 2.6.10-1 (low) - linux-2.6.24 (fixed before initial upload) CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems wi ...) - linux-2.6 2.6.32-2 (unimportant) - linux-2.6.24 (unimportant) NOTE: minor issue; solution (removal of cryptoloop) would be a significant change NOTE: if backported to the stable releases NOTE: mitigation: use dm-crypt or loop-aes for disk encrytion instead of cryptoloop CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) NOT-FOR-US: Oracle CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, cont ...) NOT-FOR-US: CVSup third party modules CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo re ...) NOT-FOR-US: PJ CGI Nero CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) NOT-FOR-US: Informix Dynamic Server CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) - phpbb2 2.0.6d-2 CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service (cras ...) NOT-FOR-US: SurfNOW CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) NOT-FOR-US: WebWeaver CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote attack ...) NOT-FOR-US: Web Blog CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure p ...) NOT-FOR-US: BlackICE CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...) NOT-FOR-US: BlackICE CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through 1. ...) - gallery 1.4.4-pl1-1 CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E ...) NOT-FOR-US: Nextplace CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) NOT-FOR-US: Intra Forum CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server (BW ...) NOT-FOR-US: Borland Web Server CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Reptile Web Server CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows rem ...) NOT-FOR-US: Tiny Server CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: Tiny Server CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: Tiny Server CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote att ...) NOT-FOR-US: Tiny Server CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Ser ...) NOT-FOR-US: Oracle CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earl ...) NOT-FOR-US: ProxyNow! CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows r ...) NOT-FOR-US: BremsServer CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote a ...) NOT-FOR-US: BremsServer CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP Se ...) NOT-FOR-US: Serv-U FTP Server CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 all ...) NOT-FOR-US: Phorum CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.a ...) NOT-FOR-US: Q-Shop CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...) NOT-FOR-US: Q-Shop CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not au ...) NOT-FOR-US: Finjan SurfinGate CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attacke ...) NOT-FOR-US: Novell NetWare CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...) NOT-FOR-US: Novell NetWare CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attacke ...) NOT-FOR-US: Novell NetWare CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...) NOT-FOR-US: Novell NetWare CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified v ...) NOT-FOR-US: Freesco CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...) NOT-FOR-US: GeoHttpServer CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote at ...) NOT-FOR-US: GeoHttpServer CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ver ...) NOT-FOR-US: Need for Speed game CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5. ...) NOT-FOR-US: Banner engine CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbi ...) - fvwm (Used mktemp) - xbase-clients (x11perfcomp uses mkdir atomically) - lvm10 (does not contain lvmcreate_initrd) CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 fi ...) NOT-FOR-US: Mephistoles CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags se ...) - honeyd 0.8-1 CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows r ...) NOT-FOR-US: WebcamXP CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...) - rsync 2.6.1-1 CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for multipl ...) NOT-FOR-US: InoculateIT CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ide ...) NOT-FOR-US: Microsoft CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...) NOT-FOR-US: Matrix FTP Server CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scannin ...) NOT-FOR-US: Sophos CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote attacke ...) NOT-FOR-US: SandSurfer CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before th ...) NOT-FOR-US: Sambar CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpC ...) NOT-FOR-US: phpcodeCabinet CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop E-Comm ...) NOT-FOR-US: JShop CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick us ...) NOT-FOR-US: Opera CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authent ...) NOT-FOR-US: Sami FTP Server CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...) NOT-FOR-US: Sami FTP Server CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spa ...) NOT-FOR-US: Red-Alert CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...) NOT-FOR-US: Red-Alert CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attacke ...) NOT-FOR-US: Red-Alert CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 all ...) NOT-FOR-US: Nadeo CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBu ...) NOT-FOR-US: Jelsoft Bulletin CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Sophos CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ca ...) NOT-FOR-US: Dream FTP CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a virtua ...) - kernel-patch-vserver 1.9.4-1 CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open S ...) NOT-FOR-US: Mambo CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versi ...) NOT-FOR-US: Macallan CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allo ...) NOT-FOR-US: Altiris Client Service for Windows CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...) NOT-FOR-US: JAWS CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remo ...) NOT-FOR-US: LinPHA CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ext ...) - dansguardian 2.5.2-0-0.1 CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier a ...) NOT-FOR-US: lostBook CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) NOT-FOR-US: AntiBoard CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ea ...) NOT-FOR-US: AntiBoard CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) NOT-FOR-US: RiSearch CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db directo ...) NOT-FOR-US: ASPRunner CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow r ...) NOT-FOR-US: ASPRunner CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information vi ...) NOT-FOR-US: ASPRunner CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers t ...) NOT-FOR-US: ASPRunner CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows r ...) NOT-FOR-US: ASPRunner CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) - phpbb2 2.0.10-1 CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote at ...) - phpbb2 2.0.10-1 CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns Stadtp ...) NOT-FOR-US: Easyins Stadtportal CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accep ...) NOT-FOR-US: eSeSIX Thintune CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware 2 ...) NOT-FOR-US: eSeSIX Thintune CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) NOT-FOR-US: eSeSIX Thintune CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) NOT-FOR-US: eSeSIX Thintune CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ear ...) NOT-FOR-US: no_package CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) NOT-FOR-US: no_package CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7 ...) NOT-FOR-US: no_package CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) NOT-FOR-US: no_package CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such a ...) NOT-FOR-US: no_package CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other versio ...) {DSA-1014-1} - firebird2 1.5.3.4870-3 (bug #357580) CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote atta ...) NOT-FOR-US: no_package CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in e1 ...) NOT-FOR-US: no_package CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allo ...) NOT-FOR-US: no_package CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: no_package CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) befo ...) NOT-FOR-US: no_package CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) NOT-FOR-US: no_package CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) NOT-FOR-US: no_package CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: no_package CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildT ...) NOT-FOR-US: no_package CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: no_package CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) NOT-FOR-US: no_package CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows re ...) NOT-FOR-US: no_package CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for L ...) NOT-FOR-US: no_package CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 R ...) NOT-FOR-US: no_package CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows r ...) NOT-FOR-US: no_package CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers t ...) - icecast2 2.0.1.debian-1 CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) - pound 1.7-1 CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) NOT-FOR-US: no_package CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain deb ...) NOT-FOR-US: no_package CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 bef ...) NOT-FOR-US: no_package CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, w ...) NOT-FOR-US: various perls on Windows CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce 2. ...) NOT-FOR-US: osCommerce CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x th ...) NOT-FOR-US: php-nuke CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attacker ...) NOT-FOR-US: php-nuke CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x t ...) NOT-FOR-US: php-nuke CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic T ...) NOT-FOR-US: Turbo Traffic Trader C (TTT-C) CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earl ...) NOT-FOR-US: netchat CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allow ...) NOT-FOR-US: WebCT CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) - wget 1.9.1-12 CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) NOT-FOR-US: NetBSD CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) NOT-FOR-US: MSIE CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...) NOT-FOR-US: phpShop CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full pa ...) NOT-FOR-US: NukeJokes CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) NOT-FOR-US: NukeJokes CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1 ...) NOT-FOR-US: NukeJokes CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) NOT-FOR-US: OfficeScan CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows rem ...) NOT-FOR-US: Eudora CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) NOT-FOR-US: SUSE Live CD CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter (sslwa ...) NOT-FOR-US: DeleGate CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote at ...) NOT-FOR-US: IRIX CVE-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disa ...) NOT-FOR-US: IRIX CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x th ...) NOT-FOR-US: Php-Nuke CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in Ph ...) NOT-FOR-US: Windows CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote attacke ...) NOT-FOR-US: php-nuke CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, w ...) NOT-FOR-US: kolab CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...) NOT-FOR-US: Simple Machines Forum CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) NOT-FOR-US: FuseTalk CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct r ...) NOT-FOR-US: FuseTalk CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail 0.9 ...) NOT-FOR-US: omail CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote atta ...) NOT-FOR-US: Serv-U CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allo ...) NOT-FOR-US: aweb CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) NOT-FOR-US: aweb CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine Pho ...) NOT-FOR-US: Coppermine CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...) NOT-FOR-US: Coppermine CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) NOT-FOR-US: Coppermine CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo G ...) NOT-FOR-US: Coppermine CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) NOT-FOR-US: Coppermine CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) NOT-FOR-US: Coppermine CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for L ...) - kernel-patch-adamantix (Only affects PaX for kernel 2.6) CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify record ...) NOT-FOR-US: YaBB CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) NOT-FOR-US: Crystal Reports CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allow ...) NOT-FOR-US: PROPS CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6 ...) NOT-FOR-US: PROPS CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) - moodle 1.3 CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote admin ...) NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in paf ...) NOT-FOR-US: paFileDB CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: paFileDB CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: DiGi Web Server CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery M ...) NOT-FOR-US: PHP-Nuke CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) NOT-FOR-US: PHP-Nuke CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung switches ...) NOT-FOR-US: Samsung SmartEther SS6215Sswitch CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) NOT-FOR-US: OpenBB CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) NOT-FOR-US: OpenBB CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php ...) NOT-FOR-US: OpenBB CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) NOT-FOR-US: OpenBB CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin B ...) NOT-FOR-US: OpenBB CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query T ...) NOT-FOR-US: Network Query Tool (NQT) CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obt ...) NOT-FOR-US: Network Query Tool (NQT) CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 al ...) NOT-FOR-US: Protector System CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to bypa ...) NOT-FOR-US: Protector System CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in Prote ...) NOT-FOR-US: Protector System CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remot ...) NOT-FOR-US: Protector System CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine all ...) NOT-FOR-US: Unreal engine CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) NOT-FOR-US: PostNuke CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a dir ...) NOT-FOR-US: PostNuke CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) NOT-FOR-US: phProfession CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in phProfessio ...) NOT-FOR-US: phProfession CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) NOT-FOR-US: phProfession CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote at ...) NOT-FOR-US: Advanced Guestbook CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.2 ...) - xine-ui 0.99.1 CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwar ...) - phpbb2 2.0.9 CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remot ...) NOT-FOR-US: PostNuke CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are inclu ...) - ncftp 2:3.1.8-1 (low) CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender S ...) NOT-FOR-US: bitdefender CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c fo ...) - cherokee 0.4.21b01-1 CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) NOT-FOR-US: Kinesphere eXchange POP3 CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a de ...) NOT-FOR-US: Eudora CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB m ...) NOT-FOR-US: phpbb as modified by przemo CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 throu ...) NOT-FOR-US: Solaris CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to c ...) NOT-FOR-US: Fastream NETFile FTP/Web Server CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to c ...) - kphone 1:4.0.2 CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows r ...) NOT-FOR-US: Zaep CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows re ...) NOT-FOR-US: Phorum CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1. ...) NOT-FOR-US: Nuked-KlaN CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote at ...) NOT-FOR-US: ZoneAlarm CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) NOT-FOR-US: SCT Campus Pipeline CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...) NOT-FOR-US: Gemitel CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) NOT-FOR-US: Citadel CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-N ...) NOT-FOR-US: PhpNuke CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) NOT-FOR-US: PhpNuke CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php i ...) NOT-FOR-US: PhpNuke CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ea ...) NOT-FOR-US: tikiwiki CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) NOT-FOR-US: tikiwiki CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attacker ...) NOT-FOR-US: tikiwiki CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki ...) NOT-FOR-US: tikiwiki CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupw ...) NOT-FOR-US: tikiwiki CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attacker ...) NOT-FOR-US: tikiwiki CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) NOT-FOR-US: MSIE CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" usern ...) NOT-FOR-US: X-Micro WLAN 11b Broadband Router CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) NOT-FOR-US: X-Micro WLAN 11b Broadband Router CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) NOT-FOR-US: Crackalaka CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service (conne ...) NOT-FOR-US: rsniff CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ear ...) - lcdproc 0.4.5 CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x v ...) - lcdproc 0.4.5 CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc 0 ...) - lcdproc 0.4.5 CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as u ...) NOT-FOR-US: phpnuke CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in NukeCalenda ...) NOT-FOR-US: phpnuke CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) NOT-FOR-US: phpnuke CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allow ...) NOT-FOR-US: AzDGDatingLite CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) NOT-FOR-US: Symantec CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) - clamav 0.68.1 CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows rem ...) NOT-FOR-US: Mcafee FreeScan CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.1 ...) NOT-FOR-US: Kerio Personal Firewall CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service a ...) NOT-FOR-US: Mcafee FreeScan CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) NOT-FOR-US: Panda ActiveScan CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) NOT-FOR-US: Panda ActiveScan CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute a ...) NOT-FOR-US: blaxxun CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential s ...) NOT-FOR-US: Citrix MetaFrame Password Manager CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary fil ...) NOT-FOR-US: gentoo portage CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert St ...) NOT-FOR-US: IGI 2 Covert Strike server CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote at ...) - monit 1:4.2.1 CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit 1 ...) - monit 1:4.2.1-1 CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote attack ...) - monit 1:4.2.1-1 CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 throu ...) NOT-FOR-US: no_package CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ove ...) NOT-FOR-US: no_package CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows loc ...) NOT-FOR-US: no_package CVE-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) NOT-FOR-US: no_package CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ( ...) NOT-FOR-US: no_package CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...) NOT-FOR-US: no_package CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) NOT-FOR-US: no_package CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) NOT-FOR-US: no_package CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute arbitr ...) NOT-FOR-US: no_package CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view director ...) NOT-FOR-US: no_package CVE-2004-1886 REJECTED CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to exec ...) NOT-FOR-US: no_package CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) NOT-FOR-US: no_package CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow re ...) NOT-FOR-US: no_package CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in Cac ...) NOT-FOR-US: no_package CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) NOT-FOR-US: no_package CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier al ...) - openldap2 2.1.17-1 CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allow ...) NOT-FOR-US: no_package CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, obtai ...) NOT-FOR-US: no_package CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i Appli ...) NOT-FOR-US: no_package CVE-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) - clamav 0.70-1 CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R8 ...) NOT-FOR-US: no_package CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) NOT-FOR-US: no_package CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2 ...) NOT-FOR-US: no_package CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1 ...) NOT-FOR-US: no_package CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP P ...) NOT-FOR-US: no_package CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) NOT-FOR-US: no_package CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allow ...) NOT-FOR-US: no_package CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allow ...) NOT-FOR-US: no_package CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest B ...) NOT-FOR-US: no_package CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) - nstx 1.1-beta4-1 CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel i ...) NOT-FOR-US: no_package CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta all ...) NOT-FOR-US: no_package CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extrem ...) NOT-FOR-US: no_package CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme Message ...) NOT-FOR-US: no_package CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to enc ...) NOT-FOR-US: no_package CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...) NOT-FOR-US: no_package CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web Viruswa ...) NOT-FOR-US: no_package CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) NOT-FOR-US: no_package CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7. ...) NOT-FOR-US: no_package CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) NOT-FOR-US: