CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...) - glibc 2.5-1 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=2498 CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...) NOT-FOR-US: GE Healthcare Infinia II CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7251 REJECTED CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...) {DSA-2454-1} - openssl 1.0.0h-1 NOTE: DSA addressed it in patch for CVE-2012-1165 CVE-2006-7249 REJECTED CVE-2006-7248 REJECTED CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component f ...) NOT-FOR-US: Joomla! CVE-2006-7246 (NetworkManager 0.9.x does not pin a certificate's subject to an ESSID ...) - wpasupplicant 0.7.3-1 [squeeze] - wpasupplicant (Minor issue) - network-manager 0.9.4.0-1 [squeeze] - network-manager (Minor issue) NOTE: might be fixed earlier; I checked the source versions in Wheezy CVE-2006-7245 (Monkey's Audio before 4.01b2 allows remote attackers to cause a denial ...) NOT-FOR-US: Monkey's Audio CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions be ...) - libpng 1.2.39-1 (unimportant) CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might a ...) - php5 5.3.3-6 (low) NOTE: old, known, issue -- partial protection by the suhosin extension NOTE: http://svn.php.net/viewvc?view=revision&revision=305507 CVE-2006-7242 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2006-7241 (The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the lock_on_sus ...) - gnome-power-manager 2.28.0-1 (unimportant) CVE-2006-7239 (The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c ...) - gnutls26 (fix is present in lenny/sid; fixed originally in upstream 1.4.2, which precedes 26) CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allo ...) NOT-FOR-US: MyShoutPro CVE-2006-7237 (PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libr ...) NOT-FOR-US: Ixprim CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and possibl ...) {DTSA-182-1} - xterm 238-1 (medium; bug #510030) [etch] - xterm (allowWindowOps disabled in configuration) NOTE: Somewhat mitigated by a filter for control characters in NOTE: post-etch versions. CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...) NOT-FOR-US: Teamtek Universal FTP Server CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows l ...) - lynx-cur 2.8.7dev4-1 (low) - lynx (Doesn't include the current directory in the search path) CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) NOT-FOR-US: Openfire CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 all ...) - mysql-dfsg-4.1 - mysql-dfsg-5.0 5.0.32-1 CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica a ...) NOT-FOR-US: Civica Software Civica CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) {DSA-1570-1} - pcre3 7.0-1 - kazehakase 0.5.2-1 [sarge] - pcre3 4.5+7.4-1 [etch] - pcre3 6.7+7.4-2 CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...) - linux-2.6 2.6.20-1 [etch] - linux-2.6 (Ubuntu-specific regression) CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) {DSA-1570-1} - pcre3 6.2-1 - kazehakase 0.5.2-1 [sarge] - pcre3 4.5+7.4-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) {DSA-1570-1} - pcre3 6.2-1 - kazehakase 0.5.2-1 [sarge] - pcre3 4.5+7.4-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...) - pcre3 6.7-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector [sarge] - pcre3 4.5+7.4-1 [etch] - pcre3 6.7+7.4-2 CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows co ...) - pcre3 6.7-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector [sarge] - pcre3 4.5+7.4-1 [etch] - pcre3 6.7+7.4-2 CVE-2006-7224 REJECTED CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Autho ...) NOT-FOR-US: Xwiki CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in FLICSource ...) NOT-FOR-US: Media Player Classic CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow atta ...) - gftp 2.0.18-17 (unimportant; bug #437710) CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote at ...) NOT-FOR-US: SAP SAPLPD CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for edit ...) - ezpublish (Debian's version is too old) CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for "con ...) - ezpublish (Debian's version is too old) CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege requi ...) - derby (Fixed before initial upload to Debian) NOTE: http://issues.apache.org/jira/browse/DERBY-1858 CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...) - derby (Fixed before initial upload to Debian) NOTE: http://issues.apache.org/jira/browse/DERBY-1708 CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop proces ...) NOT-FOR-US: Intel processor CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote atta ...) {DSA-1529-1} - firebird1.5 (bug #432753) - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and owne ...) {DSA-1529-1} - firebird1.5 (bug #432753) - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...) {DSA-1529-1} - firebird1.5 (bug #432753) - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semap ...) {DSA-1529-1} - firebird1.5 (fixed before rename to firebird1.5) - firebird2 1.5.3.4870-4 (low; bug #362001) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 (fixed in 2.0) [sarge] - firebird2 (Minor issue) CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...) NOT-FOR-US: Windows CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA bef ...) NOT-FOR-US: phpTrafficA CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam va ...) NOT-FOR-US: phpBB component com_forum CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote atta ...) NOT-FOR-US: AGEphone CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection] - owl-dms 0.94-1 (medium; bug #416296) CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...) - php4 (unimportant) - php5 (unimportant) NOTE: local DoS when Apache memory limit is set high CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...) - php4 (unimportant) NOTE: open_basedir bypasses not supported CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 an ...) {DSA-1504-1} - linux-2.6 2.6.18.dfsg.1-9 (low) CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not pro ...) NOT-FOR-US: Mambo CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the Site ...) NOT-FOR-US: EMC RSA Security SiteKey CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist f ...) NOT-FOR-US: EMC RSA Security SiteKey CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the correc ...) NOT-FOR-US: EMC RSA Security SiteKey CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...) - tomcat5.5 5.5.17-1 (low) CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application e ...) - tomcat5.5 5.5.16-1 (unimportant) - tomcat5 (unimportant) - tomcat4 (unimportant) NOTE: Only present in an example, not in production code CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Ap ...) - tomcat5.5 5.5.20-1 (unimportant) - tomcat5 (unimportant) - tomcat4 (unimportant) NOTE: Only present in an example, not in production code CVE-2006-7194 (PHP remote file inclusion vulnerability in modules/Mysqlfinder/Mysqlfi ...) NOT-FOR-US: Agora CVE-2006-7193 NOT-FOR-US: disputed (SMARTY_DIR is a constant) CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle com ...) NOT-FOR-US: Microsoft ASP .NET Framework CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Ma ...) {DSA-1287-1} - ldap-account-manager 1.0.0-1 (medium) CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...) NOT-FOR-US: WebAPP CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...) NOT-FOR-US: WebAPP CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net WebAP ...) NOT-FOR-US: WebAPP CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches f ...) NOT-FOR-US: WebAPP CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attacker ...) NOT-FOR-US: WebAPP CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...) NOT-FOR-US: CMSmelborp CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ( ...) NOT-FOR-US: Exhibit Engine CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit Engin ...) NOT-FOR-US: Exhibit Engine CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 a ...) NOT-FOR-US: MNews CVE-2006-7181 NOT-FOR-US: Morcego CMS CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets b ...) - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process Ch ...) - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH fra ...) - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...) - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) - sendmail (Not a program flaw, a DNS error) CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) - sendmail (Debian compiles with FFR_TLS correctly) CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in t ...) NOT-FOR-US: Dimension module of phpBB CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats 0 ...) NOT-FOR-US: PHP-Stats CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP- ...) NOT-FOR-US: PHP-Stats CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...) NOT-FOR-US: Mega Mall CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall allo ...) NOT-FOR-US: Mega Mall CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...) NOT-FOR-US: phpBB module Add Name CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote atta ...) NOT-FOR-US: ProRat Server CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remo ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remo ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...) NOT-FOR-US: DreameeSoft Password Master CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files co ...) - putty 0.59-1 (bug #400804; unimportant) NOTE: Unsafe default, but not a vulnerability NOTE: Sensitive operations like key generation should only be done in private home CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...) NOT-FOR-US: Hazir Site CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earli ...) NOT-FOR-US: Outpost Firewall PRO CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in BTI ...) NOT-FOR-US: BTI-Tracker CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) NOT-FOR-US: Oracle Application Express CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-as ...) NOT-FOR-US: Google Earth CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in Keywo ...) NOT-FOR-US: miniBB module Keyword Replacer CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...) NOT-FOR-US: Novell BorderManager CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via certai ...) NOT-FOR-US: Iono CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...) NOT-FOR-US: MiniBB Forum CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote attack ...) NOT-FOR-US: ASP-Nuke Community CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library (liblt ...) - libtool (Specific to Fedora build) CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote att ...) NOT-FOR-US: Mambo CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x all ...) NOT-FOR-US: Mambo CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...) NOT-FOR-US: phpBB module maluinfo CVE-2006-7147 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...) NOT-FOR-US: phpBB module Import Tools CVE-2006-7146 NOT-FOR-US: communityPortals CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote a ...) NOT-FOR-US: Call Center Software CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier a ...) NOT-FOR-US: Call Center Software CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...) NOT-FOR-US: Call Center Software CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores hard-c ...) NOT-FOR-US: Utimaco Safeguard CVE-2006-7141 NOT-FOR-US: Oracle Database CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun Solar ...) NOT-FOR-US: Sun Solaris CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, al ...) - kdepim (unimportant) NOTE: Annoying bug, but neglectable "security implications" CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in th ...) NOT-FOR-US: Oracle APEX CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 al ...) NOT-FOR-US: TinyPortal CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...) NOT-FOR-US: PHP Poll Creator CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in PH ...) NOT-FOR-US: PHP Poll Creator CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...) NOT-FOR-US: Upload Tool for PHP CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...) NOT-FOR-US: Upload Tool for PHP CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0be ...) NOT-FOR-US: PHPMyDesk CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2. ...) NOT-FOR-US: Jinzora CVE-2006-7130 (PHP remote file inclusion vulnerability in backend/primitives/cache/me ...) NOT-FOR-US: Jinzora CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versi ...) NOT-FOR-US: ISS BlackICE CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...) NOT-FOR-US: JAF CMS CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and ...) NOT-FOR-US: JAF CMS CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 al ...) NOT-FOR-US: Joomla component BSQ Sitestats CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...) NOT-FOR-US: Joomla component BSQ Sitestats CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in BS ...) NOT-FOR-US: Joomla component BSQ Sitestats CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...) NOT-FOR-US: Joomla component BSQ Sitestats CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup func ...) NOT-FOR-US: Joomla component BSQ Sitestats CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote at ...) NOT-FOR-US: Linksys SPA-921 CVE-2006-7120 NOT-FOR-US: OSL maintain CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php i ...) NOT-FOR-US: PHPGiggle CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine Manag ...) NOT-FOR-US: DMXReady Site Engine Manager CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...) NOT-FOR-US: Kubix CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...) NOT-FOR-US: Kubix CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attacker ...) NOT-FOR-US: PHPKit CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with insuffi ...) NOT-FOR-US: P-News CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote att ...) NOT-FOR-US: P-News CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ea ...) NOT-FOR-US: MD-Pro CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ear ...) NOT-FOR-US: KMail CGI CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE befor ...) NOT-FOR-US: Drupal module IMCE CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal mo ...) NOT-FOR-US: Drupal module IMCE CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when auth ...) - util-linux 2.17.2-9 (unimportant) NOTE: likely fixed far before this, which is the version in squeeze that was checked CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent S ...) NOT-FOR-US: freePBX CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power Ph ...) NOT-FOR-US: Power Phlogger CVE-2006-7105 - smarty (described vulnerability never existed) CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the Cha ...) NOT-FOR-US: MOStlyContent Editor CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 an ...) NOT-FOR-US: EZOnlineGallery CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...) NOT-FOR-US: phpBurningPortal quiz-modul CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...) NOT-FOR-US: PHPWind CVE-2006-7100 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...) NOT-FOR-US: phpBB Insert User CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows remo ...) NOT-FOR-US: SolarPay CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...) - apache 1.3.34-4.1 (low; bug #357561) CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have u ...) NOT-FOR-US: TaskFreak! CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...) NOT-FOR-US: dimension 3 engine CVE-2006-7095 (Integer signedness error in the network_receive_packet function in soc ...) NOT-FOR-US: dimension 3 engine CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the effectiv ...) - linux-ftpd 0.17-23 (bug #384454; low) CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Securi ...) NOT-FOR-US: Mambo LaiThai CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5 ...) NOT-FOR-US: Mambo LaiThai CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht Topsite ...) NOT-FOR-US: Topsites FREE CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...) NOT-FOR-US: phpBB Security CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...) NOT-FOR-US: Ban CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...) NOT-FOR-US: Simple PHP Forum CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...) NOT-FOR-US: Dotdeb PHP CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remot ...) NOT-FOR-US: Hot Links CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers t ...) NOT-FOR-US: Rigter Portal System CVE-2006-7084 REJECTED CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...) NOT-FOR-US: Rigter Portal System CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers t ...) NOT-FOR-US: Rigter Portal System CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allo ...) NOT-FOR-US: PhpNews CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...) NOT-FOR-US: exV2 CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 2.0.4. ...) NOT-FOR-US: exV2 CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional Ho ...) NOT-FOR-US: Professional Home Page Tools Login Script CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...) NOT-FOR-US: Advanced Guestbook CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...) NOT-FOR-US: Advanced Guestbook CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for A ...) - aqualung 0.9~beta6-1 (medium) CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authen ...) NOT-FOR-US: SmartSiteCMS CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod b ...) NOT-FOR-US: Opentools Attachment Mod CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...) NOT-FOR-US: GeoClassifieds Enterprise CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision P ...) NOT-FOR-US: Invision Power Board CVE-2006-7070 (Unrestricted file upload vulnerability in manager/media/ibrowser/scrip ...) NOT-FOR-US: Etomite CMS CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in Socket ...) NOT-FOR-US: Socketwiz Bookmarks CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...) NOT-FOR-US: CliServ Web Community CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to t ...) NOT-FOR-US: Oracle CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...) NOT-FOR-US: Microsoft IE CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Microsoft IE CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invisi ...) NOT-FOR-US: Invision Power Board CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 a ...) NOT-FOR-US: TinyPHPforum CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows r ...) NOT-FOR-US: Kamgaing Email System CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...) NOT-FOR-US: E-Dating System CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...) NOT-FOR-US: E-Dating System CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E ...) NOT-FOR-US: E-Dating System CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...) NOT-FOR-US: Sphider CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c all ...) NOT-FOR-US: Sphider CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAd ...) NOT-FOR-US: HostAdmin CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...) NOT-FOR-US: TotalCalendar CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...) NOT-FOR-US: FAST360 UTM CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...) NOT-FOR-US: FAST360 UTM CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For Ar ...) NOT-FOR-US: DotWidget CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...) - linux-2.6 2.6.23-1 (low) [etch] - linux-2.6 (Design limitation, use resource limits if it poses a problem) CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) bef ...) NOT-FOR-US: WikkaWiki CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the s ...) NOT-FOR-US: WikkaWiki CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) NOT-FOR-US: Claroline CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...) NOT-FOR-US: Shoutpro CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...) NOT-FOR-US: Clan Manager Pro CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1. ...) NOT-FOR-US: Clan Manager Pro CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in Cla ...) NOT-FOR-US: Clan Manager Pro CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogge ...) NOT-FOR-US: Chipmunk CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in Chi ...) NOT-FOR-US: Chipmunk CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...) NOT-FOR-US: MERCUR Messaging CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...) NOT-FOR-US: MERCUR Messaging CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allow ...) NOT-FOR-US: MERCUR Messaging CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...) NOT-FOR-US: MERCUR Messaging CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security feat ...) NOT-FOR-US: MathCAD CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...) NOT-FOR-US: Andy's Chat CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...) NOT-FOR-US: Super Link Exchange Script CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange Sc ...) NOT-FOR-US: Super Link Exchange Script CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...) NOT-FOR-US: Super Link Exchange Script CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...) NOT-FOR-US: FlashBB CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote att ...) NOT-FOR-US: Microsoft IE CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) NOT-FOR-US: Microsoft IE CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) NOT-FOR-US: Microsoft IE CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allo ...) NOT-FOR-US: Sun Solaris CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs un ...) NOT-FOR-US: Microsoft ISA CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in Aardvar ...) NOT-FOR-US: Topsites PHP CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...) NOT-FOR-US: Bookmark4U CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem] - pure-ftpd 1.0.21-1 (low) NOTE: oldstable is affected CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...) NOT-FOR-US: Harpia CMS CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...) NOT-FOR-US: fx-APP CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepre ...) NOT-FOR-US: fx-APP CVE-2006-7021 (PHP remote file inclusion vulnerability in manager/tools/link/dbinstal ...) NOT-FOR-US: Plume CMS CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...) NOT-FOR-US: phpwcms CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attac ...) NOT-FOR-US: phpwcms CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attac ...) NOT-FOR-US: phpwcms CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 all ...) NOT-FOR-US: Indexu CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: Jobline CVE-2006-7015 NOT-FOR-US: Jobline CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a us ...) NOT-FOR-US: BloggIT CVE-2006-7013 NOT-FOR-US: Simple Machine Forum CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: SCart CVE-2006-7011 NOT-FOR-US: FlashChat CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...) NOT-FOR-US: Joomla! CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend su ...) NOT-FOR-US: Joomla! CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...) NOT-FOR-US: Joomla! CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers t ...) NOT-FOR-US: Tiny FTPd CVE-2006-7006 NOT-FOR-US: Somery CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote a ...) NOT-FOR-US: PSY Auction CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY A ...) NOT-FOR-US: PSY Auction CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion P ...) NOT-FOR-US: Fusion Polls CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatbl ...) NOT-FOR-US: Wheatblog CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...) NOT-FOR-US: PhpMyChat Plus CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...) NOT-FOR-US: DeskPRO CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...) NOT-FOR-US: DeskPRO CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote a ...) NOT-FOR-US: DeskPRO CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable Sta ...) NOT-FOR-US: MailEnable CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1 ...) NOT-FOR-US: warforge.NEWS CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain pr ...) NOT-FOR-US: V3 Chat CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...) NOT-FOR-US: OzzyWork Gallery CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neu ...) NOT-FOR-US: Neuron Blog CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attack ...) NOT-FOR-US: GoSuRF Browser CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attac ...) NOT-FOR-US: Fast Browser Pro CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attac ...) NOT-FOR-US: Enigma Browser CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...) NOT-FOR-US: NetCaptor CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remot ...) NOT-FOR-US: Slim Browser CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...) NOT-FOR-US: FineBrowser Freeware CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers t ...) NOT-FOR-US: PhaseOut CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote att ...) NOT-FOR-US: Maxthon CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote atta ...) NOT-FOR-US: GreenBrowser CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...) NOT-FOR-US: MYweb4net Browser CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic au ...) - 3proxy (bug #718219) CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...) - 3proxy (bug #718219) CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...) - amarok 1.4.4-4 (bug #410850; unimportant) NOTE: This could only be exploited through the Magnatune shop CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...) - amarok 1.4.4-1 (bug #410850; low) [sarge] - amarok (Vulnerable code not present) CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selecti ...) NOT-FOR-US: FCKEditor CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selecti ...) NOT-FOR-US: FreeTextBox CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in Cent ...) NOT-FOR-US: CentiPaid CVE-2006-6975 NOT-FOR-US: CentiPaid CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...) NOT-FOR-US: DeskPRO CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for certai ...) NOT-FOR-US: DeskPRO CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...) NOT-FOR-US: BtitTracker CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows rem ...) - iceweasel (Windows only) CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud Protectio ...) NOT-FOR-US: Opera CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 befo ...) - jetty 5.1.10-4 (medium; bug #445283) NOTE: http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52&r2=1.53&view=patch CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation contr ...) NOT-FOR-US: Phorum CVE-2006-6967 REJECTED CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the in ...) NOT-FOR-US: phpGraphy CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03- ...) - dokuwiki 0.0.20061106-1 (low) CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...) NOT-FOR-US: MailEnable CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...) NOT-FOR-US: Docebo CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...) NOT-FOR-US: RS Gallery2 CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...) NOT-FOR-US: WebRoot Spy Sweeper CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...) NOT-FOR-US: WebRoot Spy Sweeper CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...) NOT-FOR-US: WebRoot Spy Sweeper CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2. ...) NOT-FOR-US: phpBlueDragon CMS CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php i ...) NOT-FOR-US: Docebo CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Microsoft CVE-2006-6955 (Opera allows remote attackers to cause a denial of service (applicatio ...) NOT-FOR-US: Opera CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...) - iceweasel (unimportant) NOTE: Browser crashes not treated as security problems NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash. NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840 CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager c ...) NOT-FOR-US: GlobeTrotter Mobility Manager CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers (1 ...) NOT-FOR-US: Computer Associates (CA) CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog a ...) NOT-FOR-US: Odysseus Blog CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 all ...) NOT-FOR-US: Conti FtpServer CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in My ...) NOT-FOR-US: Conti FtpServer CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allow ...) NOT-FOR-US: JVN CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...) NOT-FOR-US: NEC CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...) NOT-FOR-US: NEC CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote attacker ...) NOT-FOR-US: VirtueMart CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) NOTE: https://www.phpmyadmin.net/security/PMASA-2006-9/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/663eb2b85ed30c1226c5d617bb06c5afe1d3caf5 CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full s ...) - phpmyadmin 4:2.9.1.1-2 (unimportant) NOTE: Only path disclosure CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin befo ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer. NOTE: https://www.phpmyadmin.net/security/PMASA-2006-7/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/59d245f36ab4e0b8a49c44b1f9045fc9aef939b2 CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) NOT-FOR-US: FreeWebshop CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) NOT-FOR-US: OWA CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...) - ed 0.2-19 CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...) NOT-FOR-US: NitroTech CMS CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gall ...) NOT-FOR-US: ASP Photo Gallery CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery a ...) NOT-FOR-US: ASP Photo Gallery CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...) NOT-FOR-US: Portix CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4. ...) NOT-FOR-US: Portix CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root w ...) NOT-FOR-US: Easy Chat Server CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access Da ...) NOT-FOR-US: Image Gallery CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during pre ...) - snort 2.7.0-1 (low; bug #407421) [sarge] - snort (Minor issue) [etch] - snort (Minor issue) CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allo ...) NOT-FOR-US: Rapid Classified CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classifie ...) NOT-FOR-US: Rapid Classified CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allo ...) NOT-FOR-US: Rialto CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote atta ...) NOT-FOR-US: Rialto CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors ...) NOT-FOR-US: eXtremail CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...) NOT-FOR-US: bitweaver CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitiv ...) NOT-FOR-US: bitweaver CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver 1. ...) NOT-FOR-US: bitweaver CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System (phpdea ...) NOT-FOR-US: Deadlock CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a ...) - linux-2.6 2.6.18-1 (low) CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...) NOT-FOR-US: Nucleus CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ex ...) - firefox-sage 1.3.6-3 NOTE: 1.3.6-3 disabled HTML mode entirely CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion b ...) NOT-FOR-US: GeoBB CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...) NOT-FOR-US: Computer Associates (CA) CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ca ...) NOT-FOR-US: Getahead CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to c ...) NOT-FOR-US: IBM CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows re ...) NOT-FOR-US: IBM CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...) NOT-FOR-US: phpMyFAQ CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remot ...) NOT-FOR-US: phpMyFAQ CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And Orde ...) NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...) NOT-FOR-US: Fersch Formbankserver CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Com ...) NOT-FOR-US: Karl Dahlke Edbrowse CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluet ...) NOT-FOR-US: Bluetooth Stack COM Server (Windows) CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...) NOT-FOR-US: Bluesoil Bluetooth CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...) NOT-FOR-US: Bluetooth stack on Mac OS CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...) NOT-FOR-US: Widcomm Bluetooth CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows remot ...) NOT-FOR-US: Broadcom CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...) NOT-FOR-US: Toshiba Bluetooth stack CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...) NOT-FOR-US: Windows Mobile CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...) NOT-FOR-US: Mac OS CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obt ...) - bluez-utils 3.7-1 (bug #408889; medium) CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote at ...) NOT-FOR-US: Widcomm Bluetooth CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows (BT ...) NOT-FOR-US: Widcomm Bluetooth CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly implem ...) NOT-FOR-US: Plantronic Headset CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly impleme ...) NOT-FOR-US: Sony Ericsson T60 CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...) NOT-FOR-US: SPINE CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ser ...) - tor (unimportant) NOTE: It could be argued that this is a laws-of-physics vulnerability NOTE: that is a fundamental design limitation of certain hardware NOTE: implementations. CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function i ...) NOT-FOR-US: Jonathon J. Freeman OvBB CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root w ...) NOT-FOR-US: Vz Scripts ADP Forum CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root wi ...) NOT-FOR-US: Voodoo chat CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...) NOT-FOR-US: FreeStyle Wiki CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root wi ...) NOT-FOR-US: P-News CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows remo ...) NOT-FOR-US: logahead UNU CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: phpwcms CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remo ...) - flashplugin-nonfree (Windows-specific) CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...) NOT-FOR-US: Sky Software CVE-2006-6883 NOT-FOR-US: PHPIrc_bot CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...) NOT-FOR-US: Golden Book CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux P ...) NOT-FOR-US: ATMEL WLAN drivers CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Upd ...) NOT-FOR-US: PHP-Update CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in PHP-Upd ...) NOT-FOR-US: PHP-Update CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote attacker ...) NOT-FOR-US: PHP-Update CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli 3ed ...) NOT-FOR-US: Matteo Lucarelli 3editor CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module (l ...) - openser 1.1.1-1 (medium) [etch] - openser 1.1.0-9etch1 NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open Settleme ...) - openser 1.1.1-1 (medium) [etch] - openser 1.1.0-9etch1 NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in e ...) NOT-FOR-US: eNdonesia CMS CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 all ...) NOT-FOR-US: eNdonesia CMS CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows r ...) NOT-FOR-US: eNdonesia CMS CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 a ...) NOT-FOR-US: eNdonesia CMS CVE-2006-6869 (Directory traversal vulnerability in includes/search/search_mdforum.ph ...) NOT-FOR-US: MAXdev CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Sh ...) NOT-FOR-US: Zen Cart CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshak ...) NOT-FOR-US: buratinable templator (aka bubla) CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...) NOT-FOR-US: Ahead4 CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...) NOT-FOR-US: Softartisans CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma ...) NOT-FOR-US: Enigma2 