no_package CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA publi ...) NOT-FOR-US: no_package CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) NOT-FOR-US: no_package CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) NOT-FOR-US: no_package CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transm ...) NOT-FOR-US: no_package CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data t ...) NOT-FOR-US: no_package CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: no_package CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 al ...) NOT-FOR-US: no_package CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) NOT-FOR-US: no_package CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) NOT-FOR-US: no_package CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) NOT-FOR-US: no_package CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager Li ...) NOT-FOR-US: no_package CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System 2 ...) NOT-FOR-US: no_package CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows rem ...) NOT-FOR-US: no_package CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x throug ...) NOT-FOR-US: no_package CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke all ...) NOT-FOR-US: no_package CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis mod ...) NOT-FOR-US: no_package CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) NOT-FOR-US: no_package CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) NOT-FOR-US: no_package CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3. ...) NOT-FOR-US: no_package CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site Li ...) NOT-FOR-US: no_package CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision Galler ...) NOT-FOR-US: no_package CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, inc ...) - apache2 2.0.53-1 CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...) NOT-FOR-US: no_package CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allow ...) NOT-FOR-US: no_package CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...) NOT-FOR-US: no_package CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attacker ...) NOT-FOR-US: no_package CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gi ...) NOT-FOR-US: no_package CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization t ...) NOT-FOR-US: no_package CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaB ...) NOT-FOR-US: no_package CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 stab ...) NOT-FOR-US: no_package CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open So ...) NOT-FOR-US: no_package CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...) NOT-FOR-US: no_package CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBullet ...) NOT-FOR-US: no_package CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 thro ...) NOT-FOR-US: no_package CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7 ...) NOT-FOR-US: no_package CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in 4nal ...) NOT-FOR-US: no_package CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to o ...) NOT-FOR-US: no_package CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.9 ...) NOT-FOR-US: no_package CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7. ...) NOT-FOR-US: no_package CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...) NOT-FOR-US: no_package CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...) NOT-FOR-US: no_package CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allow ...) NOT-FOR-US: no_package CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authenti ...) NOT-FOR-US: no_package CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) cam ...) NOT-FOR-US: no_package CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...) NOT-FOR-US: no_package CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...) NOT-FOR-US: no_package CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier a ...) - phpbb2 2.0.10-1 NOTE: probably fixed in 2.0.6d-3 CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...) NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail NOTE: see bug #308875 CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5. ...) NOT-FOR-US: no_package CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remo ...) NOT-FOR-US: no_package CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal Engin ...) NOT-FOR-US: no_package CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: no_package CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their I ...) NOT-FOR-US: no_package CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote at ...) NOT-FOR-US: no_package CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...) NOT-FOR-US: no_package CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, do ...) NOT-FOR-US: no_package CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...) NOT-FOR-US: no_package CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) NOT-FOR-US: no_package CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier a ...) NOT-FOR-US: no_package CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying f ...) NOT-FOR-US: no_package CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...) NOT-FOR-US: no_package CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...) NOT-FOR-US: no_package CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) NOT-FOR-US: no_package CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a def ...) NOT-FOR-US: Edimax Router CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: Edimax Router CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: ZyWALL CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web documen ...) NOT-FOR-US: ASP-Nuke CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote attack ...) NOT-FOR-US: PostCalendar CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) NOT-FOR-US: PortalApp CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board 1 ...) NOT-FOR-US: Invision Power Board CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows remot ...) NOT-FOR-US: web server of Webcam Watchdog CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 all ...) NOT-FOR-US: Net2Soft Flash FTP Server CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ex ...) NOT-FOR-US: Athena Web Registration CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and acces ...) NOT-FOR-US: Info Touch Surfnet kiosk CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) NOT-FOR-US: Info Touch Surfnet kiosk CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard bef ...) NOT-FOR-US: ThWboard CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, whe ...) - openssh 1:3.8p1 CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ca ...) - leafnode (Leafnode2 development branch) CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, cr ...) NOT-FOR-US: Skype CVE-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows loc ...) NOT-FOR-US: Skype CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and mod ...) NOT-FOR-US: Cisco CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating Soft ...) NOT-FOR-US: Cisco CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDS ...) NOT-FOR-US: Oracle CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow att ...) - sharutils 1:4.2.1-12 CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows loca ...) - sharutils 1:4.2.1-11 CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass in ...) NOT-FOR-US: Scalable OGo (SOGo) CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows r ...) NOT-FOR-US: not our cpanel CVE-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...) NOT-FOR-US: not our cpanel CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...) NOT-FOR-US: Symantec Brightmail AntiSpam CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain priv ...) NOT-FOR-US: Solaris CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...) NOT-FOR-US: NetScreen-Security Manager CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apa ...) - libapache-mod-security (only seems to affect 1.7.4, not the newer branch in Debian) CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, an ...) NOT-FOR-US: HP-UX CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...) NOT-FOR-US: hsrun.exe CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux bef ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...) - ethereal 0.10.3 CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...) NOT-FOR-US: Cisco CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM serve ...) NOT-FOR-US: Cisco CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...) NOT-FOR-US: BEA WebLogic Server CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the admin ...) NOT-FOR-US: BEA WebLogic Server CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic Server CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 SP ...) NOT-FOR-US: BEA WebLogic Server CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products a ...) NOT-FOR-US: Symantec DNSd CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...) NOT-FOR-US: Apple Java plugin CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote atta ...) NOT-FOR-US: Gaucho CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...) NOT-FOR-US: Ground Control II CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of s ...) NOT-FOR-US: RealVNC CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...) NOT-FOR-US: Attack Mitigator IPS 5500 CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ( ...) NOT-FOR-US: NtRegmon CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ru ...) NOT-FOR-US: NetworkEverywhere NR041 CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snip ...) NOT-FOR-US: PHP Code Snippet Library CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote attacker ...) NOT-FOR-US: Painkiller CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to caus ...) NOT-FOR-US: ESF Webserver CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...) NOT-FOR-US: ESF Webserver CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote attack ...) NOT-FOR-US: WebAPP CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cau ...) NOT-FOR-US: musicd CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to rea ...) NOT-FOR-US: musicd CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: Bird Chat CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows r ...) NOT-FOR-US: JShop CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows r ...) - cacti 0.8.5a-5 CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...) - cacti 0.8.5a-5 CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) - sympa 4.1.5-4 (bug #298105; unimportant) NOTE: A user with the privilege to create new mailing lists needs to be trustworthy CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remot ...) - mantis 0.19.2-1 CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions al ...) - mydms 1.4.3-1 CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4. ...) - mydms 1.4.3-1 CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send e ...) - mantis 0.19.0-1 CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows r ...) - mantis 0.19.0-1 CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) NOT-FOR-US: Nihuo Web Log Analyzer CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) NOT-FOR-US: sarad CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service (refu ...) NOT-FOR-US: BadBlue CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm. ...) NOT-FOR-US: XV CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers t ...) NOT-FOR-US: XV CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) NOT-FOR-US: PHP-Fusion CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) NOT-FOR-US: PHP-Fusion CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server 5.2. ...) NOT-FOR-US: Merak Mail Server CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail Se ...) NOT-FOR-US: Merak Mail Server CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak Mai ...) NOT-FOR-US: Merak Mail Server CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail S ...) NOT-FOR-US: Merak Webmail Server CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 an ...) NOT-FOR-US: IPD CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv (ghost ...) - gv 1:3.6.1-1 CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) NOT-FOR-US: PForum CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) NOT-FOR-US: MIMEsweeper CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) firewall.ini ...) NOT-FOR-US: BlackICE PC Protection CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01 ...) NOT-FOR-US: PRM on HP-UX CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote atta ...) NOT-FOR-US: TypePad CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) - moodle 1.4-1 CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via she ...) NOT-FOR-US: page.cgi CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) NOT-FOR-US: Datakey Rainbow iKey2032 USB token CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Webbsyte CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracl ...) NOT-FOR-US: Oracle CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote attack ...) NOT-FOR-US: U.S. Robotics wireless access point CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) NOT-FOR-US: Citadel/UX CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privilege ...) NOT-FOR-US: WpQuiz CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) NOT-FOR-US: Fusion News CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecure ...) NOT-FOR-US: Lexar Safe Guard CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2 ...) - cfengine2 2.1.8-1 CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in c ...) - cfengine2 2.1.8-1 CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnac ...) NOT-FOR-US: Pinnacle ShowCenter CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers t ...) NOT-FOR-US: Pinnacle ShowCenter CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earl ...) NOT-FOR-US: PopMessenger CVE-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) NOT-FOR-US: Computer Associates Unicenter Management Portal CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) NOT-FOR-US: EmuLive Server4 CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) NOT-FOR-US: EmuLive Server4 CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default user ...) NOT-FOR-US: Symantec CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ( ...) NOT-FOR-US: Mambo CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1. ...) NOT-FOR-US: Mambo CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a de ...) NOT-FOR-US: DNS4Me CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3 ...) NOT-FOR-US: DNS4Me CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...) - sudo 1.6.8p3-1 CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Pigeon Server CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...) NOT-FOR-US: Snitz Forums CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to byp ...) NOT-FOR-US: MSIE CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ru ...) NOT-FOR-US: SMC router CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an A ...) NOT-FOR-US: Zyxel CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...) NOT-FOR-US: crrtrap CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote authen ...) NOT-FOR-US: QNX FTP CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-in ...) NOT-FOR-US: QNX CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware 2.1.11 ...) NOT-FOR-US: Pingtel Xpressa CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote at ...) NOT-FOR-US: TwinFTP CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remo ...) NOT-FOR-US: PerlDesk CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive inform ...) NOT-FOR-US: PerlDesk CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6 ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denia ...) NOT-FOR-US: Serv-U FTP CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) NOT-FOR-US: Merak Mail Server CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web M ...) NOT-FOR-US: Merak Mail Server CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...) NOT-FOR-US: Merak Mail Server CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...) NOT-FOR-US: Merak Mail Server CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 w ...) NOT-FOR-US: Merak Mail Server CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 wi ...) NOT-FOR-US: Merak Mail Server CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Po ...) NOT-FOR-US: Subjects CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...) NOT-FOR-US: Halo Combat Evolved CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...) NOT-FOR-US: Cerulean Trillian CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 al ...) NOT-FOR-US: PsNews CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Call of Duty CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as Sto ...) NOT-FOR-US: Engenio/LSI Logic storage controllers CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: YaBB CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass authenticatio ...) NOT-FOR-US: MailWorks CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...) NOT-FOR-US: CuteNews CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3. ...) NOT-FOR-US: CuteNews CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with administrat ...) NOT-FOR-US: Kerio Personal Firewall CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events Vi ...) NOT-FOR-US: DasBlog CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows r ...) NOT-FOR-US: Comersus Shopping Cart CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ear ...) NOT-FOR-US: phpWebsite CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite 0.9.3 ...) NOT-FOR-US: phpWebsite CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, whic ...) - openssh (Documented SSH protocol behaviour, cannot be "fixed") NOTE: See bug #296547 for details CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if th ...) NOT-FOR-US: phpScheduleIt CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...) NOT-FOR-US: phpScheduleIt CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP add ...) NOT-FOR-US: D-Link DCS-900 CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to e ...) NOT-FOR-US: Msinfo32.exe CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangeP ...) NOT-FOR-US: Password Protect CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote attacker ...) NOT-FOR-US: Password Protect CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...) NOT-FOR-US: Xedus CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote at ...) NOT-FOR-US: Xedus CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...) NOT-FOR-US: Xedus CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of se ...) NOT-FOR-US: WS_FTP CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a den ...) NOT-FOR-US: WS_FTP CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...) NOT-FOR-US: Titan CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...) NOT-FOR-US: XOOPS CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows re ...) NOTE: This is not a real security issue; it just describes the fact that the Gecko NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed NOTE: during transfer any user will cancel the transfer and if you load it from the NOTE: hard disc, well than you have "DoSed" yourself, congratulations. NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers NOTE: generally try to make sense of anything even remotely resembling HTML. - firefox (unimportant) - iceweasel (unimportant) - mozilla (unimportant) CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) NOT-FOR-US: mailcarrier CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers t ...) NOT-FOR-US: Hawking Technologies HAR11A modem/router CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection functio ...) NOT-FOR-US: WvTftp CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insi ...) NOTE: does not affect older 2.16.7 in sid. CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, whe ...) NOTE: does not affect older 2.16.7 in sid. CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) - bugzilla 2.16.7 CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) - moniwiki 1.0.9 CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduc ...) NOT-FOR-US: Open WorkFlow Engine CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open Wor ...) NOT-FOR-US: Open WorkFlow Engine CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) NOT-FOR-US: Dwc_articles CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows remot ...) - rssh 2.2.2 CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) NOT-FOR-US: ability server CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, a ...) NOT-FOR-US: ability server CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) NOT-FOR-US: pGina CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening exte ...) NOT-FOR-US: Carbon Copy CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allow ...) NOT-FOR-US: UBB.threads CVE-2004-1621 NOT-FOR-US: Lotus Notes CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows remot ...) NOT-FOR-US: Serendipity CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows remote at ...) NOT-FOR-US: Privateer's Bounty: Age of Sail II CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a de ...) NOT-FOR-US: Tonecast CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers ...) {DSA-1077-1 DSA-1076-1} - lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low) - lynx-cur 2.8.6-6 (low) - lynx-ssl CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory con ...) - links 0.99+1.00pre12-1 (bug #296341; low) CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid me ...) NOT-FOR-US: Opera CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service (applicat ...) - mozilla-firefox (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6) NOTE: mozilla-browser 1.7.5-1 also ok CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service (applicat ...) NOTE: example page did not bother firefox 1.0+dfsg.1-6 NOTE: mozilla-browser 1.7.5-1 also ok CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote atta ...) NOT-FOR-US: SalesLogix CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before perfo ...) NOT-FOR-US: SalesLogix CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain fil ...) NOT-FOR-US: SalesLogix CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive info ...) NOT-FOR-US: SalesLogix CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) NOT-FOR-US: SalesLogix CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensiti ...) NOT-FOR-US: SalesLogix CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) NOT-FOR-US: SalesLogix CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by mod ...) NOT-FOR-US: SalesLogix CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbi ...) NOT-FOR-US: not our cpanel CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users t ...) NOT-FOR-US: not our cpanel CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amo ...) - proftpd 1.2.10-4 CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable a ...) NOT-FOR-US: coolphp CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain sensit ...) NOT-FOR-US: CoolPHP CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-s ...) NOT-FOR-US: CoolPHP CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ar ...) NOT-FOR-US: Acrobat CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote at ...) NOT-FOR-US: RIM Blackberry CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remot ...) NOT-FOR-US: 3COM router CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers t ...) NOT-FOR-US: ShixxNote CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) NOT-FOR-US: FuseTalk CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode. ...) NOT-FOR-US: SCT email client CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...) - ocportal (bug #625865) CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM runni ...) NOT-FOR-US: Micronet Wireless Router CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via a ...) NOT-FOR-US: clientexec CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board allo ...) NOT-FOR-US: GoSmart CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote att ...) NOT-FOR-US: GoSmart CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) NOT-FOR-US: Monolith Games CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as "shu ...) NOT-FOR-US: Flash Messaging CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) NOT-FOR-US: Flash Messaging CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows r ...) - wordpress 1.2.1-1.1 CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 an ...) NOT-FOR-US: FTP server in TriDComm CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows rem ...) NOT-FOR-US: BlackBoard CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...) NOT-FOR-US: BlackBoard CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remo ...) NOT-FOR-US: CubeCart CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) NOT-FOR-US: CubeCart CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision Powe ...) NOT-FOR-US: Invision Power Board CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive infor ...) NOT-FOR-US: phplinks CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and e ...) NOT-FOR-US: Judge Dredd CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) - xerces25 2.5.0-4 - xerces24 2.4.0-4 - xerces23 (not affected, see bug #296432) - xerces21 (not affected, see bug #296466) CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote a ...) NOT-FOR-US: Vypress CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set permis ...) NOT-FOR-US: AJ-Fork CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) NOT-FOR-US: AJ-Fork CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: AJ-Fork CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote att ...) NOT-FOR-US: bBlog CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) a ...) NOT-FOR-US: dbPowerAmp CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) NOT-FOR-US: Parachat CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) NOT-FOR-US: Silent Storm Portal CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) NOT-FOR-US: Silent Storm Portal CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) NOT-FOR-US: w-Agora CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) NOT-FOR-US: w-Agora CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a ...) NOT-FOR-US: w-Agora CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) NOT-FOR-US: w-Agora CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers t ...) - icecast2 2.0.2.debian-1 CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Microsoft SQL Server CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 a ...) - wordpress 1.2.2-1.1 CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 th ...) NOT-FOR-US: YahooPOPS CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, mo ...) NOT-FOR-US: MyWebServer CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: MyWebServer CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Messa ...) NOT-FOR-US: BroadBoard Instant ASP Message Board CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex G ...) NOT-FOR-US: @lex GuestBook CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) NOT-FOR-US: aspWebAlbum CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) NOT-FOR-US: aspWebCalendar CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...) NOT-FOR-US: PafileDB CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote at ...) NOT-FOR-US: Motorola Router CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of pass ...) NOT-FOR-US: ActivePost CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost Sta ...) NOT-FOR-US: ActivePost CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote a ...) NOT-FOR-US: ActivePost CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to c ...) NOT-FOR-US: MDaemon CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) - moniwiki 1.0.9-4 CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1. ...) - jspwiki 2.0.52-8 CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cv ...) NOT-FOR-US: KorWeblog CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) NOT-FOR-US: Soldier of Fortune CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote attacke ...) NOT-FOR-US: SecureCRT CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versio ...) NOT-FOR-US: ZyXEL Routers CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ca ...) NOT-FOR-US: Halo: Combat Evolved CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1. ...) NOT-FOR-US: PHPKIT CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) NOT-FOR-US: PHPKIT CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) NOT-FOR-US: Invision Power Board CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...) NOT-FOR-US: Cash Mod module of phpbb2 CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) NOT-FOR-US: ZoneAlarm CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allow ...) NOT-FOR-US: DMS POP3 CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, wh ...) NOT-FOR-US: AppServ CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) NOT-FOR-US: Invision Power Board CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for PHP- ...) NOT-FOR-US: PHP-Nuke CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) NOT-FOR-US: PHP-Nuke CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) NOT-FOR-US: PHP-Nuke CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain c ...) NOT-FOR-US: MSIE CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game pl ...) NOT-FOR-US: Hired Team CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) NOT-FOR-US: Hired Team CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) NOT-FOR-US: Hired Team CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial 2 ...) NOT-FOR-US: Hired Team CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote attacker ...) NOT-FOR-US: Army Men RTS CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mai ...) NOT-FOR-US: Eudora CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authe ...) NOT-FOR-US: IPSwitch IMail CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows r ...) NOT-FOR-US: phpBugTracker CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) NOT-FOR-US: Phorum CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) NOT-FOR-US: Zone Labs IMsecure CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) NOT-FOR-US: phpWebSite CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vB ...) NOT-FOR-US: vBulletin CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) NOT-FOR-US: 04Webserver CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to lo ...) NOT-FOR-US: 04Webserver CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in 0 ...) NOT-FOR-US: 04Webserver CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web browsers ...) NOT-FOR-US: Hotfoon CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying cr ...) - webcalendar 0.9.45-1 CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) - webcalendar 0.9.45-1 CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary l ...) - webcalendar 0.9.45-1 CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) - webcalendar 0.9.45-1 CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar all ...) - webcalendar 0.9.45-1 CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat fi ...) NOT-FOR-US: JAF CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ( ...) NOT-FOR-US: JAF CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) NOT-FOR-US: Sun JRE CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows re ...) NOT-FOR-US: 602 Lan Suite CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) NOT-FOR-US: 602 Lan Suite CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in multipl ...) NOT-FOR-US: Lithtech CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form i ...) NOT-FOR-US: HELM CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) NOT-FOR-US: HELM CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) NOT-FOR-US: Web Forums Server CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Pow ...) NOT-FOR-US: Web Forums Server CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to c ...) NOT-FOR-US: WinRAR CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) NOT-FOR-US: XDICT CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) NOT-FOR-US: Master of Orion CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) NOT-FOR-US: Master of Orion CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME type ...) NOT-FOR-US: Opera CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) NOT-FOR-US: Opera CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to i ...) NOT-FOR-US: Opera CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...) - wget 1.9.1-11 CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...) - wget 1.9.1-11 CVE-2004-9999 REJECTED CVE-2004-9998 REJECTED CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and C ...) NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ma ...) - inetutils (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped) - atftp (atftp checks h_length) - netkit-tftp (netkit-tftp not vulnerable) - tftp-hpa (bug #295297; not exploitable) NOTE: The address length comes from libc, not the network. CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat 1 ...) - socat 1.4.0.3-1 CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...) NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace characte ...) NOT-FOR-US: BNC irc proxy CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12. ...) NOT-FOR-US: Real CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks Com ...) NOT-FOR-US: HP StorageWorks Command View XP CVE-2004-1479 REJECTED CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which a ...) NOT-FOR-US: JRun CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) NOT-FOR-US: JRun CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc ...) - xine-lib 1-rc6 - vlc (affected part of xine-lib code copy not present) - libcdio 0.69 CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...) - xine-lib 1-rc6 - vlc (affected part of xine-lib code copy not present) CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...) NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...) - cvs 1:1.12.9 CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions be ...) NOT-FOR-US: snipsnap CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and othe ...) NOT-FOR-US: SUS CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...) - webmin 1.160 - usermin 1.090 CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0. ...) - egroupware 1.0.00.004 CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes non-ima ...) - gallery 1.4.4-pl2 CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow attacker ...) NOT-FOR-US: WinZip CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a deni ...) NOT-FOR-US: Cisco CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) - moin 1.2.3-1 CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote atta ...) - moin 1.2.3-1 CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a s ...) NOT-FOR-US: Cisco CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when conf ...) NOT-FOR-US: Cisco CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a Lig ...) NOT-FOR-US: Cisco CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access Contr ...) NOT-FOR-US: Cisco CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager 3 ...) NOT-FOR-US: Novell CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary comma ...) - cvstrac 1.1.4-1 CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and e ...) - xine-lib 1-rc5-1.1 - vlc (vulnerable component of xine-lib code copy not present) CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) NOT-FOR-US: Cisco CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, an ...) - glibc 2.3.5 (bug #272210; unimportant) NOTE: according to GOTO Masanori this is not a security problem NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html NOTE: Although not a real issue we should play safe with 2.3.5, where the code NOTE: was reorganized CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions o ...) NOT-FOR-US: Gentoo specific CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar w ...) - mozilla 2:1.6-1 CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) - mozilla 2:1.7.1-1 CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 all ...) - mozilla 2:1.7-1 CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers wi ...) NOT-FOR-US: Jetbox One CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the d ...) NOT-FOR-US: Jetbox One CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewa ...) NOT-FOR-US: ScreenOS CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly earli ...) - nessus-core 2.0.12-1 CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) - roundup 0.7.3-1 CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) - imp3 3.2.5-1 CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) NOT-FOR-US: db2www CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.0 ...) NOT-FOR-US: Board Power CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY b ...) - putty 0.56-1 CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to execut ...) NOT-FOR-US: BlackJumboDog CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier al ...) - subversion 1.0.6-1 CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality i ...) - pavuk 0.9pl28-3.1 CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4. ...) NOT-FOR-US: Cisco CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...) NOT-FOR-US: Cisco CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...) NOT-FOR-US: Cisco CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...) NOT-FOR-US: Cisco CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...) NOT-FOR-US: Cisco CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) NOT-FOR-US: FormMail.php != nms-formmail CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...) NOT-FOR-US: Arcade.php CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times th ...) NOT-FOR-US: ArGoSoft CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user nam ...) NOT-FOR-US: ArGoSoft CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2 ...) NOT-FOR-US: KorWeblog CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) NOT-FOR-US: KorWeblog CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and earl ...) - moodle 1.4.3-1 CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 a ...) - moodle 1.4.3-1 CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP ...) NOT-FOR-US: PHP-Calendar CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sens ...) NOT-FOR-US: WHM AutoPilot CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ( ...) NOT-FOR-US: WHM AutoPilot CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in W ...) NOT-FOR-US: WHM AutoPilot CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlie ...) NOT-FOR-US: ZeroBoard CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlie ...) NOT-FOR-US: WPKontakt CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2 ...) NOT-FOR-US: PsychoStats CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as us ...) NOT-FOR-US: RealOne IE plugin CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) dis ...) NOT-FOR-US: 2Bgal CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow re ...) NOT-FOR-US: Kayako CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...) NOT-FOR-US: Kayako CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a den ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ea ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web App ...) NOT-FOR-US: Image Gallery Web Application CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web Applicati ...) NOT-FOR-US: Image Gallery Web Application CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image Galler ...) NOT-FOR-US: Image Gallery Web Application CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 throug ...) NOT-FOR-US: Ikonboard CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) - mediawiki 1.4.9 (bug #276057) CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime ...) NOT-FOR-US: Attachment Mod for phpBB CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...) NOT-FOR-US: GNU Board CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ex ...) NOT-FOR-US: iWebNegar CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote a ...) NOT-FOR-US: Asp-rider CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to a ...) NOT-FOR-US: ASP Calendar CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) NOT-FOR-US: Attachment Mod for phpBB CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...) NOT-FOR-US: MacOSX CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remo ...) - usemod-wiki 1.0-6 CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ca ...) NOT-FOR-US: Winamp CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) NOT-FOR-US: Lithtech engine CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle w ...) NOT-FOR-US: Solaris CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris for SP ...) NOT-FOR-US: Solaris CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the open ...) - php4 4:4.3.10-3 CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...) NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative Assistan ...) NOT-FOR-US: Veritas NetBackup Administrative Assistant CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS GP ...) - gpsd 2.7-4 CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) - apache 1.3.33-3 CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...) - tikiwiki CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...) - phpgroupware 0.9.16.005-1 (unimportant) NOTE: path disclosure only, path is known on Debian anyway CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0. ...) - phpgroupware 0.9.16.005-1 CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) - phpgroupware 0.9.16.005-1 CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to o ...) - glibc 2.3.2.ds1-19 CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (backgroun ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine xine- ...) {DSA-657-1} - xine-lib 1-rc6a-1 CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...) - jabber 1.4.3-3 (unimportant) NOTE: We do not ship jadc2s. CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) script ...) - a2ps 1:4.13b-4.3 (bug #286387; bug #286385) CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...) NOT-FOR-US: MSIE CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...) NOT-FOR-US: HP-UX CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ex ...) NOT-FOR-US: NetBSD CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...) NOT-FOR-US: Shoutcast CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow loc ...) NOT-FOR-US: IBM DB2 CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote attacke ...) NOT-FOR-US: Oracle CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run w ...) NOT-FOR-US: Oracle CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a deni ...) NOT-FOR-US: Oracle CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...) NOT-FOR-US: Oracle CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that contai ...) NOT-FOR-US: Oracle CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...) NOT-FOR-US: Oracle CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...) NOT-FOR-US: Oracle CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g allo ...) NOT-FOR-US: Oracle CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ex ...) NOT-FOR-US: Oracle CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application Ser ...) NOT-FOR-US: Oracle CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...) NOT-FOR-US: Windows CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when inv ...) NOT-FOR-US: Solaris CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 all ...) NOT-FOR-US: Solaris CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...) NOT-FOR-US: Solaris CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properl ...) NOT-FOR-US: ssh on Solaris CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...) NOT-FOR-US: Solaris CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allo ...) NOT-FOR-US: Solaris CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...) NOT-FOR-US: Solaris CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...) NOT-FOR-US: Solaris CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allo ...) NOT-FOR-US: Solaris CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 thro ...) NOT-FOR-US: Solaris CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server (formerl ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...) - gzip (gzip on Solaris) CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...) NOT-FOR-US: Solaris CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) - xfree86 (xdm on Solaris) - xorg-x11 (xdm on Solaris) CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users t ...) NOT-FOR-US: Solaris CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) NOT-FOR-US: Sun StorEdge Enterprise Storage Manager CVE-2004-1344 REJECTED CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) {DSA-715-1} - cvs 1:1.12.9-12 CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch ...) {DSA-715-1} - cvs 1:1.12.9-12 CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 al ...) {DSA-711-1} - info2www 1.2.2.9-23 (bug #281655) CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...) {DSA-659-1} - libpam-radius-auth 1.3.16-1.1 CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2 ...) NOT-FOR-US: oracle CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...) NOT-FOR-US: oracle CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...) - linux-2.6 (Fixed before upload into archive, 2.6.11) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with p ...) - tetex-bin 2.0.2-25 CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-9 CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel be ...) - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-9 CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with th ...) NOT-FOR-US: hpux CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows r ...) NOT-FOR-US: microsoft CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users t ...) NOT-FOR-US: AIX CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) lsmcod ...) NOT-FOR-US: AIX CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...) NOT-FOR-US: hpux CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious serv ...) NOT-FOR-US: Crystal FTP client CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...) NOT-FOR-US: Ultrix CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft Wi ...) NOT-FOR-US: Microsoft CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow remot ...) NOT-FOR-US: Microsoft CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) NOT-FOR-US: Netbsd CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange ...) NOT-FOR-US: Cisco CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) NOT-FOR-US: Asante FM2008 CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) NOT-FOR-US: Asante FM2008 CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...) NOT-FOR-US: MSIE CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0. ...) {DSA-627-1} - namazu2 2.0.14-1 CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, whe ...) - netcat (only affects netcat in Windows) CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol. ...) - mozilla 2:1.7.5-1 (bug #288047) CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the hi ...) - phpbb2 2.0.10-3 CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by inj ...) NOT-FOR-US: MacOS CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly o ...) NOT-FOR-US: My Firewall Plus CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...) NOT-FOR-US: Microsoft CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c f ...) - mplayer 1.0~pre6a-1 CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) - mplayer 1.0~pre6a-1 CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in demux_bmp ...) - mplayer 1.0~pre6a-1 CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3 ...) {DSA-617-1} - tiff 3.6.1-4 - tiff3 (fixed prior to initial upload) CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...) - tiff 3.7.0 (low) - tiff3 (fixed prior to initial upload) CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...) NOT-FOR-US: Windows CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows 20 ...) NOT-FOR-US: Microsoft CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file bef ...) - file 4.12 CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows remot ...) NOT-FOR-US: Yanf CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attack ...) NOT-FOR-US: YAMT CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for xlread ...) NOT-FOR-US: xlreader CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for xin ...) - xine-lib 1-rc8-1 - vlc (vulnerable component of xine-lib code copy not present) CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum 2.6 ...) NOT-FOR-US: vilistextum CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows r ...) NOT-FOR-US: vb2c CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for un ...) - unrtf 0.19.3-1.1 (bug #287038) CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow loca ...) - groff 1.18.1.1-5 CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in uml-utilit ...) - uml-utilities (uml_net is only executable by users in group uml-net) CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP serve ...) - tnftp 20050625-0.1 (bug #285902; medium) CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2 ...) NOT-FOR-US: rtf2latex2e CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for r ...) NOT-FOR-US: ringtonetools CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the serve ...) NOT-FOR-US: qwik-smtpd CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) NOT-FOR-US: pgn2web CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c an ...) {DSA-625-1} - pcal 4.8.0-1 CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read 0.0. ...) NOT-FOR-US: o3read CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 1. ...) {DSA-623-1} - nasm 0.98.38-1.1 (bug #285889) CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for NapSh ...) NOT-FOR-US: NapShare CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) NOT-FOR-US: mplayer CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for mpg12 ...) NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions - mpg123 0.59r-20 (bug #287043) CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview progr ...) NOT-FOR-US: mview CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp 1.2 ...) {DSA-632-1} - linpopup 1.2.0-7 CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP serv ...) NOT-FOR-US: junkie CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) NOT-FOR-US: junkie CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 a ...) NOT-FOR-US: jpegtoavi CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps 2 ...) NOT-FOR-US: jcabc2ps CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) NOT-FOR-US: IglooFTP CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local u ...) NOT-FOR-US: IglooFTP CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for html2hdm ...) NOT-FOR-US: html2hdml CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote atta ...) NOT-FOR-US: greed NOTE: not the game in debian, the file download tool CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) NOT-FOR-US: greed NOTE: not the game in debian, the file download tool CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) - filter 2.4.2-1.1 CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows r ...) NOT-FOR-US: dxfscope CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure t ...) - cups 1.1.22-2 - cupsys 1.1.22-2 CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it enco ...) - cups 1.1.22-2 - cupsys 1.1.22-2 CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS p ...) - cups 1.1.22-2 - cupsys 1.1.22-2 CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the hp ...) - cups 1.1.22-2 - cupsys 1.1.22-2 CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for c ...) NOT-FOR-US: csv2xml CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) NOT-FOR-US: Convex CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) {DSA-644-1} - chbg 1.5-4 CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, allow ...) NOT-FOR-US: ChangePassword CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) NOT-FOR-US: bsb2ppm CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) NOT-FOR-US: asp2php CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in subs.cp ...) NOT-FOR-US: abctab2ps CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) NOT-FOR-US: abcpp CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) - abcm2ps 4.8.5-1 CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6. ...) NOT-FOR-US: abc2mtex CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) - abcmidi 20050101-1 CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) NOT-FOR-US: 2fax CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: WinRAR CVE-2004-1253 RESERVED CVE-2004-1252 RESERVED CVE-2004-1251 RESERVED CVE-2004-1250 RESERVED CVE-2004-1249 RESERVED CVE-2004-1248 RESERVED CVE-2004-1247 RESERVED CVE-2004-1246 RESERVED CVE-2004-1245 RESERVED CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Microsoft CVE-2004-1243 REJECTED CVE-2004-1242 REJECTED CVE-2004-1241 REJECTED CVE-2004-1240 REJECTED CVE-2004-1239 REJECTED CVE-2004-1238 REJECTED CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit s ...) - linux-2.6 (Apparently Red Hat specific) CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server (N ...) NOT-FOR-US: Netscape Directory Server on HP-UX CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout functio ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high) CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a d ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26) CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a denia ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and re ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...) NOT-FOR-US: Gadu-Gadu CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and e ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gai ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allo ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 thr ...) - mtr 0.67-1 CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows remot ...) NOT-FOR-US: F-Secure Policy Manager CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: weblibs.pl CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...) NOT-FOR-US: weblibs.pl CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and e ...) NOT-FOR-US: Battlefield 1942, Battlefield Vietnam CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the adminis ...) NOT-FOR-US: paFileDB CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Remote Execute CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...) NOT-FOR-US: Hosting Controller CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...) NOT-FOR-US: Kreed CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: Kreed CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote at ...) NOT-FOR-US: Kreed CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced Gues ...) NOT-FOR-US: Advanced Guestbook CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent pr ...) NOT-FOR-US: Blog Torrent CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allo ...) NOT-FOR-US: Mercury Mail CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4. ...) NOT-FOR-US: IpCop CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, do ...) NOT-FOR-US: Verisign Payflow Link CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ca ...) NOT-FOR-US: Orbz CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...) NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in pnTresMail ...) NOT-FOR-US: pnTresMailer CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ga ...) NOT-FOR-US: pnTresMailer CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a deni ...) NOTE: at best a local DOS by the user running fluxbox. NOTE: Where's the security hole? - fluxbox 0.9.11-1 CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug mod ...) NOT-FOR-US: phpCMS CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...) NOT-FOR-US: phpCMS CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service (appli ...) NOT-FOR-US: Opera CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of servic ...) NOTE: memory leak, doubt it's usefully exploitable NOTE: did not followup CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a den ...) NOT-FOR-US: Safari CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: MSIE CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...) NOT-FOR-US: inShop CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...) NOT-FOR-US: Insite Inmail CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to caus ...) NOT-FOR-US: Star Wars Battlefront CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remot ...) NOT-FOR-US: Star Wars Battlefront CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to byp ...) NOT-FOR-US: Prevex Home CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) NOT-FOR-US: Citadel/UX CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed [sarge] - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-6 - linux-2.6 (fixed before initial upload) - linux-2.6.24 (fixed before initial upload) CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c NOTE: has a misleading entry titled "Fix exploitable hole" NOTE: http://www.securityfocus.com/advisories/7579 NOTE: http://xforce.iss.net/xforce/xfdb/18370 NOTE: Response from Marcus Meissner saying the patch was integrated in upstream 2.6.8 NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only NOTE: 2.6.10 is actually fixed, but 2.6.8 is not - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) {DSA-629-1} - krb5 1.3.6-1 CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other packa ...) - xine-lib 1-rc8-1 - mplayer (fixed in 1.0-pre5 which precedes the version included in etch) CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99 ...) - xine-lib 1-rc8-1 - mplayer (fixed in 1.0-pre5 which precedes the version included in etch) CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...) {DSA-654-1} - enscript 1.6.4-6 CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote attack ...) {DSA-654-1} - enscript 1.6.4-6 CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or loc ...) {DSA-654-1} - enscript 1.6.4-6 CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...) {DSA-626-1} - tiff 3.6.1-5 - tiff3 (fixed prior to initial upload) CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfax ...) {DSA-634-1} - hylafax 1:4.2.1-1 CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary fil ...) {DSA-622-1} - htmlheadline CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on littl ...) {DSA-678-1} - netkit-rwho 0.17-8 CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7. ...) {DSA-615-1} - debmake 3.7.7 CVE-2004-1178 RESERVED CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in mailm ...) {DSA-674-1} - mailman 2.1.5-5 CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earl ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute arbitr ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attack ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup blocke ...) NOT-FOR-US: MSIE CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup Exe ...) NOT-FOR-US: Veritas Backup Exec CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1 ...) - kdelibs 4:3.3.1-2 - kdebase 4:3.3.1-3 CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via sh ...) {DSA-612-1} - a2ps 1:4.13b-4.2 (bug #283134) CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...) - maxdb-7.5.00 7.5.00.19-1 CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7. ...) - maxdb-7.5.00 7.5.00.19-1 CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable l ...) NOT-FOR-US: gentoo mirrorselect CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1 ...) NOT-FOR-US: Microsoft CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP comma ...) {DSA-631-1} - kdelibs 4:3.3.2-1 CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 al ...) NOT-FOR-US: Cisco CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ser ...) NOT-FOR-US: Cisco CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict pr ...) - scponly 4.0-1 CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...) - rssh 2.2.3-1 CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote attack ...) NOT-FOR-US: Netscape CVE-2004-1159 REJECTED CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remot ...) - kdelibs 4:3.3.1-3 - kdebase 4:3.3.1-4 CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote attac ...) NOT-FOR-US: Opera CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attacker ...) - mozilla 2:1.7.6-1 - mozilla-firefox 1.0.1 CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof arbi ...) NOT-FOR-US: Microsoft MSIE CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x thr ...) {DSA-701-1} - samba 3.0.10-1 CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0. ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm ...) - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 t ...) NOT-FOR-US: Winamp CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0. ...) NOT-FOR-US: Computer Associates eTrust EZ Antivirus CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) - phpmyadmin 2:2.6.1-rc1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0 NOTE: A very big commit that might include useless changes NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2 CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external t ...) - phpmyadmin 2:2.6.1-rc1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0 NOTE: A very big commit that might include useless changes NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2 CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) - cvstrac 1.1.5 CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) all ...) - kdelibs 4:3.3.2-1 CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD6 ...) NOTE: amd64 specific - kernel-source-2.4.27 2.4.27-9 CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 milli ...) - mailman 2.1.5-5 CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denia ...) {DSA-613-1} - ethereal 0.10.8-1 CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote att ...) - ethereal 0.10.8-1 CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denia ...) - ethereal 0.10.8-1 CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 throug ...) - ethereal 0.10.8-1 CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute arbitr ...) - vim 1:6.3-046+0sarge1 CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel 2. ...) - linux-2.6 (Fixed before upload into the archive) - kernel-source-2.4.27 2.4.27-7 CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other versio ...) NOT-FOR-US: CuteFTP CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remot ...) NOT-FOR-US: WS-Ftpd CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...) NOT-FOR-US: Microsoft CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...) NOT-FOR-US: Microsoft CVE-2004-1132 RESERVED CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer 5.0 ...) NOT-FOR-US: SCO CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5 ...) NOT-FOR-US: CMailServer CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...) NOT-FOR-US: CMailServer CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attac ...) NOT-FOR-US: CMailServer CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ad ...) - opendchub 0.7.14-1.1 (bug #284350; bug #283061) CVE-2004-1126 RESERVED CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...) {DSA-621-1 DSA-619-1} - xpdf 3.00-11 - cupsys 1.1.22-2 - cups 1.1.22-2 - tetex-bin 2.0.2-25 - gpdf 2.8.2-1 - koffice 1:1.3.5-1 CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 al ...) NOT-FOR-US: UnixWare CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows r ...) NOT-FOR-US: Darwin Streaming Server CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive wind ...) NOT-FOR-US: Safari CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the UR ...) NOT-FOR-US: Safari CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c a ...) {DSA-663-1} - prozilla 1:1.3.7.3-1 CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibl ...) NOT-FOR-US: Winamp CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component bef ...) NOT-FOR-US: WodFtpDLX.ocx ActiveX component CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned pr ...) NOT-FOR-US: ChessBrain CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...) NOT-FOR-US: GIMPS CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) pr ...) - setiathome (Gentoo-specific vulnerability) CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype 1.0 ...) NOT-FOR-US: Skype CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service bef ...) - sqlgrey 1.2.0 CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...) NOT-FOR-US: Cisco CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 1 ...) NOT-FOR-US: Cisco CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...) - mtink 1.0.5 NOTE: debian not vulnerable except in edge case CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allo ...) NOT-FOR-US: Kerio Personal Firewall CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overw ...) NOT-FOR-US: Gentoolkit CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to o ...) NOT-FOR-US: Portage CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earl ...) {DSA-642-1} - gallery 1.4.4-pl4-1 CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error messag ...) NOT-FOR-US: Nortel Networks Contivity VPN Client CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...) NOT-FOR-US: Microsoft CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is en ...) NOT-FOR-US: MailPost CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...) NOT-FOR-US: MailPost CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allow ...) NOT-FOR-US: MailPost CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5 ...) NOT-FOR-US: MailPost CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...) NOT-FOR-US: Cisco CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...) - mime-tools 5.415-1 CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string f ...) - cherokee (Fixed before upload into archive) CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...) - libarchive-zip-perl 1.14-1 CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgi ...) {DSA-608-1} - zgv 5.7-1.3 (bug #284124) CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.0 ...) NOT-FOR-US: RealPlayer CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerb ...) NOT-FOR-US: Apple MacOS CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...) NOT-FOR-US: Apple MacOS CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...) NOT-FOR-US: Apple MacOS CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remot ...) NOT-FOR-US: Apple MacOS CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows l ...) NOT-FOR-US: Apple MacOS CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...) NOT-FOR-US: Apple MacOS CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...) NOT-FOR-US: Apple MacOS CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3. ...) NOT-FOR-US: Apple MacOS CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...) NOT-FOR-US: Apple MacOS CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Window ...) NOT-FOR-US: Microsoft CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) - ncpfs 2.2.5-2 CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program Neighborh ...) NOT-FOR-US: Citrix CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...) NOT-FOR-US: Citrix CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...) {DSA-609-1} - atari800 1.3.2-1 CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtm ...) - zope-zwiki 0.37.0-1 CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.4.27 2.4.27-7 CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux k ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.2 ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.2 ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) i ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-6 CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ca ...) - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 (2.6 only issue) [sarge] - kernel-source-2.6.8 2.6.8-11 CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.9) - kernel-source-2.4.27 2.4.27-7 [sarge] - kernel-source-2.6.8 2.6.8-11 CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Serve ...) - cyrus21-imapd (Only affected 2.2 series) CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...) NOT-FOR-US: FreeBSD CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 an ...) - php4 4:4.3.10-1 CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...) - php4 4:4.3.10-1 CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...) - php4 4:4.3.10-1 CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 a ...) - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771) CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, incl ...) - bugzilla 2.16.7-2 CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) d ...) NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2 ...) - mnogosearch 3.2.18-2.2 CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the envi ...) {DSA-1018-1} - linux-2.6 (Fixed before upload into archive; 2.6.10) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ma ...) - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-10 CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not pro ...) - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-8 [sarge] - kernel-source-2.6.8 2.6.8-11 CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6. ...) - phpmyadmin 2:2.6.0-pl3-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2004-3/ CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5 ...) NOT-FOR-US: AIX CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote mal ...) NOT-FOR-US: fetch on FreeBSD CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and poss ...) {DSA-595-1} - bnc CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands b ...) {DSA-596-2} - sudo 1.6.8p3-1 CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote attack ...) NOT-FOR-US: Microsoft CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...) NOT-FOR-US: Microsoft CVE-2004-1048 RESERVED CVE-2004-1047 RESERVED CVE-2004-1046 RESERVED CVE-2004-1045 RESERVED CVE-2004-1044 RESERVED CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to exe ...) NOT-FOR-US: MSIE CVE-2004-1042 RESERVED CVE-2004-1041 RESERVED CVE-2004-1040 RESERVED CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...) NOT-FOR-US: SCO UnixWare CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with phy ...) NOT-FOR-US: IEEE1394 specification bug, physical security CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to execu ...) - twiki 20030201-6 CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded te ...) - squirrelmail 2:1.4.3a-3 CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3 ...) - up-imapproxy 1.2.2+1.2.3rc2-1 CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, whos ...) - kaffeine 0.4.3.1-3 - gxine 0.4-rc1 CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptor ...) - fcron 2.9.5.1-1 CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...) - fcron 2.9.5.1-1 CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...) - fcron 2.9.5.1-1 CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...) - fcron 2.9.5.1-1 CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4 ...) NOT-FOR-US: Sun JRE CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2. ...) NOT-FOR-US: AIX CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line opt ...) {DSA-652-1} - arj (sarge's unarj is from a different code base, probably not vulnerable) CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and e ...) {DSA-628-1 DSA-618-1} - imlib 1.9.14-17.1 (bug #284925) - imlib+png2 1.9.14-16.1 - imlib2 1.1.2-2.1 CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, whic ...) {DSA-618-1} - imlib 1.9.14-17.1 (bug #284925) - imlib+png2 1.9.14-16.1 CVE-2004-1024 RESERVED CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...) NOT-FOR-US: Kerio CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...) NOT-FOR-US: Kerio CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does n ...) NOT-FOR-US: MacOS CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ( ...) - php4 4:4.3.10-1 CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...) - php4 4:4.3.10-1 CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...) - php4 4:4.3.10-1 - php3 3:3.0.18-29 CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} - linux-2.6 (2.4 specific vulnerability) CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to 2. ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-7 CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, wit ...) - cyrus-imapd (cyrus-imapd not vulnerable) - cyrus21-imapd (cyrus21-imapd not vulnerable) CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signa ...) {DSA-606-1} - nfs-utils 1:1.0.6-3.1 CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x th ...) {DSA-597-1} - cyrus-imapd 1.5.19-20 - cyrus21-imapd 2.1.17-1 CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...) {DSA-597-1} - cyrus-imapd 1.5.19-20 - cyrus21-imapd 2.1.17-1 CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...) - cyrus-imapd (cyrus-imapd not vulnerable) - cyrus21-imapd (cyrus21-imapd not vulnerable) CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when us ...) {DSA-624-1} - zip 2.30-8 CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before 0. ...) - putty 0.56-1 CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows rem ...) - bogofilter 0.92.8-1 CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...) {DSA-584-1} - dhcp 2.0pl5-19.1 CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlie ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) 4.5. ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...) NOT-FOR-US: Trend ScanMail CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attack ...) - ppp 2.4.2+20040428-3 CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...) {DSA-585-1} NOTE: Fixed in shadow 1:4.0.3-30.3 for the first time. NOTE: Apparently, the fix was lost somehow, see #309587. NOTE: It was reapplied to sarge before the release, and to sid in NOTE: version 1:4.0.3-35. - shadow 1:4.0.3-35 [sarge] - shadow 1:4.0.3-31sarge5 (bug #309587) CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...) {DSA-630-1} - lintian 1.23.6 (bug #286379; low) CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service (applic ...) {DSA-608-1} - zgv 5.7-1.3 (bug #284124) NOTE: changelog says he only patched 1095, but diff comparison NOTE: shows 0999 was also fixed. CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows rem ...) {DSA-616-1} - netkit-telnet-ssl 0.17.24+0.1-6 CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ke ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (fixed before first upload) CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with predictabl ...) {DSA-610-1} - cscope 15.5-1.1 (bug #282815) NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. CVE-2004-0995 REJECTED CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote attack ...) {DSA-614-1} NOTE: only indication that it's this CVE is in the debian package changelog - xzgv 0.8-3 CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...) {DSA-604-1} - hpsockd 0.14 CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in Proxytun ...) NOT-FOR-US: Proxytunnel CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to e ...) - mpg123 0.59r-19 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain (Minor issue) CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and pos ...) {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} - libgd2 2.0.30-1 - libgd 1.8.4-36.1 CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and p ...) {DSA-582-1} - libxml 1:1.8.17-9 - libxml2 2.6.11-5 CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on Wind ...) NOT-FOR-US: Apple CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 allo ...) {DSA-598-1} - yardradius 1.0.20-15 CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly lo ...) {DSA-580-1} - iptables 1.2.11-4 CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to exe ...) NOT-FOR-US: windows CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils befor ...) - mailutils 1:0.5-4 CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...) {DSA-586-1} - ruby1.8 1.8.1+1.8.2pre2-4 - ruby1.6 1.6.8-12 - ruby CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...) {DSA-578-1} - mpg123 0.59r-18 NOTE: Original fix in -17 was incomplete CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1. ...) {DSA-593-1} - imagemagick 6:6.0.6.2-1.5 (bug #278401) - graphicsmagick 1.1.7-1 CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 th ...) {DSA-592-1} - ez-ipupdate 3.0.11b8-8 CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...) NOT-FOR-US: windows CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX cont ...) NOT-FOR-US: windows CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows ...) {DSA-577-1} - postgresql 7.4.6-1 CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 throu ...) {DSA-620-1} - perl 5.8.4-4 CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...) {DSA-603-1} - openssl 0.9.7e-3 NOTE: -1 claimed to include it, but it was missing CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and poss ...) - netatalk 1.6.4a-1 (low) CVE-2004-0973 REJECTED CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...) {DSA-583-1} - lvm10 1:1.0.8-8 CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ...) NOTE: Not shipped in the krb5 binary package - krb5 (bug #278271; unimportant) - arla 0.36.2-11 CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...) {DSA-588-1} - gzip 1.3.5-8 (bug #259043; bug #257314; medium) CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as us ...) - groff 1.18.1.1-2 CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...) {DSA-636-1} - glibc 2.3.2.ds1-19 CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in ...) - gs-common 0.3.6-0.1 - gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant) NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext packag ...) - gettext 0.14.1-6 CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...) NOT-FOR-US: HP-UX CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...) {DSA-587-1} - zinf (According to DSA-587 not affected, as module was rewritten) - freeamp CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibl ...) NOT-FOR-US: windows CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root w ...) NOT-FOR-US: Apple Remote Desktop Client CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to caus ...) - freeradius 1.0.1 CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...) - freeradius 1.0.1 CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ar ...) - php4 4:4.3.9 CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read se ...) - php4 4:4.3.9 CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...) {DSA-707-1} - mysql-dfsg-4.1 4.1.10a-6 - mysql-dfsg 4.0.24-5 CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of servi ...) - mysql-dfsg (Not vulnerable, http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge) CVE-2004-0955 REJECTED CVE-2004-0954 REJECTED CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...) - jabber (Jabber version 2 is vulnerable, we have an older version that seems not) CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ad ...) NOT-FOR-US: HP-UX CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before C ...) NOT-FOR-US: HP-UX CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) NOT-FOR-US: NetOp Host CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in L ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.9) CVE-2004-0948 REJECTED CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ex ...) {DSA-652-1} NOTE: see http://lwn.net/Alerts/110733/ - arj (sarge's unarj is from a different code base, probably not vulnerable) CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit archi ...) - nfs-utils (does not apply per maintainer) CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...) NOT-FOR-US: Mitel 3300 Integrated Communications Platform CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) NOT-FOR-US: Mitel 3300 Integrated Communications Platform CVE-2004-0943 REJECTED CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) - apache2 2.0.52-2 CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 an ...) {DSA-602-1 DSA-601-1} - libgd2 2.0.33-1.1 - libgd 1.8.4-36.1 CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache 1.3. ...) {DSA-594-1} - apache 1.3.33-2 CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...) NOT-FOR-US: Neoteris Instant Virtual Extranet CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...) - freeradius 1.0.1 CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...) NOT-FOR-US: Sophos Anti-Virus CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection v ...) NOT-FOR-US: RAV antivirus CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote attac ...) NOT-FOR-US: Eset anti-virus CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus prote ...) NOT-FOR-US: Kaspersky antivirus CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 throug ...) NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...) NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...) - maxdb-7.5.00 7.5.00.18 CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ve ...) - samba 3.0.8-1 CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg ...) - tiff3g CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6 ...) NOT-FOR-US: Macromedia CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example se ...) NOT-FOR-US: MacOS CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...) NOT-FOR-US: MacOS CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, do ...) NOT-FOR-US: MacOS CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ro ...) NOT-FOR-US: MacOS CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a devic ...) {DSA-566-1} - cupsys 1.1.20final+rc1-9 - cups 1.1.20final+rc1-9 CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, doe ...) NOT-FOR-US: MacOS CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an A ...) NOT-FOR-US: MacOS CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus o ...) NOT-FOR-US: norton CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to re ...) NOT-FOR-US: FreeBSD CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid We ...) {DSA-576-1} - squid 2.5.7 CVE-2004-0917 (The default installation of Vignette Application Portal installs the d ...) NOT-FOR-US: Vignette Application Portal CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows remo ...) {DSA-574-1} - cabextract 1.1-1 CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporti ...) {DSA-605-1} - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237) CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in X ...) {DSA-607-1} NOTE: Previous -9 fix had some issues of its own - xfree86 4.3.0.dfsg.1-14 (bug #309143) NOTE: lesstif1 and 2 have to be fixed separately - lesstif1-1 1:0.93.94-11.3 (bug #294099) NOTE: but lesstif2 did get fixed for this hole.. - lesstif2 1:0.93.94-11.2 - openmotif 2.2.3-1.1 (bug #309819; medium) [sarge] - openmotif (Non-free) CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514- ...) {DSA-572-1} - ecartis 1.0.0+cvs.20030911-8 CVE-2004-0912 RESERVED CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on D ...) {DSA-569-1 DSA-556-1} - netkit-telnet-ssl 0.17.24+0.1-4 - netkit-telnet 0.17-26 CVE-2004-0910 REJECTED CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the Prev ...) - mozilla-firefox (non-Debian packaging issue) CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox befor ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in nsVCardObj.c ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the Pre ...) - mozilla-firefox 0.10.1+1.0PR - mozilla 2:1.7.3 - mozilla-thunderbird 0.8 CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in Wo ...) NOT-FOR-US: Microsoft CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and Termin ...) NOT-FOR-US: Microsoft CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and Termin ...) NOT-FOR-US: Microsoft CVE-2004-0898 RESERVED CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...) NOT-FOR-US: Windows CVE-2004-0896 RESERVED CVE-2004-0895 RESERVED CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 Ser ...) NOT-FOR-US: Microsoft CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for Win ...) NOT-FOR-US: Microsoft CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is inc ...) NOT-FOR-US: Microsoft CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 all ...) - gaim 1:1.0.2 CVE-2004-0890 REJECTED CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use xp ...) - xpdf 3.00-10 (medium) CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages tha ...) {DSA-599-1 DSA-581-1 DSA-573-1} - koffice 1:1.3.4-1 - tetex-bin 2.0.2-23 - xpdf 3.00-9 - gpdf 2.8.0-1 - kdegraphics 4:3.3.1-1 (bug #280373) - cupsys 1.1.22-6 (bug #324460) - cups 1.1.22-6 (bug #324460) NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6. NOTE: In version 1.1.20final+rc1-10, the dormant code in the source NOTE: package was fixed. CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...) {DSA-1018-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.6.8 2.6.8-10 CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote a ...) {DSA-567-1} - kdegraphics 3.3.2-1 - tiff 3.6.1-2 - tiff3 (fixed prior to initial upload) CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SS ...) - apache2 2.0.52-2 - libapache-mod-ssl 2.8.20-1 CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ea ...) {DSA-568-1 DSA-563-3} - cyrus-sasl - cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553) CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kern ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive, 2.6.10) - kernel-source-2.4.27 2.4.27-6 [sarge] - kernel-source-2.6.8 2.6.8-13 CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x th ...) NOTE: details http://security.e-matters.de/advisories/132004.html - samba 3.0.7 CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...) {DSA-553-1} - getmail 3.2.5-1 CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to over ...) {DSA-553-1} - getmail 3.2.5-1 CVE-2004-0879 RESERVED CVE-2004-0878 RESERVED CVE-2004-0877 RESERVED CVE-2004-0876 RESERVED CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (a ...) - phpgroupware 0.9.16.002 CVE-2004-0874 REJECTED CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execu ...) NOT-FOR-US: apple CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure channel ...) NOT-FOR-US: Opera CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure channe ...) NOTE: upstream knows about the problem, no fix expected NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html NOTE: fix doesn't look likely any time soon CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...) NOTE: upstream knows about the problem, no fix expected NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342 NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html NOTE: fix doesn't look likely any time soon CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an insec ...) NOT-FOR-US: MSIE CVE-2004-0868 REJECTED CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for country-spec ...) - mozilla-firefox 0.9.3 CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for country-spec ...) NOT-FOR-US: MSIE CVE-2004-0865 RESERVED CVE-2004-0864 RESERVED CVE-2004-0863 RESERVED CVE-2004-0862 RESERVED CVE-2004-0861 REJECTED CVE-2004-0860 REJECTED CVE-2004-0859 REJECTED CVE-2004-0858 REJECTED CVE-2004-0857 REJECTED CVE-2004-0856 REJECTED CVE-2004-0855 REJECTED CVE-2004-0854 REJECTED CVE-2004-0853 REJECTED CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute arbit ...) {DSA-611-1} - htget CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...) {DSA-559-1} - net-acct 0.71-7 CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) bef ...) - star 1.5a46 CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...) NOT-FOR-US: GNU Radius CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to exec ...) NOT-FOR-US: microsoft CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...) NOT-FOR-US: microsoft CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...) NOT-FOR-US: microsoft CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content ...) NOT-FOR-US: microsoft CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...) NOT-FOR-US: microsoft CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in navigatio ...) NOT-FOR-US: microsoft CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, al ...) NOT-FOR-US: microsoft CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary pro ...) NOT-FOR-US: microsoft CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft Window ...) NOT-FOR-US: microsoft CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...) NOT-FOR-US: microsoft CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to c ...) {DSA-562-2} - mysql CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...) {DSA-562-2} - mysql CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5 ...) {DSA-562-2} - mysql CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 allo ...) - speedtouch 1.3.1 CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-b ...) {DSA-554-1} - sendmail 8.13.1-13 CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2 ...) - squid 2.5.6-8 CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...) NOT-FOR-US: McAfee CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchan ...) NOT-FOR-US: Microsoft CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...) - samba 2.2.11 CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...) NOTE: not-fos-us (AIX) CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x befo ...) {DSA-547-1} - imagemagick 5:6.0.7.1-1 CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...) NOT-FOR-US: netscape NSS CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3 ...) NOT-FOR-US: Apple CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ove ...) NOT-FOR-US: Apple CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...) NOT-FOR-US: Apple CVE-2004-0822 (Buffer overflow in The Core Foundation framework (CoreFoundation.frame ...) NOT-FOR-US: Apple CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user supp ...) NOT-FOR-US: Apple CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary scrip ...) NOT-FOR-US: winamp CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a gatewa ...) NOT-FOR-US: openbsd CVE-2004-0818 REJECTED CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler al ...) {DSA-548-2} - imlib+png2 1.9.14-16.2 - imlib 1.9.14-17 (bug #285025) CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...) - linux-2.6 (Fixed before upload into archive; 2.6.8) - kernel-source-2.4.27 (2.6 specific issue) CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...) {DSA-600-1} - samba 3.0.6-1 (bug #274342) CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6 ...) - linux-2.6 (Fixed before upload into archive; 2.6.9) [sarge] - kernel-source-2.6.8 2.6.8-8 - kernel-source-2.4.27 2.4.27-7 CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows loca ...) - linux-2.6 (Fixed before upload into archive, 2.6.10) - kernel-source-2.4.27 (Only an issue with botched permissions) CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AM ...) - linux-2.6 (Fixed before upload into archive, 2.6.0-test10) - kernel-source-2.4.27 (2.4 not support for amd64) CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Sa ...) - apache2 2.0.52 CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to c ...) NOT-FOR-US: Netopia Timbuktu CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote attacker ...) {DSA-558-1} - apache2 2.0.51-1 - libapache-mod-dav 1.0.3-10 CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 a ...) - samba 3.0.7 CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of s ...) - samba 3.0.7 CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ro ...) - cdrtools 4:2.0+a34-2 CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) {DSA-564-1} - mpg123 0.59r-16 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain (Minor issue) CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) {DSA-567-1} - kdegraphics 3.3.2-1 - tiff 3.6.1-2 - tiff3 (fixed prior to initial upload) CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...) {DSA-567-1} - kdegraphics 3.3.2-1 - tiff 3.6.1-2 - tiff3 (fixed prior to initial upload) CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...) {DSA-552-1} - imlib2 1.1.0-12.4 CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...) - foomatic-filters 3.0.2 CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...) NOT-FOR-US: Solaris CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...) NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gol ...) NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...) - zlib 1:1.2.1.1-6 [woody] - zlib (zlib 1.1 is not affected) CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ca ...) - spamassassin 2.64 CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...) NOT-FOR-US: IBM DB2 DB2RCMD.EXE CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd befor ...) {DSA-551-1} - lukemftpd 1.1-2.2 (bug #266370) CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...) - bsdmainutils 6.0.15 CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in uti ...) {DSA-538} - rsync 2.6.2-3 CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to cau ...) - kernel-source-2.4.27 (Kernel verifies the TCP sequence nr. on errors, will never abort) - linux-2.6 (Kernel verifies the TCP sequence nr. on errors, will never abort) CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to cau ...) - kernel-source-2.6.8 2.6.8-16 (bug #305664) - kernel-source-2.4.27 2.4.27-10 (bug #305664) CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib 1.0 ...) NOT-FOR-US: DNS impleementations not in Debian CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0. ...) {DSA-549-1 DSA-546-1} - gtk+2.0 2.4.9-2 - gdk-pixbuf 0.22.0-7 CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...) NOT-FOR-US: OpenCA CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache 2.0.5 ...) - apache (not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge) - apache2 2.0.51 CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers t ...) - gaim 1:0.82 CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote attac ...) - gaim 1:0.82 CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...) {DSA-549-1} - gtk+2.0 2.4.9-2 CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...) {DSA-549-1 DSA-546-1} - gtk+2.0 2.4.9-2 - gdk-pixbuf 0.22.0-7 CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast in ...) {DSA-541} - icecast-server 1:1.3.12-8 CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...) NOT-FOR-US: Solaris CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...) - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote att ...) - cvs 1:1.12.9 CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...) - courier 0.45.6-1 (medium; bug #266723) NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite NOTE: mentioned in the bug report. CVE-2004-0776 RESERVED CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...) NOT-FOR-US: Windows CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Wind ...) NOT-FOR-US: Real Helix server CVE-2004-0773 RESERVED CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT ...) {DSA-543-1} - krb5 1.3.4-3 CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may al ...) - lha 1.14i-9 (bug #279870) CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to over ...) - dgen 1.23-6 CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary co ...) - lha 1.14i-9 (bug #279870) CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer of ...) {DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...) NOT-FOR-US: NGSEC StackDefender CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...) NOT-FOR-US: NGSEC StackDefender CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before 0 ...) - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...) - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certi ...) - mozilla-firefox 0.9.3 CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...) - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...) - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a di ...) - mozilla 2:1.7.2 - mozilla-firefox 0.9.3 CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files v ...) - mozilla 2:1.7 CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even wh ...) - mozilla 2:1.7.2 - mozilla-firefox 0.9.3 CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...) - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0756 REJECTED CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and po ...) {DSA-537} - ruby1.8 1.8.1+1.8.2pre1-4 - ruby CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...) - gaim 1:0.82.1-1 CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 be ...) {DSA-546-1} - gdk-pixbuf 0.22.0-7 CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with insecu ...) - openoffice.org 1.1.2-4 CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, wh ...) - apache2 2.0.50-11 CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...) NOT-FOR-US: Red Hat specific CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not prop ...) - subversion 1.0.9-2 CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...) - apache2 2.0.51 CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to gai ...) [sarge] - apache2 - apache2 2.0.51 CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...) [sarge] - kdelibs 4:3.2.3-3.sarge.1 - kdelibs 4:3.3 CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands vi ...) - lha 1.14i-10 (bug #279870) CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows remot ...) NOT-FOR-US: MacOS CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the PO ...) NOT-FOR-US: MacOS CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote aut ...) NOT-FOR-US: Sun Java System Portal Server CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ca ...) NOT-FOR-US: LionMax Software WWW File Share Pro CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows remot ...) NOT-FOR-US: Lexmark CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...) NOT-FOR-US: Whisper FTP Surfer CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in Php-Nuk ...) NOT-FOR-US: phpnuke CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the Sear ...) NOT-FOR-US: phpnuke CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain sensitiv ...) NOT-FOR-US: phpnuke CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlie ...) NOT-FOR-US: various windows games CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: Web_Store.cgi CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...) NOT-FOR-US: OllyDbg CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for Php- ...) NOT-FOR-US: phpnuke CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search mo ...) NOT-FOR-US: phpnuke CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 all ...) - phpbb2 2.0.10 CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...) - phpbb2 2.0.10 CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management Se ...) NOT-FOR-US: Microsoft CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...) NOT-FOR-US: Microsoft CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows remo ...) NOT-FOR-US: Microsoft CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 a ...) - moodle 1.4 CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to cau ...) NOT-FOR-US: Half Life CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) Netsca ...) - mozilla 2:1.6 CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...) [sarge] - kdebase 4:3.2.3-1.sarge.1 [sarge] - kdelibs 4:3.2.3-3.sarge.1 - kdelibs 4:3.3.0-1 - kdebase 4:3.3.0-1 CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from inje ...) NOT-FOR-US: Safari CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, an ...) NOT-FOR-US: Microsoft CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netsca ...) {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent NOTE: upstream versions became vulnerable again, see NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850 NOTE: and were fixed again, it got CVE-2005-1937 for the reversion - mozilla 2:1.7.10-1 (medium) - mozilla-firefox 1.0.6-1 (medium) CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...) NOT-FOR-US: opera 7.50 CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ( ...) NOT-FOR-US: HP-UX CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and WebLo ...) NOT-FOR-US: BEA WebLogic Server and WebLogic Express CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...) NOT-FOR-US: Cisco CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLo ...) NOT-FOR-US: BEA WebLogic Server and WebLogic Express CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in Win ...) NOT-FOR-US: BEA WebLogic Server CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches il ...) NOT-FOR-US: BEA WebLogic Server CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...) NOT-FOR-US: Cisco CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode UT ...) NOT-FOR-US: HP OpenView Select Access CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...) - moin 1.2.2 CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...) - bugzilla 2.16.7-0.1 CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, wh ...) [woody] - bugzilla (Only 2.17.* versions are vulnerable) [sarge] - bugzilla (Only 2.17.* versions are vulnerable) - bugzilla 2.18-1 CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) editcompone ...) - bugzilla 2.16.7-0.1 CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bug ...) - bugzilla 2.16.7-0.1 CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla 2.17. ...) [woody] - bugzilla (Only 2.17.* versions are vulnerable) [sarge] - bugzilla (Only 2.17.* versions are vulnerable) - bugzilla 2.18-1 CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password i ...) [woody] - bugzilla (Only 2.17.* versions are vulnerable) [sarge] - bugzilla (Only 2.17.* versions are vulnerable) - bugzilla 2.18-1 CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 do ...) NOT-FOR-US: Solaris CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function i ...) {DSA-532} - libapache-mod-ssl 2.8.19-1 CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point VP ...) NOT-FOR-US: Check Point VPN CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify arb ...) NOT-FOR-US: WebSTAR CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote at ...) NOT-FOR-US: WebSTAR CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows rem ...) NOT-FOR-US: WebSTAR CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 an ...) NOT-FOR-US: WebSTAR CVE-2004-0694 (Buffer overflow in LHA 1.14 and earlier allows remote attackers to cau ...) - lha 1.14i-10 (bug #279870) CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote atta ...) {DSA-542-1} - qt-x11-free 3:3.3.3-4 - qt-copy CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote atta ...) {DSA-542-1} - qt-x11-free 3:3.3.3-4 - qt-copy CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT l ...) {DSA-542-1} - qt-x11-free 3:3.3.3-4 - qt-copy CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain una ...) [sarge] - kdelibs 4:3.2.3-3.sarge.1 - kdelibs 4:3.3.0-1 CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...) {DSA-539} - kdelibs 4:3.3.0-1 CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in parse ...) {DSA-561-1 DSA-560-1} NOTE: Matej Vela has checked that these are backported to lesstif1 as well - lesstif1-1 1:0.93.94-10 - openmotif 2.2.3-1.1 (bug #308819; low) [sarge] - openmotif (Non-free) - xfree86 4.3.0.dfsg.1-8 - xorg-x11 (Fixed before introduction into archive) CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c ...) {DSA-561-1 DSA-560-1} NOTE: Matej Vela has checked that these are backported to lesstif1 as well - lesstif1-1 1:0.93.94-10 - openmotif 2.2.3-1.1 (bug #308819; low) [sarge] - openmotif (Non-free) - xfree86 4.3.0.dfsg.1-8 - xorg-x11 (Fixed before introduction into archive) CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...) - samba 3.0.5 (bug #260839; bug #260838) CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user funct ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...) NOT-FOR-US: WebSphere Edge Server CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cau ...) NOT-FOR-US: Norton CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other v ...) NOT-FOR-US: Comersus Cart CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_cu ...) NOT-FOR-US: Comersus Cart CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be acce ...) NOT-FOR-US: Zoom DSL modem CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly othe ...) NOT-FOR-US: UnrealIRCd CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Plan ...) NOT-FOR-US: 12Planet Chat Server CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attac ...) NOT-FOR-US: Fastream NETFile FTP Server CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6 ...) NOT-FOR-US: Fastream NETFile FTP Server CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32w ...) NOT-FOR-US: c32web.exe CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware 7.0. ...) NOT-FOR-US: Enterasys XSR-1800 series Security Routers CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4. ...) NOT-FOR-US: SCI Photo Chat Server CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...) NOT-FOR-US: Netegrity IdentityMinder Web Edition CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote atta ...) NOT-FOR-US: Brightmail Spamfilter CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote attacker ...) NOT-FOR-US: Rompager CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authent ...) NOT-FOR-US: Lotus CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a de ...) NOT-FOR-US: Lotus CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows acces ...) NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable. - kernel-patch-adamantix 1.6 CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allow ...) NOT-FOR-US: popclient CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive informati ...) NOT-FOR-US: csFAQ CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x al ...) NOT-FOR-US: PowerPortal CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...) NOT-FOR-US: PowerPortal CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...) NOT-FOR-US: PowerPortal CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware 2. ...) NOT-FOR-US: D-Link AirPlus DI-614+ CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...) NOT-FOR-US: CuteNews CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 a ...) - mplayer (fixed before upload in archive; 1.0pre5) CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly report ...) - linux-2.6 (Invalid, according to Ben Collins) - kernel-source-2.4.27 (Invalid, according to Ben Collins) CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP se ...) - ntp 4.0 CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows remot ...) - pure-ftpd 1.0.19-1 CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ar ...) NOT-FOR-US: Gentoo specific CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when configu ...) NOT-FOR-US: Solaris CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 o ...) NOT-FOR-US: Solaris CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...) NOT-FOR-US: BEA WebLogic Server and WebLogic Express CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 thro ...) NOT-FOR-US: Sun JRE CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...) NOT-FOR-US: Cisco CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow remot ...) {DSA-530} - l2tpd 0.70-pre20031121-2 CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird be ...) - mozilla 2:1.7.1 - mozilla-firefox 0.9.2 - mozilla-thunderbird 0.7.2 CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local u ...) - shorewall 2.0.3a CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 we ...) NOT-FOR-US: JRun CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...) {DSA-579-1 DSA-550-1} - abiword 2.0.8 - wv 1.0.2-0.1 (bug #264972) NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660 CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT Ker ...) {DSA-543-1} - krb5 1.3.4-3 CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT Kerbero ...) {DSA-543-1} - krb5 1.3.4-3 CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 decod ...) {DSA-543-1} - krb5 1.3.4-3 CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and poss ...) NOT-FOR-US: Thomson hardware ADSL router CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in telnetd. ...) {DSA-529} - netkit-telnet-ssl 0.17.24+0.1-2 CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1. ...) {DSA-535} - squirrelmail 2:1.4.3a-0.1 CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package (db ...) NOT-FOR-US: Oracle CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to e ...) NOT-FOR-US: Oracle CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler f ...) NOT-FOR-US: AOL Instant Messenger CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote att ...) {DSA-528} - ethereal 0.10.5-1 CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows re ...) - ethereal 0.10.5 [woody] - ethereal (Not vulnerable according to DSA-528) CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote at ...) - ethereal 0.10.5 [woody] - ethereal (Not vulnerable according to DSA-528) CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when splitti ...) NOT-FOR-US: adobe reader CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0 ...) NOT-FOR-US: adobe acrobat CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Uni ...) NOT-FOR-US: adobe acrobat CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5 ...) NOT-FOR-US: adobe acrobat CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allo ...) - mysql (Apparently 3.2 not exploitable, see #330164) - mysql-dfsg (Apparently 4.0 not exploitable, see #330164) - mysql-dfsg-4.1 (fixed before first upload; in 4.1.3) - mysql-dfsg-5.0 (fixed before first upload; in 5.0.0) CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) - mysql (Apparently 3.2 not exploitable, see #330164) - mysql-dfsg (Apparently 4.0 not exploitable, see #330164) - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium) - mysql-dfsg-5.0 (Was fixed before MySQL 5.0 was uploaded into the archive) CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux kerne ...) [sarge] - kernel-source-2.6.8 2.6.8-1 - kernel-source-2.4.27 - linux-2.6 (Fixed before upload into archive; 2.6.8) CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote attacker ...) NOT-FOR-US: Infinity WEB CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic link ...) NOT-FOR-US: Artmedic links CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remo ...) {DSA-590-1} - gnats 4.0-6.1 CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does no ...) NOT-FOR-US: MacOS CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain administra ...) NOT-FOR-US: Newsletter ZWS CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ne ...) NOT-FOR-US: vBulletin CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom 582 ...) NOT-FOR-US: Linux Broadcom 5820 cryptonet driver NOTE: does not seem to be part of linux kernel or other package CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a deni ...) NOT-FOR-US: freebsd CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remo ...) NOT-FOR-US: ArbitroWeb CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP com ...) NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...) NOT-FOR-US: D-Link DI-614+ SOHO router CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the up ...) NOT-FOR-US: osTicket CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...) NOT-FOR-US: osTicket CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mo ...) NOT-FOR-US: ZoneAlarm Pro CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote at ...) NOT-FOR-US: Netgear FVS318 VPN Router CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router a ...) NOT-FOR-US: Microsoft MN-500 Wireless Router CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...) - rssh 2.2.1 CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...) NOT-FOR-US: Unreal Engine CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies c ...) - ipsec-tools 0.3.3-1 CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running f ...) NOT-FOR-US: Infoblox DNS One CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...) NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug". CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...) NOT-FOR-US: giFT-FastTrack not in debian CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the crea ...) - gzip (Gentoo-specific bug in gzip introduced by botched security fix) CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not properl ...) NOT-FOR-US: FreeBSD CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not interpr ...) - distcc 2.18.1-4 CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3 ...) - samba 3.0.5 (bug #260838) CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...) {DSA-571-1 DSA-570-1 DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...) {DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in mult ...) {DSA-536} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in L ...) - linux-2.6 (Fixed before upload into archive) CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3 ...) {DSA-669-1 DSA-531} - php3 3:3.0.18-27 - php4 4:4.3.8-1 CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5 ...) {DSA-669-1 DSA-531} - php4 4:4.3.8-1 CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before aut ...) NOT-FOR-US: Sygate Enforcer CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in th ...) NOT-FOR-US: linux 2.4 with usagi patches CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc functi ...) {DSA-533} - courier 0.45.4-4 CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including superfrees ...) - freeswan 2.04-10 - openswan 2.2.0 CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when co ...) NOT-FOR-US: Cisco CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for Us ...) - usermin 1.090-1 CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Lin ...) - qla2x00 7.01.01-1 CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Windows CVE-2004-0585 REJECTED CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "securi ...) - imp3 3.2.4 CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...) {DSA-526} - usermin 1.090-1 - webmin 1.150-1 CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to bypas ...) {DSA-526} - usermin 1.090-1 - webmin 1.150-1 CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...) NOT-FOR-US: Mandrake script CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Rout ...) NOT-FOR-US: Linksys routers CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...) {DSA-522} - super 3.23.0-1 CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions s ...) NOT-FOR-US: Wingate CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions s ...) NOT-FOR-US: Wingate CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...) NOT-FOR-US: GNU radius CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...) NOT-FOR-US: Windows CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft Windo ...) NOT-FOR-US: Windows CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on Offi ...) NOT-FOR-US: Windows CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) m ...) NOT-FOR-US: Windows CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ce ...) NOT-FOR-US: Microsoft CVE-2004-0570 RESERVED CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote att ...) NOT-FOR-US: Windows CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP ...) NOT-FOR-US: HyperTerminal CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...) NOT-FOR-US: Windows CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote attacker ...) NOT-FOR-US: Windows CVE-2004-0565 (Floating point information leak in the context switch code for Linux 2 ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 - linux-2.6 (fixed before first upload) CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run set ...) {DSA-557-1} - rp-pppoe 3.5-4 (bug #343264) CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before 1 ...) {DSA-555-1} - freenet6 1.0-2.2 CVE-2004-0562 REJECTED CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon (goph ...) {DSA-638-1} - gopher 3.0.6 NOTE: removed, deprecated in favor of pygopherd CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attack ...) {DSA-638-1} - gopher 3.0.6 NOTE: removed, deprecated in favor of pygopherd CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users t ...) {DSA-544-1} - webmin 1.160-1 - usermin 1.090-1 CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before 1.1 ...) {DSA-545-1} - cups 1.1.20final+rc1-6 - cupsys 1.1.20final+rc1-6 CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...) {DSA-565-1} - sox 12.17.4-9 (bug #262083) CVE-2004-0556 REJECTED CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) {DSA-643-1} - queue 1.30.1-5 CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a den ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 2.4.27-1 - linux-2.6 2.6.12-1 (bug #261521) CVE-2004-0553 RESERVED CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle f ...) NOT-FOR-US: Sophos Small Business Suite CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX ...) NOT-FOR-US: Cisco CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...) NOT-FOR-US: Real Player CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML renderin ...) NOT-FOR-US: Windows CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress functi ...) - aspell 0.50.5-3 CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...) {DSA-516} - postgresql 07.03.0200-3 CVE-2004-0546 RESERVED CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary file ...) NOT-FOR-US: AIX CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...) NOT-FOR-US: AIX CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...) NOT-FOR-US: Oracle CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...) - php4 (Only affects Windows) CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...) - squid 2.5.5-5 CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...) NOT-FOR-US: Windows CVE-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X 10.3 ...) NOT-FOR-US: MacOS CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers a ...) NOT-FOR-US: MacOS CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...) NOT-FOR-US: Opera CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...) - tripwire 2.3.1.2.0-2.1 CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) - kernel-source-2.4.27 2.4.27-1 - linux-2.6 (fixed before first upload; 2.6.6) CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) NOT-FOR-US: Business Objects WebIntelligence CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces acc ...) NOT-FOR-US: Business Objects WebIntelligence CVE-2004-0532 RESERVED CVE-2004-0531 RESERVED CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...) - php4 (Slackware specific rpath issue) CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...) NOT-FOR-US: cPanel is not our cpanel CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate U ...) NOT-FOR-US: Netscape Navigator 7.1 CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legit ...) - kdebase 2.2.3 CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote attacke ...) NOT-FOR-US: Windows CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 all ...) NOT-FOR-US: iLO CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin be ...) NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...) {DSA-520} - krb5 1.3.3-2 CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass authentica ...) {DSA-512} - gallery 1.4.3-pl2-1 CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows re ...) {DSA-535} - squirrelmail 2:1.4.3a-0.1 CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...) {DSA-535} - squirrelmail 2:1.4.3a-0.1 CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...) {DSA-535} - squirrelmail 2:1.4.3a-0.1 CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...) NOT-FOR-US: MacOS CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of proc ...) NOT-FOR-US: MacOS CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package installa ...) NOT-FOR-US: MacOS CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to " ...) NOT-FOR-US: MacOS CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to " ...) NOT-FOR-US: MacOS CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...) NOT-FOR-US: MacOS CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7 ...) NOT-FOR-US: SCO MMDF CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7 ...) NOT-FOR-US: SCO MMDF CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and p ...) NOT-FOR-US: SCO MMDF CVE-2004-0509 RESERVED CVE-2004-0508 RESERVED CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 al ...) - ethereal 0.10.4 CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attacke ...) - ethereal 0.10.4 CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...) - ethereal 0.10.4 CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ( ...) - ethereal 0.10.4 CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default z ...) NOT-FOR-US: Microsoft CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...) NOT-FOR-US: Microsoft CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access restric ...) NOT-FOR-US: Microsoft CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...) - gaim 1:0.81-3 CVE-2004-0499 REJECTED CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlie ...) NOT-FOR-US: StoneSoft firewall engine CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to mod ...) - kernel-source-2.4.27 2.4.27-1 - linux-2.6 (fixed before first upload; 2.6.8) CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...) NOTE: fixed in 2.6.7 CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow loc ...) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.27-rc1) CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) bef ...) - gnome-vfs 1.0.1 CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows re ...) - apache2 2.0.50-1 CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3 ...) {DSA-525} - apache 1.3.31-2 CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not pr ...) NOTE: appears redhat specific CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec op ...) NOT-FOR-US: cPanel is not our cpanel CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...) NOT-FOR-US: MacOS CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function i ...) {DSA-532} - apache2 2.0.50-1 - libapache-mod-ssl 2.8.19-1 CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows rem ...) NOT-FOR-US: Norton CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...) NOT-FOR-US: MacOS CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 1 ...) NOT-FOR-US: MacOS CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attac ...) NOT-FOR-US: Microsoft CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...) NOT-FOR-US: IRIX CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs. ...) NOT-FOR-US: OpenBSD CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...) NOT-FOR-US: the KCMS on Solaris CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allo ...) NOT-FOR-US: Lotus Notes CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Microsoft CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial o ...) NOTE: only a Mozilla DOS CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router all ...) NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 a ...) NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...) NOT-FOR-US: Microsoft CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or execut ...) NOT-FOR-US: Help Center (HelpCtr.exe) CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not properl ...) NOT-FOR-US: opera CVE-2004-0472 REJECTED CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 throu ...) NOT-FOR-US: BEA WebLogic CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 throu ...) NOT-FOR-US: BEA WebLogic CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...) NOT-FOR-US: Check Point VPN CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows rem ...) NOT-FOR-US: Juniper JUNOS CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...) NOT-FOR-US: Juniper JUNOS CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote att ...) NOT-FOR-US: WebConnect CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 an ...) NOT-FOR-US: WebConnect CVE-2004-0464 REJECTED CVE-2004-0463 REJECTED CVE-2004-0462 (The built-in web servers for multiple networking devices do not set th ...) NOT-FOR-US: Multiple embedded hardware vendors CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when com ...) - dhcp3 3.0.1 CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...) - dhcp3 3.0.1 CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wirele ...) NOT-FOR-US: DOS in 802.11 protocol CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ser ...) {DSA-503} - mah-jong 1.6.2-1 CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the sc ...) {DSA-540} - mysql-dfsg 4.0.20-11 - mysql CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ot ...) {DSA-527} - pavuk 0.9pl28-3 (bug #264684) CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...) {DSA-523} - www-sql 0.5.7-18 CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allow ...) {DSA-524} - rlpr 2.02-7.1 (bug #255402) CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in VI ...) - vice 1.14-2 CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...) {DSA-1678-1 DSA-620-1} - perl 5.8.4-5 CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...) {DSA-521} - sup 1.8-11 CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail befor ...) {DSA-513} - log2mail 0.2.8-3 CVE-2004-0449 REJECTED CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) {DSA-510} - jftpgw 0.13.4-1 CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local use ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26) CVE-2004-0446 RESERVED CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and Profess ...) NOT-FOR-US: Norton CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Se ...) NOT-FOR-US: Norton CVE-2004-0443 RESERVED CVE-2004-0442 RESERVED CVE-2004-0441 RESERVED CVE-2004-0440 RESERVED CVE-2004-0439 RESERVED CVE-2004-0438 RESERVED CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions b ...) NOT-FOR-US: Titan FTP Server CVE-2004-0436 RESERVED CVE-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD 5.2. ...) NOT-FOR-US: FreeBSD CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute arbi ...) {DSA-504} - heimdal 0.6.2-1 CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) c ...) - mplayer 1.0~pre6a-1 - xine-lib 1-rc4 CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...) - proftpd 1.2.9-4 CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allow ...) NOT-FOR-US: Apple QuickTime CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) NOT-FOR-US: MacOS CVE-2004-0429 (Unknown vulnerability related to "the handling of large requests" in R ...) NOT-FOR-US: RAdmin for Mac OS X CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) NOT-FOR-US: Mac OS X) CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2. ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload of linux-2.6 package into the archive; 2.6.6) - kernel-source-2.4.27 (Fixed before upload of package into the archive; 2.4.26) CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a rea ...) {DSA-499} - rsync 2.6.1-1 CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows re ...) NOT-FOR-US: windows CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...) NOTE: fixed after 2.6.4/2.4.26 kernel CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...) - ssmtp (unimportant) NOTE: bug still exists in the ssmtp source, but is only activated if NOTE: --enable-logfile is used in ./configure NOTE: The package doesn't enable that flag so it is safe. CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows lo ...) {DSA-500} - flim 1:1.14.6+0.20040415-1 CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier allo ...) {DSA-498} - libpng 1.0.15-5 - libpng3 1.2.5.0-6 CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT 4. ...) NOT-FOR-US: windows CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.r ...) [sarge] - xfree86 (vulnerable code not present) - xdm (vulnerable code not present) CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...) {DSA-519} - cvs 1:1.12.9-1 CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_d ...) {DSA-519} - cvs 1:1.12.9-1 CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...) {DSA-519} - cvs 1:1.12.9-1 CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.27-rc6) CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not proper ...) {DSA-517} - cvs 1:1.12.9-1 CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn:/ ...) - subversion 1.0.5-1 CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...) - mailman 2.1.4-5 CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properl ...) {DSA-518} - kdelibs 4:3.2.3 CVE-2004-0410 REJECTED CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...) {DSA-493} - xchat 2.0.8-1 CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident daem ...) {DSA-494} - ident2 1.04-2 CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) NOT-FOR-US: ColdFusion CVE-2004-0406 REJECTED CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) {DSA-486} - cvs 1:1.12.5-4 (medium) CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...) {DSA-488} - logcheck 1.1.1-13.2 CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of s ...) - ipsec-tools 0.3.1-3 CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other v ...) {DSA-508} - xpcd 2.08-10 CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...) - libtasn1 0.1.2-2 CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the headers_ch ...) {DSA-502 DSA-501} - exim 3.36-11 - exim4 4.33-1 - exim-tls CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...) {DSA-502 DSA-501} - exim 3.36-11 - exim4 4.33-1 - exim-tls CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing functi ...) {DSA-507 DSA-506} - cadaver 0.22.1-3 - neon 0.24.6.dfsg-1 CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in S ...) - subversion 1.0.3-1 (bug #249791) CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...) {DSA-505} - cvs 1:1.12.5-6 CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root pr ...) {DSA-509} - gatos 0.0.5-12 CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon (rlprd ...) {DSA-524} - rlpr 2.02-7.1 (bug #255402) CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of s ...) - apache 1.3.31-2 CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) NOT-FOR-US: Cisco CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style acce ...) NOT-FOR-US: SCO OpenServer CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote atta ...) NOT-FOR-US: RealNetworks Helix Universal Server CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite arbit ...) {DSA-483} - mysql-dfsg 4.0.18-6 CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8 ...) NOT-FOR-US: RealPlayer plugin CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0. ...) - mplayer 1.0~pre6a-1 CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9 ...) NOT-FOR-US: Oracle 9i Application Server Web Cache CVE-2004-0384 RESERVED CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unk ...) NOT-FOR-US: Mail for Mac OS X CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 a ...) NOT-FOR-US: CUPS printing system in Mac OS X CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...) {DSA-483} - mysql-dfsg 4.0.18-4 CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 throug ...) NOT-FOR-US: Microsoft Outlook Express CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Share ...) NOT-FOR-US: Microsoft SharePoint Portal Server 2001 CVE-2004-0378 REJECTED CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's Activ ...) - perl (Win32 specific) CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of s ...) {DSA-473} - oftpd 20040304-1 (bug #353882) CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...) NOT-FOR-US: Symantec Norton Internet Security CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the conten ...) {DSA-471} - interchange 5.0.1-1 CVE-2004-0373 RESERVED CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink att ...) {DSA-477} - xine-ui 0.99.1-1 CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly pe ...) {DSA-476} - heimdal 0.6.1-1 CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used i ...) NOT-FOR-US: KAME CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) NOT-FOR-US: Entrust LibKmp ISAKMP library CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and oth ...) NOT-FOR-US: CDE CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) - ethereal 0.10.3 (bug #239576) [woody] - ethereal (Not vulnerable per DSA-511) CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 a ...) {DSA-469} - pam-pgsql 0.5.2-7.1 NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9 CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for Ethe ...) - ethereal 0.10.3 (bug #239576) [woody] - ethereal (Not vulnerable per DSA-511) CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Securi ...) NOT-FOR-US: WrapNISUM ActiveX CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component (sy ...) NOT-FOR-US: SymSpamHelper ActiveX CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of t ...) NOT-FOR-US: ISS Protocol Analysis Module CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote attacker ...) NOT-FOR-US: safari CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...) NOT-FOR-US: solaris CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision Pow ...) NOT-FOR-US: Invision Power Board CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...) NOT-FOR-US: VirtuaNews Admin Panel CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attacke ...) NOT-FOR-US: SL Mail Pro CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain sensiti ...) NOT-FOR-US: Invision Power Board CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6 ...) NOT-FOR-US: GNU Anubis CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU A ...) NOT-FOR-US: GNU Anubis CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x ...) NOT-FOR-US: Cisco CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...) NOT-FOR-US: Spider Sales CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the pr ...) NOT-FOR-US: Spider Sales CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remot ...) NOT-FOR-US: GWeb HTTP Server CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ca ...) NOT-FOR-US: SpiderSales CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 th ...) - proftpd 1.2.9 CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote s ...) NOT-FOR-US: Red Faction CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5. ...) NOT-FOR-US: YaBB SE CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...) NOT-FOR-US: YaBB SE CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled ...) NOT-FOR-US: WFPTD CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...) NOT-FOR-US: WFPTD CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Se ...) NOT-FOR-US: WFPTD CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, po ...) - phpbb2 2.0.6d CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum all ...) NOT-FOR-US: Invision Board Forum CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...) NOT-FOR-US: 602LAN SUITE CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory brows ...) NOT-FOR-US: 602LAN SUITE CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic Authoriza ...) NOT-FOR-US: AXIS 2100 CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...) - uudeview 0.5.20 (medium) CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all d ...) NOT-FOR-US: extremail CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...) NOT-FOR-US: Dell OpenManage Web Server CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticat ...) NOT-FOR-US: Serv-U CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: FreeChat CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 al ...) NOT-FOR-US: Gigabyte Broadband Router CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager 1 ...) NOT-FOR-US: PhpNewsManager CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...) NOT-FOR-US: GateKeeper Pro CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a d ...) NOT-FOR-US: TypSoft CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute arbit ...) NOT-FOR-US: confirm 0.70 CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remo ...) NOT-FOR-US: xmb 1.8 final sp2 CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final S ...) NOT-FOR-US: xmb 1.8 final sp2 CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Team Factor CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7. ...) NOT-FOR-US: ezBoard CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID e ...) NOT-FOR-US: Load Sharing Facility CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x al ...) NOT-FOR-US: Load Sharing Facility CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a d ...) NOT-FOR-US: Avirt CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...) NOT-FOR-US: Avirt CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 a ...) NOT-FOR-US: WebzEdit CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a de ...) NOT-FOR-US: PSOProxy CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP re ...) NOT-FOR-US: LINKSYS CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...) NOT-FOR-US: APC CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 al ...) NOT-FOR-US: LiveJournal CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 befo ...) NOT-FOR-US: cisco CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex Web ...) NOT-FOR-US: WebCortex WebStores CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...) NOT-FOR-US: WebCortex WebStores CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via absol ...) NOT-FOR-US: OWLS 1.0 CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...) NOT-FOR-US: OWLS 1.0 CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...) NOT-FOR-US: Online Store Kit CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote atta ...) NOT-FOR-US: Online Store Kit CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...) NOT-FOR-US: smallftpd; CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service (C ...) NOT-FOR-US: CesarFTP; Win32 CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) NOT-FOR-US: Broker FTP 6.1.0.0; Win32 CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...) NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32 CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists o ...) NOT-FOR-US: yabb; CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote att ...) NOT-FOR-US: ShopCartCGI 2.3; CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote atta ...) NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32 CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 al ...) NOT-FOR-US: YaBB; CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game se ...) NOT-FOR-US: Purge Jihad; CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...) NOT-FOR-US: SignatureDB; CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...) - mnogosearch 3.2.18 NOTE: it's not quite clear which version exactly fixes the problem; NOTE: I checked the source code of the most recent version and compared NOTE: it with the problematic section described in the advisory NOTE: (http://marc.info/?l=bugtraq&m=107695139930726&w=2) NOTE: and I can confirm the buffer overflow is fixed there CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a de ...) NOT-FOR-US: Xlight FTP server 1.52; CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers ...) NOT-FOR-US: RobotFTP; CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...) NOT-FOR-US: PHP scripts CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) NOT-FOR-US: MSIE bugs CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a sy ...) NOT-FOR-US: mailmgr; CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: Crob FTP; CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain sensiti ...) NOT-FOR-US: Caucho Technology Resin; CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP sou ...) NOT-FOR-US: Caucho Technology Resin; CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...) NOT-FOR-US: AIMSniff; CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, Lea ...) NOT-FOR-US: Ratbag game engine; CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...) NOT-FOR-US: Dream FTP; CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 a ...) NOT-FOR-US: BosDates; CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...) NOT-FOR-US: MaxWebPortal; CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal al ...) NOT-FOR-US: MaxWebPortal; CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...) NOT-FOR-US: PHP-Nuke; CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote att ...) NOT-FOR-US: EvolutionX; CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust I ...) NOT-FOR-US: eTrust InoculateIT; CVE-2004-0266 (SQL injection vulnerability in the "public message" capability (public ...) NOT-FOR-US: PHP-Nuke; CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6 ...) NOT-FOR-US: PHP-Nuke; CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of serv ...) NOT-FOR-US: PalmOS CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client allow ...) NOT-FOR-US: The Palace; CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...) NOT-FOR-US: CactuShop; CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows re ...) NOT-FOR-US: formmail.php; CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealO ...) NOT-FOR-US: RealPlayer CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ca ...) NOT-FOR-US: Xlight; CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...) NOT-FOR-US: Discuz; CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to exe ...) NOT-FOR-US: IBM Cloudscape CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of s ...) NOT-FOR-US: TYPSoft FTP Server CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...) NOT-FOR-US: rxgoogle.cgi CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allow ...) NOT-FOR-US: PhotoPost PHP Pro CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...) NOT-FOR-US: PHPX CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote a ...) NOT-FOR-US: PHPX CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote attacker ...) NOT-FOR-US: Chaser CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.li ...) NOT-FOR-US: Les Commentaires CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) NOT-FOR-US: Web Crossing CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Featu ...) NOT-FOR-US: Cisco CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displ ...) NOT-FOR-US: AIX CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: X-Cart 3.4.3 CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: X-Cart 3.4.3 CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote attack ...) NOT-FOR-US: X-Cart 3.4.3 CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) NOT-FOR-US: PhotoPost PHP Pro CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...) - overkill 0.16-7 CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal all ...) NOT-FOR-US: Aprox PHP Portal CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...) NOT-FOR-US: thePHOTOtool CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...) {DSA-515} - lha 1.14i-8 CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in he ...) {DSA-515} - lha 1.14i-8 CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory trave ...) NOT-FOR-US: utempter CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) befo ...) {DSA-497} - mc 1:4.6.0-4.6.1-pre1-2 CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...) {DSA-497} - mc 1:4.6.0-4.6.1-pre1-2 CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote attack ...) - linux (unimportant) - linux-2.6 (unimportant) - linux-2.6.24 (unimportant) NOTE: the attack works with a certain non-negligible probability, but even NOTE: when successful, it only causes a TCP disconnect, which will (in most NOTE: circumstances) be reestablished right away, causing essentially no impact CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...) - linux-2.6 2.6.6-1 - linux-2.6.24 CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...) - kernel-source-2.4.27 (2.4 does not have cpufreq) - linux-2.6 (fixed before first upload; 2.6.8) CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allo ...) - zoneminder 1.22.3-1 NOTE: fixed in 1.19.2, which was released before initial upload of 1.22.3 CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...) {DSA-497} - mc 1:4.6.0-4.6.1-pre1-2 CVE-2004-0225 RESERVED CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Cou ...) - courier 0.45.1-1 CVE-2004-0223 RESERVED CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remo ...) NOT-FOR-US: isakmpd in OpenBSD CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: isakmpd in OpenBSD CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: isakmpd in OpenBSD CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: isakmpd in OpenBSD CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: isakmpd in OpenBSD CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan E ...) NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet Explo ...) NOT-FOR-US: MSIE bug CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial ...) NOT-FOR-US: MS-Outlook-Express CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...) NOT-FOR-US: MSIE bug CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility Ma ...) NOT-FOR-US: Windows bug CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...) NOT-FOR-US: Windows bug CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain va ...) NOT-FOR-US: Windows bug CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows lo ...) NOT-FOR-US: Windows bug CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of Mi ...) NOT-FOR-US: Windows bug CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, W ...) NOT-FOR-US: Windows bug CVE-2004-0207 ("Shatter" style vulnerability in the Window Management application pro ...) NOT-FOR-US: Windows bug CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...) NOT-FOR-US: Windows bug CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 all ...) NOT-FOR-US: Windows bug CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business Obje ...) NOT-FOR-US: Visual Studio bug CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exc ...) NOT-FOR-US: Exchange bug CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft Dire ...) NOT-FOR-US: DirectX CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML He ...) NOT-FOR-US: Windows HTML Help CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Grap ...) NOT-FOR-US: famous Windows GDI+ JPEG parsing bug CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server 200 ...) NOT-FOR-US: Windows bug CVE-2004-0198 RESERVED CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote att ...) NOT-FOR-US: MSJet bug CVE-2004-0196 RESERVED CVE-2004-0195 RESERVED CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...) NOT-FOR-US: Symantec Gateway Security CVE-2004-0187 REJECTED CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...) {DSA-478} - tcpdump 3.7.2-4 CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...) {DSA-478} - tcpdump 3.7.2-4 CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ser ...) - mailman (RedHat specific bug) CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in whi ...) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26-pre5) CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...) {DSA-486} - cvs 1:1.12.5-4 (medium) CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...) {DSA-487} - neon 0.24.5-1 CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - linux-2.6 (fixed before first upload; 2.6.8) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26-pre3) CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly initializ ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - linux-2.6 (fixed before first upload; 2.6.8) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26-pre4) CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote at ...) {DSA-511} - ethereal 0.10.3-1 (bug #239576) CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allo ...) {CVE-2000-0992} - openssh 1:3.9p1-1 (low; bug #270770) [sarge] - openssh (Minor issue) NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1. NOTE: The "SUID/SGID across trust boundaries" issue remains, but is NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992. NOTE: jmm: 3.9p1 thus marked as fixed version CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multip ...) - apache 1.3.29.0.2-5 CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ltrac ...) - ltrace (Not setuid/setgid in Debian) CVE-2004-0170 RESERVED CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related t ...) NOT-FOR-US: CoreFoundation for Mac OS X CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 relate ...) NOT-FOR-US: Safari CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which a ...) - ipsec-tools 0.3.3-1 NOTE: not mentioned in the changelog, so I don't know which version exactly fixes NOTE: the problem, but the patch that fixes the bug is applied: NOTE: http://marc.info/?l=bugtraq&m=107411758202662&w=2 CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...) NOT-FOR-US: Sygate Secure Enterprise CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: general MIME bug with security gateways CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: general MIME bug with security gateways CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...) {DSA-445} - lbreakout2 2.4 CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to f ...) {DSA-484} - xonix 1.4-21 CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event function ...) {DSA-485} - ssmtp 2.60.7 CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...) - ipsec-tools 0.2.5-2 CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...) - nfs-utils 1:1.0.5-3 CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may a ...) {DSA-468} - emil 2.1.0-beta9-14 CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...) {DSA-468} - emil 2.1.0-beta9-14 CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...) {DSA-462} - xitalk 1.1.11-11 CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ga ...) {DSA-451} - xboing 2.4-26.1 (bug #174924) CVE-2004-0147 REJECTED CVE-2004-0146 REJECTED CVE-2004-0145 REJECTED CVE-2004-0144 REJECTED CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote a ...) NOT-FOR-US: Nokia mobile phones CVE-2004-0142 REJECTED CVE-2004-0141 REJECTED CVE-2004-0140 REJECTED CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5. ...) NOT-FOR-US: SGI IRIX CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (fixed before first upload) CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows lo ...) NOT-FOR-US: IRIX init CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows lo ...) NOT-FOR-US: IRIX CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allow ...) NOT-FOR-US: IRIX CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain priv ...) NOT-FOR-US: IRIX CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in whi ...) - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26-rc2) - linux-2.6 (fixed before first upload; 2.6.5) CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...) NOT-FOR-US: ezContents CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ob ...) NOT-FOR-US: phpGedView CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for phpGedV ...) NOT-FOR-US: phpGedView CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verif ...) NOT-FOR-US: FreeBSD jail CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Ser ...) NOT-FOR-US: Windows bug CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT 4 ...) NOT-FOR-US: Windows bug CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2 ...) NOT-FOR-US: Windows bug CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows 20 ...) NOT-FOR-US: Windows bug CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows N ...) NOT-FOR-US: Windows bug CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...) NOT-FOR-US: Windows bug CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM activat ...) NOT-FOR-US: Windows bug CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, wh ...) - openssl 0.9.7d-1 CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...) {DSA-455} - libxml 1:1.8.17-5 - libxml2 2.6.6-1 CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26-rc4) - linux-2.6 (fixed before first upload; 2.6.6) CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allo ...) - sysstat 5.0.2-1 CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...) {DSA-443} - xfree86 4.3.0-2 CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote att ...) {DSA-449} - metamail 2.7-45.2 CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier all ...) {DSA-449} - metamail 2.7-45.2 CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...) {DSA-432} - crawl 1:4.0.0beta26-4 CVE-2004-0102 RESERVED CVE-2004-0101 RESERVED CVE-2004-0100 RESERVED CVE-2004-0098 REJECTED CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) {DSA-448} - pwlib 1.5.2-4 CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10. ...) NOT-FOR-US: Safari CVE-2004-0091 NOT-FOR-US: vBulletin CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 thro ...) NOT-FOR-US: MacOS CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) NOT-FOR-US: MacOS CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) NOT-FOR-US: MacOS CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...) NOT-FOR-US: MacOS CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...) NOT-FOR-US: MacOS CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3. ...) {DSA-443} - xfree86 4.3.0-2 CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 throu ...) {DSA-443} - xfree86 4.3.0-2 CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message t ...) {DSA-465} - openssl 0.9.6d-1 CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0. ...) {DSA-465} - openssl 0.9.7d-1 - openssl096 0.9.6m-1 CVE-2004-0076 REJECTED CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain priv ...) - xsok (Not vulnerable. See bug #278777) CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) conf ...) NOT-FOR-US: EasyDynamicPages CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 allow ...) NOT-FOR-US: Accipiter Direct Server 6.0 CVE-2004-0071 (Directory traversal vulnerability in buildManPage in class.manpagelook ...) NOT-FOR-US: PHP Man Page Lookup 1.2.0 CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and earl ...) NOT-FOR-US: HD Soft Windows FTP Server 1.6 CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView befo ...) NOT-FOR-US: phpGedView CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...) NOT-FOR-US: phpGedView CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...) NOT-FOR-US: phpGedView CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows loc ...) NOT-FOR-US: SuSE YaST CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various v ...) NOT-FOR-US: FishCart CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...) NOT-FOR-US: WWW File Share Pro 2.42 CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...) NOT-FOR-US: WWW File Share Pro 2.42 CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File Sha ...) NOT-FOR-US: WWW File Share Pro 2.42 CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local u ...) NOT-FOR-US: Antivir CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...) {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for Nort ...) NOT-FOR-US: Nortel Networks products CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...) {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for Cisc ...) NOT-FOR-US: Cisco CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Multiple security gateways MIME parsing stuff CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Multiple security gateways MIME parsing stuff CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Multiple security gateways MIME parsing stuff CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the fu ...) NOT-FOR-US: Verity Ultraseek CVE-2004-0048 RESERVED CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...) {DSA-430} - trr19 1.0beta5-17.1 (bug #264702) CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...) NOT-FOR-US: SnapStream PVS LITE CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allo ...) NOT-FOR-US: Yahoo Instant Messenger CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether o ...) - vsftpd 2.0.1-1 NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce t ...) {DSA-421} - mod-auth-shadow 1.4-1 CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application Intelligenc ...) NOT-FOR-US: Check Point Firewall CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...) NOT-FOR-US: McAfee CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute arbit ...) NOT-FOR-US: FistClass Desktop Client CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 an ...) NOT-FOR-US: Phorum CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) auth ...) NOT-FOR-US: PHPGEDVIEW CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) NOT-FOR-US: Lotus Notes Domino CVE-2004-0027 RESERVED CVE-2004-0026 RESERVED CVE-2004-0025 RESERVED CVE-2004-0024 RESERVED CVE-2004-0023 RESERVED CVE-2004-0022 RESERVED CVE-2004-0021 RESERVED CVE-2004-0020 RESERVED CVE-2004-0019 RESERVED CVE-2004-0018 RESERVED CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) inf ...) {DSA-419} - phpgroupware 0.9.14.007-4 CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...) {DSA-412} - nd 0.8.2-1 CVE-2004-0012 REJECTED CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in Li ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.25-pre7) CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0. ...) {DSA-434} - gaim 1:0.75-2 CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...) {DSA-434} - gaim 1:0.75-2 CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...) {DSA-434} - gaim 1:0.75-2 CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...) {DSA-434} - gaim 1:0.75-2 CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 (Fixed before upload into archive; 2.4.26-rc4) CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows rem ...) NOT-FOR-US: FreeBSD netinet CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...) NOT-FOR-US: windows mta CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScre ...) NOT-FOR-US: juniper router CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive in ...) NOT-FOR-US: windows mta CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67. ...) NOT-FOR-US: ncipher hardware CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe i ...) NOT-FOR-US: windows firewall CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...) NOT-FOR-US: cisco CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD b ...) NOT-FOR-US: cisco CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) da ...) NOT-FOR-US: windows mta CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...) NOT-FOR-US: monkeyd, not in debian CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistak ...) - eggdrop 1.6.17 CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player 2. ...) NOT-FOR-US: realone player CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a de ...) - clamav 0.80 CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...) - php4 4.3.9 CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to byp ...) NOT-FOR-US: openjournal, not in debian CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...) NOT-FOR-US: open/netbsd CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to o ...) - libtool 1.5.6 CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for Adob ...) NOT-FOR-US: acroread CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...) NOT-FOR-US: realsecure/blackice CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ne ...) - mozilla 2:1.7.3 CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext password ...) NOT-FOR-US: symantec CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...) {DSA-474} - squid 2.5.5-1 CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...) {DSA-461} - calife 2.8.6-1 (bug #235157) CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allow ...) {DSA-463} - samba 3.0.2-2 CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp da ...) {DSA-457} - wu-ftpd 2.6.2-17.1 CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and Ap ...) NOT-FOR-US: apache/cygwin CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote att ...) NOT-FOR-US: freebsd/os x CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...) NOT-FOR-US: os x CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initia ...) NOT-FOR-US: os x CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon (p ...) NOT-FOR-US: os x CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary c ...) {DSA-446} - synaesthesia 2.1-3 NOTE: synaesthesia is no longer setuid in Debian. CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...) {DSA-447} - hsftp 1.15-1 CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2 ...) {DSA-458-3} - python2.2 2.2.2 CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, all ...) {DSA-457} - wu-ftpd 2.6.2-17.1 CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon (radi ...) NOT-FOR-US: gnu radiusd, not in debian CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 an ...) - phpmyadmin 2:2.6.0-pl2 CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration sc ...) NOT-FOR-US: phpgedview, not in debian CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directo ...) NOT-FOR-US: freebsd CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain r ...) NOT-FOR-US: microsoft CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not su ...) NOT-FOR-US: microsoft CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 all ...) NOT-FOR-US: microsoft CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for Free ...) NOT-FOR-US: bsd CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 a ...) - apache2 2.0.52 CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ( ...) {DSA-464} - gdk-pixbuf 0.22.0-3 CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...) {DSA-460} - sysstat 5.0.2-1 CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when cre ...) NOT-FOR-US: freebsd CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to c ...) - libapache-mod-python 2:2.7.10 CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a d ...) NOT-FOR-US: mcafee CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to c ...) {DSA-443} - xfree86 4.2.1-6 CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...) {DSA-443} - xfree86 4.2.1-6 CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x al ...) NOT-FOR-US: os x CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1 ...) - samba 3.0.7 CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...) NOT-FOR-US: debian uses different login CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...) - mutt 1.5.6-20040722+1 CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to 2.2. ...) {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438} - kernel-source-2.4.27 (Fixed before initial upload; 2.4.26-pre3) - kernel-source-2.2.20 CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the copy_from ...) - kernel-source-2.4.24 2.4.24-3 NOTE: fixed in 2.4.26-pre3 CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents a ...) NOT-FOR-US: ezcontents, commercial CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...) NOT-FOR-US: phpdig, not in debian CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1. ...) NOT-FOR-US: ncipher hsm CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attac ...) NOT-FOR-US: real helix CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control messag ...) - inn2 2.4.1+20040820 [woody] - inn2 CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentic ...) NOT-FOR-US: cisco CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4. ...) NOT-FOR-US: checkpoint CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...) NOT-FOR-US: vbulletin, commercial CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and earli ...) NOT-FOR-US: phorum, not in debian CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensiti ...) NOT-FOR-US: phpgedview, not in debian CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2 ...) NOT-FOR-US: phpgedview, not in debian CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...) NOT-FOR-US: phpgedview, not in debian CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...) {DSA-420} - jitterbug 1.6.2-4.5 CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the "save ...) {DSA-419} - phpgroupware 0.9.14.007-4 CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before execu ...) {DSA-418} - vbox3 0.1.8 CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...) {DSA-414} - jabber 1.4.3-1 CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute ...) {DSA-416} - fsp 2.81.b18-1 CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...) - apache-ssl 1.3.31 CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...) NOT-FOR-US: openca, not in debian CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace emul ...) - kernel-image-2.6.8-9-amd64-generic