CVE-2006-6863 NOT-FOR-US: Enigma2 CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...) NOT-FOR-US: Outfront Spooky Login CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 al ...) NOT-FOR-US: Outfront Spooky Login CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...) NOT-FOR-US: MythControl CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs Fo ...) NOT-FOR-US: Website Designs for Less CVE-2006-XXXX [ssmtp password leak] - ssmtp 2.61-10.1 (bug #369542; low) CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...) - avahi 0.6.16-1 (low) CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bub ...) - miredo 1.0.4-2 (bug #405412; bug #405111; medium) CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in modules/credits/credits.ph ...) NOT-FOR-US: Docebo LMS CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...) NOT-FOR-US: WebText CMS CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ca ...) NOT-FOR-US: AIDeX Mini-WebServer CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickC ...) NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related) CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on Wind ...) NOT-FOR-US: Durian Web Application Server CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allow ...) - tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium) CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...) NOT-FOR-US: ac4p Mobilelib gold CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster M ...) NOT-FOR-US: Shadowed Portal / Roster Module CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not properl ...) NOT-FOR-US: Cahier de texte (CDT) CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remot ...) NOT-FOR-US: ASPTicker CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 al ...) NOT-FOR-US: RealPlayer for Windows CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) In ...) NOT-FOR-US: WYWO - InOut Board CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simp ...) NOT-FOR-US: CMS Made Simple CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...) NOT-FOR-US: CMS Made Simple CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...) NOT-FOR-US: EasyPartner component for Joomla! CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...) NOT-FOR-US: Acronym Mod for phpBB2 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has un ...) {DSA-1488-1} - phpbb2 2.0.21-6 (bug #405980) CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact an ...) {DSA-1488-1} - phpbb2 2.0.21-6 (bug #405980) CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact an ...) {DSA-1488-1} - phpbb2 2.0.21-6 (bug #405980) CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...) NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHea ...) NOT-FOR-US: Total Commander CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...) NOT-FOR-US: IBM CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down U ...) NOT-FOR-US: Land Down Under CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unk ...) NOT-FOR-US: Joomla! CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...) NOT-FOR-US: Joomla! CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allo ...) NOT-FOR-US: Joomla! CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote at ...) NOT-FOR-US: aFAQ CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...) NOT-FOR-US: b2 Blog CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...) NOT-FOR-US: Efkan Forum CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...) NOT-FOR-US: Efkan Forum CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a d ...) - flashplugin-nonfree (Windows-specific) CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal b ...) NOT-FOR-US: Personal .NET Portal CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...) NOT-FOR-US: Calendar MX CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...) NOT-FOR-US: iCalendar CVE-2006-6823 (PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc ...) NOT-FOR-US: Yrch! CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate t ...) NOT-FOR-US: Enthrallweb eClassifieds CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the MM_r ...) NOT-FOR-US: Enthrallweb eNews CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the M ...) NOT-FOR-US: Enthrallweb eCoupons CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the w ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass authen ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain sensit ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login Manage ...) NOT-FOR-US: DMXReady Secure Login Manager CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...) NOT-FOR-US: DMXReady Secure Login Manager CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx ...) NOT-FOR-US: Hosting Controller CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload Manag ...) NOT-FOR-US: Mxmania File Upload Manager CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10 ...) NOT-FOR-US: myPHPCalendar CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service (cra ...) - kdenetwork 4:3.5.5-4 (low; bug #405828) [sarge] - kdenetwork (Minor issue) CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in src/main. ...) NOT-FOR-US: DB Hub CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in V ...) NOT-FOR-US: buratinable templator (aka bubla) CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) - wordpress 2.0.6-1 (bug #405299) CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) NOT-FOR-US: Ananda Real Estate CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1. ...) NOT-FOR-US: Enthrallweb eMates CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs all ...) NOT-FOR-US: Enthrallweb eJobs CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business Dire ...) NOT-FOR-US: Dragon Business Directory - Pro CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allo ...) NOT-FOR-US: Enthrallweb eCars CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages all ...) NOT-FOR-US: Enthrallweb ePages CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, w ...) NOT-FOR-US: SH-News CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event mo ...) NOT-FOR-US: Limbo CMS CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when register ...) {DSA-1250-1} - cacti 0.8.6i-3 (bug #404818; high) CVE-2006-6798 RESERVED CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allo ...) NOT-FOR-US: Microsoft CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...) NOT-FOR-US: MTCMS CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...) NOT-FOR-US: myPHPNuke CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows r ...) NOT-FOR-US: Efkan Forum CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...) NOT-FOR-US: Okul Merkezi Portal CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX BASI ...) NOT-FOR-US: Calendar MX CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remo ...) NOT-FOR-US: chatwm CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in Ultima ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-6789 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...) NOT-FOR-US: Phpbbxtra CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...) NOT-FOR-US: LuckyBot CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsle ...) NOT-FOR-US: Newsletter MX CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated administra ...) NOT-FOR-US: Open Newsletter CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open Newslette ...) NOT-FOR-US: Open Newsletter CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote attacker ...) NOT-FOR-US: Netbula Anyboard CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload arb ...) NOT-FOR-US: logahead UNU CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ear ...) NOT-FOR-US: pnamazu CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive ...) NOT-FOR-US: HLstats CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through ...) NOT-FOR-US: HLstats CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows r ...) NOT-FOR-US: vBulletin CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...) NOT-FOR-US: TimberWolf CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future Intern ...) NOT-FOR-US: Future Internet CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...) NOT-FOR-US: Future Internet CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of servi ...) NOT-FOR-US: acFTP CVE-2006-6774 (PHP remote file inclusion vulnerability in socios/maquetacion_socio.ph ...) NOT-FOR-US: Content Federator CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote att ...) NOT-FOR-US: Fishyshoop CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in w ...) - w3m 0.5.1-5.1 (bug #404564; low) - w3mmee (Does not include this format string vuln in the code) [sarge] - w3m (Minor issue, only exploitable in dump mode) CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...) NOT-FOR-US: Irokez CMS CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Ju ...) NOT-FOR-US: Jinzora Media Jukebox CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) NOT-FOR-US: PHP Live! CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: PWP Technologies The Classified Ad System CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of servic ...) - oftpd CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlie ...) NOT-FOR-US: cwmExplorer CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...) NOT-FOR-US: Pagetool CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...) NOT-FOR-US: Keep It Simple Guest Book (KISGB) CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It Simp ...) NOT-FOR-US: Keep It Simple Guest Book (KISGB) CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows rem ...) NOT-FOR-US: Novell NetMail CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMa ...) NOT-FOR-US: Novell NetMail CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...) NOT-FOR-US: phpMyAnime (aka phpmymanga) CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 1 ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...) NOT-FOR-US: Http explorer CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 allo ...) NOT-FOR-US: cwmExplorer CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a guessabl ...) NOT-FOR-US: Ixprim CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Ixprim CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote atta ...) NOT-FOR-US: Ixprim CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly dis ...) NOT-FOR-US: Microsoft CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain pri ...) NOT-FOR-US: FTPRush CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allow ...) NOT-FOR-US: XM Easy Personal FTP Server CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allow ...) NOT-FOR-US: XM Easy Personal FTP Server CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...) NOT-FOR-US: Newxooper CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows rem ...) NOT-FOR-US: Xt-News CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 all ...) NOT-FOR-US: Xt-News CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...) - sun-java5 1.5.0-08-1 CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index fil ...) NOT-FOR-US: phpProfiles CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain p ...) NOT-FOR-US: phpProfiles CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP Lase ...) NOT-FOR-US: HP CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...) NOT-FOR-US: MKPortal CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1. ...) NOT-FOR-US: phpProfiles CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8. ...) NOT-FOR-US: Paristemi CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...) NOT-FOR-US: cwmCounter CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java R ...) - sun-java5 1.5.0-07-1 CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java R ...) - sun-java5 1.5.0-07-1 CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Sh ...) NOT-FOR-US: Website Mini Web Shop CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php i ...) NOT-FOR-US: Website Mini Web Shop CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in Suppor ...) NOT-FOR-US: Support Cards 1 (osTicket) CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...) NOT-FOR-US: cwmVote CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java R ...) - sun-java5 1.5.0-08-1 CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...) NOTE: Access to DMA-capable hardware such as graphics cards can, NOTE: by design, bypass security restrictions. Not a real issue. CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier al ...) NOT-FOR-US: a-blog CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN Messeng ...) NOT-FOR-US: LAN Messenger CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in in ...) NOT-FOR-US: inertianews CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ine ...) NOT-FOR-US: inertianews CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and e ...) NOT-FOR-US: PHPBuilder CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, inc ...) NOT-FOR-US: BolinTech Dream FTP Server CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allow ...) NOT-FOR-US: Microsoft CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers t ...) NOT-FOR-US: Bandwebsite (aka Bandsite portal system) CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Kn ...) NOT-FOR-US: Knusperleicht ShoutBox CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in A ...) NOT-FOR-US: Azucar CMS CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...) - wget 1.13-1 (unimportant) NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=bd7f4ef701ce5db64659db496d3f47aeedfadac2 (v1.13) CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password f ...) NOT-FOR-US: Allied Telesis CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management packe ...) NOT-FOR-US: Allied Telesis CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...) NOT-FOR-US: uploader&downloader CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...) NOT-FOR-US: PowerClan CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...) NOT-FOR-US: Hitachi Directory Server CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11 ...) NOT-FOR-US: Hitachi Directory Server CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0 ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in Newx ...) NOT-FOR-US: Newxooper CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8. ...) NOT-FOR-US: PgmReloaded CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site Man ...) NOT-FOR-US: MGinternet Property Site Manager CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...) NOT-FOR-US: MGinternet Property Site Manager CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader Act ...) NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 throu ...) NOT-FOR-US: Soumu Workflow CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu Wo ...) NOT-FOR-US: Soumu Workflow CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail befo ...) NOT-FOR-US: @Mail CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9 ...) NOT-FOR-US: Oracle Portal CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...) NOT-FOR-US: @Mail CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail We ...) NOT-FOR-US: @Mail CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remot ...) NOT-FOR-US: @Mail CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and pos ...) NOT-FOR-US: Oracle Portal CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files unde ...) - gconf2 2.24.0-1 (unimportant; bug #404743) NOTE: Minor nuisance, not much of a security problem CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in Op ...) - openser 1.1.0-8 (medium; bug #404591) CVE-2006-XXXX [insecure rpath in libflash-mozplugin] - libflash 0.4.13-9 (low; bug #399508) [etch] - libflash (Not exploitable through directory writable by an unprivileged user) CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Port ...) NOT-FOR-US: Oracle CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vis ...) NOT-FOR-US: Microsoft CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ca ...) NOT-FOR-US: Carsen Klock TextSend CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...) NOT-FOR-US: E-Uploader CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...) - zabbix 1:1.1.2-4 (medium; bug #391388) CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...) - zabbix 1:1.1.2-4 (medium; bug #391388) CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopp ...) NOT-FOR-US: Valdersoft Shopping Cart CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4. ...) - typo3-src 4.0.2+debian-2 (high; bug #403906) NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9 CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...) NOT-FOR-US: Paristemi CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edit ...) NOT-FOR-US: Web Automated Perl Portal (WebAPP) CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...) NOT-FOR-US: Web Automated Perl Portal (WebAPP) CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...) NOT-FOR-US: Carsen Klock TextSend CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allow ...) - chetcpasswd (medium) CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...) - chetcpasswd (medium) CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates us ...) - chetcpasswd (medium) CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...) - chetcpasswd (medium) CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for clie ...) - chetcpasswd (medium) CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need f ...) - chetcpasswd (low) CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...) - chetcpasswd (medium) CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...) {DSA-1251-1} - netrik 1.15.3-1.1 (medium; bug #404233) CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 An ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...) NOT-FOR-US: Novell CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...) NOT-FOR-US: Ozeki HTTP-SMS Gateway CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: WinFtp Server CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...) NOT-FOR-US: Download Portal CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download Porta ...) NOT-FOR-US: Download Portal CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown i ...) NOT-FOR-US: Nortel CallPilot CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in WebC ...) {DSA-1279-1} - webcalendar 1.0.5-2 (low; bug #404234) CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...) NOT-FOR-US: VerliAdmin CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier a ...) NOT-FOR-US: VerliAdmin CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...) NOT-FOR-US: VerliAdmin CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...) NOT-FOR-US: DeepBurner CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and 20 ...) NOT-FOR-US: Aleph One CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and 2006-12-1 ...) NOT-FOR-US: Aleph One CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on SUS ...) NOT-FOR-US: Linux User Management (novell-lum) CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ear ...) NOT-FOR-US: PHP-Update CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Ko ...) - kdelibs (at least it is fixed in 4:3.5.5a.dfsg.1-5) NOTE: is DoS only, anyway CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...) NOT-FOR-US: Microsoft CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: Inktomi CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD 3 ...) NOT-FOR-US: NetBSD CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...) NOT-FOR-US: NetBSD CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD 3. ...) NOT-FOR-US: NetBSD CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...) NOT-FOR-US: NetBSD CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...) NOT-FOR-US: NetBSD CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in NetBSD- ...) NOT-FOR-US: NetBSD CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3 ...) NOT-FOR-US: Intel CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...) NOT-FOR-US: mxBB CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...) NOT-FOR-US: HyperVM CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in planetluc.c ...) NOT-FOR-US: RateMe CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4. ...) NOT-FOR-US: MySite for Drupal CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Proj ...) NOT-FOR-US: Drupal Project Issue Tracking CVE-2006-6645 (PHP remote file inclusion vulnerability in language/lang_english/lang_ ...) NOT-FOR-US: Web Links module for mxBB CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...) NOT-FOR-US: Meeting module for mxBB CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...) NOT-FOR-US: Fightersoft Multimedia Star FTP server CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 a ...) NOT-FOR-US: Sistemi CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance v ...) NOT-FOR-US: CA CleverPath Portal CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCa ...) NOT-FOR-US: SiteCatalyst CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...) - chetcpasswd (medium) CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...) NOT-FOR-US: IBM CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere App ...) NOT-FOR-US: IBM CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in J ...) NOT-FOR-US: JumbaCMS CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ( ...) NOT-FOR-US: ExtCalThai for Mambo CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php i ...) NOT-FOR-US: YapBB CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 an ...) NOT-FOR-US: Genepi CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php i ...) NOT-FOR-US: osprey CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey 1 ...) NOT-FOR-US: osprey CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Langua ...) NOT-FOR-US: WeBWorK CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remo ...) - openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105) NOTE: No code injection possible, just a crash CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in BitDe ...) NOT-FOR-US: BitDefender CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component o ...) - moodle 1.6-1 NOTE: Does not affect moodle 1.6 according to SecurityFocus. CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in M ...) - moodle 1.6.3-2 (low) NOTE: "SC#341 fixed initilaization of navtail variable" NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...) NOT-FOR-US: Sambar CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment Bl ...) NOT-FOR-US: Sygate CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Pro ...) NOT-FOR-US: Soft4Ever Look 'n' Stop CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environme ...) NOT-FOR-US: Filseclab Personal Firewall CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Bl ...) NOT-FOR-US: Comodo Personal Firewall CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...) NOT-FOR-US: AVG Anti-Virus plus Firewall CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (P ...) NOT-FOR-US: AntiHook 3.0.0.23 - Desktop CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 al ...) NOT-FOR-US: Microsoft CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...) NOT-FOR-US: w00t Gallery CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...) NOT-FOR-US: Activity Games module for mxBB CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) 2.10 ...) - fai 3.1.3 (low; bug #402644) [sarge] - fai (Minor issue, only in rare configs and use cases) CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Be ...) NOT-FOR-US: phpAlbum CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0 ...) NOT-FOR-US: PhpMyCms CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman 0.0 ...) NOT-FOR-US: Barman CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote at ...) - nexuiz 2.2.1-1 (low) NOTE: Only game console command execution possible, not shell commands CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of servi ...) - nexuiz 2.2.1-1 CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP Integr ...) NOT-FOR-US: HP CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for IB ...) NOT-FOR-US: IBM CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6. ...) NOT-FOR-US: jclarens CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...) NOT-FOR-US: MailEnable CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in TorrentFlu ...) - torrentflux 2.1-7 (medium; bug #400582) CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...) NOT-FOR-US: YMMAPI.YMailAttach CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows X ...) NOT-FOR-US: Windows CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows ...) NOT-FOR-US: Microsoft CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2 ...) - torrentflux 2.1-7 (medium; bug #400582) CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users t ...) - torrentflux 2.1-7 (medium; bug #400582) CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux be ...) - torrentflux 2.1-6 CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows user-assist ...) NOT-FOR-US: HyperAccess CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute arbit ...) NOT-FOR-US: HyperAccess CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 ...) NOT-FOR-US: ScriptMate User Manager CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ScriptMat ...) NOT-FOR-US: ScriptMate User Manager CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZ ...) NOT-FOR-US: AMAZONIA MOD for phpBB CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...) NOT-FOR-US: Bloq CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in E ...) NOT-FOR-US: EXlor CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR Membe ...) NOT-FOR-US: AR Memberscript CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ecommerce/control/keywords ...) NOT-FOR-US: Apache Open For BusinessProject (OFBiz) CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...) NOT-FOR-US: Apache Open For BusinessProject (OFBiz) CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation i ...) NOT-FOR-US: Apache Open For BusinessProject (OFBiz) CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBl ...) NOT-FOR-US: Vortex Blog CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly popula ...) - iceweasel 2.0.0.1+dfsg-1 - firefox 45.0-1 - firefox-esr 45.0esr-1 CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow re ...) NOT-FOR-US: italkplus (Italk+) CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to obta ...) NOT-FOR-US: ScriptMate User Manager CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...) NOT-FOR-US: ScriptMate User Manager CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in Ver ...) NOT-FOR-US: PHP_Debug CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is permi ...) NOT-FOR-US: ProNews CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_RE ...) NOT-FOR-US: Microsoft CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Mac ...) NOT-FOR-US: Microsoft CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ( ...) NOT-FOR-US: Neocrome Land Down Under CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allo ...) NOT-FOR-US: Golden FTP Server CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Y ...) NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap) CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for I ...) {DSA-1467-1} - mantis 1.0.6+dfsg-3 (bug #402802) [sarge] - mantis 0.19.2-5sarge5 CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response] - gaim 1:2.0.0+beta5-9 (low) [sarge] - gaim (minor issue) CVE-2006-XXXX [dsniff urlsnarf missing output sanitization] - dsniff 2.4b1+debian-16 (unimportant; bug #400624) NOTE: While older terminals were vulnerable to some attacks involving terminal NOTE: sequences, the lack of shell escaping is not a vulnerability in dsniff CVE-2006-XXXX [archivemail insecure temporary file issues] - archivemail 0.6.2-2 [sarge] - archivemail (minor issue) CVE-2006-XXXX [pythonpaste web root esacpe] - paste 1.0.1-1 NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php)] - moodle 1.6.3-2 CVE-2006-XXXX [znc file access security hole] - znc 0.045-3 (bug #403141; medium) CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Editio ...) NOT-FOR-US: Citrix CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) Opti ...) NOT-FOR-US: Citrix CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in Gen ...) NOT-FOR-US: GenesisTrader CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...) NOT-FOR-US: GenesisTrader CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source c ...) NOT-FOR-US: GenesisTrader CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...) NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php i ...) NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB CVE-2006-6566 (PHP remote file inclusion vulnerability in includes/profilcp_constants ...) NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a deni ...) NOT-FOR-US: FileZilla Server CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a deni ...) NOT-FOR-US: FileZilla Server CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in c ...) - proftpd-dfsg 1.3.0-17 (medium) [sarge] - proftpd (Vulnerable code not activated in binary build) CVE-2006-6562 RESERVED CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewe ...) NOT-FOR-US: Microsoft CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...) NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request F ...) NOT-FOR-US: Lotfian Request For Travel CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...) NOT-FOR-US: Crob FTP Server CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unkn ...) NOT-FOR-US: Skulls! CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...) NOT-FOR-US: EyeOS CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...) NOT-FOR-US: EasyFill CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remo ...) NOT-FOR-US: Kerio MailServer CVE-2006-6553 (PHP remote file inclusion vulnerability in includes/newssuite_constant ...) NOT-FOR-US: NewsSuite 1.03 module for mxBB CVE-2006-6552 (PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharin ...) NOT-FOR-US: BLOG:CMS CVE-2006-6551 (PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/ ...) NOT-FOR-US: Tucows Client Code Suite (CCS) CVE-2006-6550 NOT-FOR-US: Phorum CVE-2006-6549 NOT-FOR-US: Rad Upload CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) NOT-FOR-US: cPanel WebHost Manager CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod P ...) NOT-FOR-US: Winamp CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in cutene ...) NOT-FOR-US: cutenews CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...) NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote at ...) NOT-FOR-US: CM68 News CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect Sp ...) NOT-FOR-US: AppIntellect SpotLight CRM CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ea ...) NOT-FOR-US: Fantastic News CVE-2006-6541 NOT-FOR-US: Animated Smiley Generator CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before 1. ...) NOT-FOR-US: Bluetrait CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ea ...) NOT-FOR-US: Winamp Web Interface CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...) NOT-FOR-US: D-LINK CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allo ...) NOT-FOR-US: IBM CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Fr ...) NOT-FOR-US: Cilem Haber Free Edition CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before callin ...) {DSA-1304} - linux-2.6 (Fixed before upload into the archive; 2.6.10) CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a ...) NOT-FOR-US: osCommerce CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...) NOT-FOR-US: osCommerce CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1 ...) NOT-FOR-US: Vt-Forum Lite CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...) NOT-FOR-US: Help Tip module for Drupal CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 fo ...) NOT-FOR-US: Help Tip module for Drupal CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private mess ...) NOT-FOR-US: Chatroom Module for Drupal CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom v ...) NOT-FOR-US: Chatroom Module for Drupal CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar 0316200 ...) NOT-FOR-US: Gizzar CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar 0316200 ...) NOT-FOR-US: Gizzar CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 an ...) NOT-FOR-US: EzHRS HR Assist CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 an ...) NOT-FOR-US: EzHRS HR Assist CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTra ...) NOT-FOR-US: BoxTrapper in cPanel CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale T ...) NOT-FOR-US: WikiTimeScale TwoZero CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...) NOT-FOR-US: Messageriescripthp CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in Messageriescrip ...) NOT-FOR-US: Messageriescripthp CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows rem ...) NOT-FOR-US: ProNews CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 all ...) NOT-FOR-US: ProNews CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...) NOT-FOR-US: KDPics CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...) NOT-FOR-US: KDPics CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_thresh ...) - mantis 1.0.6+dfsg-1 (unimportant) NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163 NOTE: Not a security bug, only a very annoying feature. CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient co ...) NOT-FOR-US: Winamp Web Interface (Wawi) CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface (Waw ...) NOT-FOR-US: Winamp Web Interface (Wawi) CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...) NOT-FOR-US: Winamp Web Interface (Wawi) CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...) NOT-FOR-US: dadaIMC CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is installe ...) NOT-FOR-US: SiteKiosk CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in Si ...) NOT-FOR-US: SiteKiosk CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...) {DSA-1488-1} NOTE: This is covered/duped by CVE-2006-6841 - phpbb2 2.0.21-6 CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass C ...) NOTE: MFSA-2006-76 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner (maintainer reported) - iceape (maintainer reported) CVE-2006-6506 (The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...) NOTE: MFSA-2006-75 - iceweasel 2.0.0.1+dfsg-1 (low) - iceape (maintainer reported) CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5 ...) {DSA-1265-1} NOTE: MFSA-2006-74 [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) - icedove 1.5.0.9.dfsg1-1 (high) - iceape 1.0.7-1 (high) - mozilla CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonke ...) NOTE: MFSA-2006-73 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) NOTE: Flaw was introduced in Firefox 1.5.0.4 - icedove 1.5.0.9.dfsg1-1 (high) CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...) {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-72 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - mozilla (high) - mozilla-firefox (high) - mozilla-thunderbird (high) - icedove 1.5.0.9.dfsg1-1 (high) CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for Mozill ...) {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-71 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - mozilla (high) - mozilla-firefox (high) - mozilla-thunderbird (unimportant) - icedove 1.5.0.9.dfsg1-1 (unimportant) NOTE: Not exploitable in standard Icedove configuration CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-70 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - mozilla (high) - mozilla-firefox (high) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5. ...) NOTE: MFSA-2006-69 - iceweasel (windows only) - xulrunner (Windows only) - iceape (windows only) - firefox (windows only) - mozilla (windows only) - mozilla-firefox (windows only) - mozilla-thunderbird (windows only) - icedove (windows only) CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...) {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - mozilla (high) - mozilla-firefox (high) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv NOTE: user? I don't think so CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for Mozi ...) {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - mozilla (high) - mozilla-firefox (high) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...) {DSA-1265-1 DSA-1258-1 DSA-1253-1} NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (medium) - xulrunner 1.8.0.9-1 (medium) - iceape 1.0.7-1 (medium) - firefox 45.0-1 (medium) - firefox-esr 45.0esr-1 (medium) - mozilla (medium) - mozilla-firefox (medium) - mozilla-thunderbird (low) - icedove 1.5.0.9.dfsg1-1 (low) CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 200 ...) NOT-FOR-US: CA Anti-Virus CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 all ...) NOT-FOR-US: Solaris CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...) NOT-FOR-US: Solaris CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerbe ...) - openldap2.3 (kerberos support not enabled) - openldap2 (kerberos support not enabled) CVE-2006-6492 REJECTED CVE-2006-6491 REJECTED CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.d ...) NOT-FOR-US: SupportSoft ActiveX CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-E ...) NOT-FOR-US: SISCO OSI stack CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrap ...) NOT-FOR-US: ICONICS CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...) NOT-FOR-US: DT Guestbook CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to exe ...) NOT-FOR-US: EasyPage CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 an ...) NOT-FOR-US: ShopSite CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition 2. ...) NOT-FOR-US: MailEnable CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tag ...) NOT-FOR-US: ColdFusion CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: ColdFusion CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a deni ...) {DSA-1238-1} - clamav 0.88.7-1 (low; bug #401874) CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remo ...) NOT-FOR-US: AnnonceScriptHP CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...) NOT-FOR-US: AnnonceScriptHP CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow re ...) NOT-FOR-US: AnnonceScriptHP CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) NOT-FOR-US: Mandiant First Response (MFR) CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) NOT-FOR-US: Mandiant First Response (MFR) CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...) NOT-FOR-US: Mandiant First Response (MFR) CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux 4510 ...) NOT-FOR-US: McAfee CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentr ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.0 ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03 ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in Wi ...) NOT-FOR-US: WikyBlog CVE-2006-6465 NOT-FOR-US: WikyBlog CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) fi ...) NOT-FOR-US: Midicart CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart al ...) NOT-FOR-US: Midicart CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in C ...) NOT-FOR-US: CM68 News CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attacke ...) NOT-FOR-US: Yourfreeworld Stylish Text Ads Script CVE-2006-6460 (Yourfreeworld.com Short Url & Url Tracker Script allows remote att ...) NOT-FOR-US: Yourfreeworld.com Short Url Script CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Topli ...) NOT-FOR-US: Toplist for phpBB CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...) NOT-FOR-US: Trend Micro (Windows) CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other version ...) - tikiwiki (bug #404472) NOTE: Might be a mis-report, check with upstream CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and W ...) NOT-FOR-US: Microsoft Word CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...) NOT-FOR-US: DUware CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...) NOT-FOR-US: J-OWAMP Web Interface CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OW ...) NOT-FOR-US: J-OWAMP Web Interface CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...) NOT-FOR-US: RunCMS CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8. ...) NOT-FOR-US: Plesk CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...) NOT-FOR-US: Novell ZENworks Patch Management CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the we ...) NOT-FOR-US: Vt-Forum Lite CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlie ...) NOT-FOR-US: Vt-Forum CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1 ...) NOT-FOR-US: Vt-Forum Lite CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...) NOT-FOR-US: iWare Professional CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...) NOT-FOR-US: Envolution CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and p ...) NOT-FOR-US: Nostra DivX Player CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...) NOT-FOR-US: Novell Distributed Print Services CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the CDDBC ...) NOT-FOR-US: America Online CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentr ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox WorkCentr ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox Work ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro befor ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.0 ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 1 ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...) NOT-FOR-US: ThinkEdit CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMa ...) NOT-FOR-US: Novell NetMail CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow re ...) NOT-FOR-US: Novell NetMail CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable Profess ...) NOT-FOR-US: MailEnable CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ce ...) NOT-FOR-US: AgileBill AgileVoice CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box im ...) - phpbb2 2.0.21-6 (medium) [sarge] - phpbb2 CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...) NOT-FOR-US: Joomla Content Editor (JCE) CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Edito ...) NOT-FOR-US: Joomla Content Editor (JCE) CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...) NOT-FOR-US: HP Tru64 UNIX CVE-2006-6417 (PHP remote file inclusion vulnerability in inc/CONTROL/import/import-m ...) - b2evolution (vulnerable code added later) CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univ ...) NOT-FOR-US: PhpLeague CVE-2006-6415 NOT-FOR-US: phpAdsNew CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...) NOT-FOR-US: dol storye CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earl ...) NOT-FOR-US: Amateras sns CVE-2006-6412 RESERVED CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows r ...) NOT-FOR-US: Linksys CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local use ...) NOT-FOR-US: VMWare CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...) NOT-FOR-US: F-Secure CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attac ...) NOT-FOR-US: Kaspersky CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attack ...) NOT-FOR-US: F-Prot CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...) {DSA-1238-1} - clamav 0.88.7-1 (medium; bug #401873) CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to byp ...) NOT-FOR-US: BitDefender CVE-2006-6404 (INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows rem ...) NOT-FOR-US: Innovation Data Processing's FDR Backup CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ob ...) NOT-FOR-US: MyStats CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlie ...) NOT-FOR-US: MyStats CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...) NOT-FOR-US: MyStats CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...) NOT-FOR-US: JustSystems CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 all ...) NOT-FOR-US: Superfreaker Studios UPublisher CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios UPublis ...) NOT-FOR-US: Superfreaker Studios UPublisher CVE-2006-6397 NOTE: not a vuln CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibl ...) NOT-FOR-US: BlazeVideo HDTV Player CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...) NOT-FOR-US: Ulrik Petersen Emdros Database Engine CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas Gauff ...) NOT-FOR-US: Jonas Gauffin Publicera CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1. ...) NOT-FOR-US: Jonas Gauffin Publicera CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...) NOT-FOR-US: plxWebDev CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution Quick.Ca ...) NOT-FOR-US: Open Solution Quick.Cart CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution Quick.Ca ...) NOT-FOR-US: Open Solution Quick.Cart CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile all ...) NOT-FOR-US: ac4p Mobile CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LI ...) NOT-FOR-US: LINK Content Management Server CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management Serv ...) NOT-FOR-US: LINK Content Management Server CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...) NOT-FOR-US: CVS management/tracker (drupal plugin) CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before 2006120 ...) NOT-FOR-US: abitwhizzy.php CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ...) - php5 (unimportant) - php4 (unimportant) NOTE: safe-mode and basedir violations not treated as security issues CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 crea ...) NOT-FOR-US: Positive Software H-Sphere CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...) NOT-FOR-US: Ultimate HelpDesk CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate Help ...) NOT-FOR-US: Ultimate HelpDesk CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...) NOT-FOR-US: BrightStor Backup Discovery Service CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with insuffic ...) NOT-FOR-US: BTSaveMySql CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...) NOT-FOR-US: Uploadscript CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...) NOT-FOR-US: Simple File Manager CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple Mach ...) NOT-FOR-US: Simple machines Forum CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) - phpmyadmin (low; bug #404744) [sarge] - phpmyadmin (doesn't use sessions at all) [etch] - phpmyadmin (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ NOTE: https://www.phpmyadmin.net/security/PMASA-2007-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c9d93f63940fe960d3b6341d8bfb7b707c87e744 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...) - phpmyadmin 4:2.9.1.1-1 (unimportant) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/98575f4e563c9323df597e2a9783e637b00b87e9 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/416285c4930ed24504edf58774384db4ffec1f86 NOTE: The commits are both the same but they seem to be cherry-picks one of the other at some point NOTE: https://www.phpmyadmin.net/security/PMASA-2006-8/ NOTE: path is known in Debian anyway CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) NOT-FOR-US: JAB Guest Book CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Gue ...) NOT-FOR-US: JAB Guest Book CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in Invis ...) NOT-FOR-US: Invision Gallery CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision C ...) NOT-FOR-US: Invision Community Blog Mod CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10G ...) NOT-FOR-US: Affects only Windows despite other claims CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...) NOT-FOR-US: awrate CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownl ...) NOT-FOR-US: Duware CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in includes/elements/spellche ...) NOT-FOR-US: Cerberus Helpdesk CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...) NOT-FOR-US: Duware CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside System ...) NOT-FOR-US: Inside Systems Mail (ISMail) CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Sec ...) NOT-FOR-US: BlueSocket Secure Controller CVE-2006-6362 REJECTED CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file func ...) NOT-FOR-US: Bitflux Upload Progress Mete CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...) NOT-FOR-US: PHP Upload Center CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookma ...) NOT-FOR-US: Stefan Frech online-bookmarks CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in Stefa ...) NOT-FOR-US: Stefan Frech online-bookmarks CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...) NOT-FOR-US: PHPNews CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in templates/link_ ...) NOT-FOR-US: PHPNews CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate allow ...) NOT-FOR-US: DuWare CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...) NOT-FOR-US: DuWare CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X a ...) NOT-FOR-US: Mac OS X CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remo ...) NOT-FOR-US: F-Prot Antivirus CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with insuffic ...) NOT-FOR-US: KhaledMuratList CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...) NOT-FOR-US: listpics 5 CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The Classif ...) NOT-FOR-US: PWP Technologies The Classified Ad System CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 a ...) NOT-FOR-US: mowdBB CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote au ...) NOT-FOR-US: TFT-Gallery CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...) NOT-FOR-US: SAP CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service (IG ...) NOT-FOR-US: SAP CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earl ...) NOT-FOR-US: Neocrome Seditio CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...) NOT-FOR-US: Neocrome Seditio CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Frase ...) NOT-FOR-US: KLF-DESIGN CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3. ...) NOT-FOR-US: mg.applanix CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ser ...) NOT-FOR-US: nVIDIA nView CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ( ...) NOT-FOR-US: deV!L`z Clanportal CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...) NOT-FOR-US: deV!L`z Clanportal CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogan ...) NOT-FOR-US: Aspee Ziyaretci Defteri CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...) NOT-FOR-US: Eudora WorldMail CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...) NOT-FOR-US: Sophos Anti-Virus CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.oc ...) NOT-FOR-US: Citrix Presentation Server Client CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wron ...) - linux-2.6 2.6.20-1 [etch] - linux-2.6 (Only affects 2.6.19, introduced after 2.6.18) CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWif ...) - madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111) [etch] - madwifi (Non-free not supported) CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...) - torrentflux 2.1-7 (bug #400582; medium) CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to execut ...) - torrentflux 2.1-6 (bug #399169; medium) CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...) - torrentflux 2.1-6 (bug #399169) CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 all ...) - torrentflux 2.1-5 (bug #395930; medium) NOTE: duplicate of CVE-2006-5609 CVE-2006-6327 RESERVED CVE-2006-6326 RESERVED CVE-2006-6325 RESERVED CVE-2006-6324 RESERVED CVE-2006-6323 RESERVED CVE-2006-6322 RESERVED CVE-2006-6321 RESERVED CVE-2006-6320 RESERVED CVE-2006-6319 RESERVED CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier allow ...) {DSA-1242-1} - elog 2.6.2+r1754-1 CVE-2006-6317 RESERVED CVE-2006-6316 RESERVED CVE-2006-6315 RESERVED CVE-2006-6314 RESERVED CVE-2006-6313 RESERVED CVE-2006-6312 RESERVED CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to c ...) NOT-FOR-US: Microsoft CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...) NOT-FOR-US: Tivoli CVE-2006-6308 NOT-FOR-US: Symantec LiveState CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...) NOT-FOR-US: Novell Netware CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...) NOT-FOR-US: Novell Netware CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configu ...) - net-snmp (Only affects version 5.3.0) CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...) - linux-2.6 (Only affects plain 2.6.19) CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...) NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ - ruby1.8 1.8.5-4 (low) CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remo ...) NOT-FOR-US: CuteNews CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM ...) NOT-FOR-US: Novell ZENworks CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yone ...) NOT-FOR-US: Metyus Okul Yonetim Sistemi CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...) - kdegraphics (unimportant) NOTE: Generic bug, treating it as a security problem is quite a stretch CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) serv ...) NOT-FOR-US: Microsoft CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in t ...) NOT-FOR-US: MxBB Portal CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot Antiviru ...) NOT-FOR-US: F-Prot Antivirus CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4 ...) NOT-FOR-US: F-Prot Antivirus CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, ...) NOT-FOR-US: Apple Airport CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professi ...) NOT-FOR-US: MailEnable Professional CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...) NOT-FOR-US: MailEnable CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variabl ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier al ...) NOT-FOR-US: Niek Albers CoolPlayer CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...) NOT-FOR-US: AtomixMP3 CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...) NOT-FOR-US: Palm Desktop CVE-2006-6285 NOT-FOR-US: Kai Blankenhorn Bitfolge CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 al ...) NOT-FOR-US: Vikingboard CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...) NOT-FOR-US: Vikingboard CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...) NOT-FOR-US: Vikingboard CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in dicshun ...) NOT-FOR-US: dicshunary CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulleti ...) NOT-FOR-US: Oxygen (O2PHP Bulletin Board) CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain se ...) NOT-FOR-US: @lex Guestbook CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex Guestboo ...) NOT-FOR-US: @lex Guestbook CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ContentSe ...) NOT-FOR-US: ContentServ CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server b ...) NOT-FOR-US: Sun Java System Proxy Server CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) NOT-FOR-US: Solaris CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...) NOT-FOR-US: Expinion.net iNews CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, whi ...) - fail2ban (looks fixed in 0.6, see #401793) CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows rem ...) - denyhosts 2.6-1 (medium; bug #401795) CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obta ...) NOT-FOR-US: Simple PHP Gallery CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...) NOT-FOR-US: Simple PHP Gallery CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 all ...) NOT-FOR-US: PHPOLL CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote attac ...) NOT-FOR-US: ASPMForum CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...) NOT-FOR-US: Infinitytechs Restaurants CM CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...) NOT-FOR-US: Neocrome Land Down Under CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...) NOT-FOR-US: PostNuke CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...) NOTE: It seems that no significant packet amplification takes place. NOTE: Probably harmless. CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote att ...) NOTE: Potential firewall bypass is inherent to tunneling software. NOTE: Not a bug. CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source Tere ...) NOTE: Potential firewall bypass is inherent to tunneling software. NOTE: Not a bug. CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing he ...) NOTE: Potential firewall bypass is inherent to tunneling software. NOTE: Not a bug. CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Kl ...) NOT-FOR-US: PHPJunkYard MBoard CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...) NOT-FOR-US: Quintessential Player CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema Integra ...) NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP) CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) class/functions.ph ...) NOT-FOR-US: AlternC CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQ ...) NOT-FOR-US: AlternC CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are enabl ...) NOT-FOR-US: AlternC CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in admin/ ...) NOT-FOR-US: AlternC CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI 0 ...) NOT-FOR-US: NukeAI CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote at ...) NOT-FOR-US: Cahier de texte CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, p ...) NOT-FOR-US: Cahier de texte CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual emotico ...) NOT-FOR-US: Microsoft Windows Live Messenger CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...) NOT-FOR-US: VUPlayer CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier a ...) NOT-FOR-US: Songbird Media Player CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earli ...) NOT-FOR-US: Chama Cargo CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: GPhotos CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1 ...) NOT-FOR-US: UPhotoGallery CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ownershi ...) NOT-FOR-US: Photo Organizer CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b a ...) NOT-FOR-US: Photo Organizer CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) befor ...) NOT-FOR-US: Coalescent Systems freePBX CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...) NOT-FOR-US: FipsSHOP CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...) - serendipity 1.0.4-1 (unimportant; bug #401614) NOTE: Only exploitable with register_globals CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...) NOT-FOR-US: Sorin Chitu Telnet-FTP Server CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...) NOT-FOR-US: Sorin Chitu Telnet-FTP Server CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2. ...) NOT-FOR-US: MailEnable NetWebAdmin CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify th ...) NOT-FOR-US: Apple Safari CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in thread.ph ...) NOT-FOR-US: Woltlab Burning Board Lite CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote at ...) NOT-FOR-US: Acrobat Reader CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...) {DSA-1231-1} - gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914) - gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913) CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in PHP-Nu ...) NOT-FOR-US: PHP-Nuke CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown versio ...) NOT-FOR-US: PostNuke CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in DreamAcc ...) NOT-FOR-US: DreamAccount CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive inf ...) NOT-FOR-US: VuBB CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote at ...) NOT-FOR-US: VuBB CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs fai ...) NOT-FOR-US: Codewalkers ltwCalendar CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (a ...) NOT-FOR-US: Codewalkers ltwCalendar CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...) NOT-FOR-US: NeoEngine CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...) NOT-FOR-US: NeoEngine CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allo ...) NOT-FOR-US: GeekLog CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...) NOT-FOR-US: Puntal CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance an ...) NOT-FOR-US: Google Search Appliance CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...) NOT-FOR-US: Symantec Veritas NetBackup CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote a ...) NOT-FOR-US: 2X ThinClientServer Enterprise Edition CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes Com ...) NOT-FOR-US: Recipes Complete Website CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in de ...) NOT-FOR-US: dev4u CMS CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...) NOT-FOR-US: dev4u CMS CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...) NOT-FOR-US: Mermaid module for PHP-NUKE CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hac ...) NOT-FOR-US: Nivisec Hacks List CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...) NOT-FOR-US: Wallpaper Complete Website CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wal ...) NOT-FOR-US: Wallpaper Complete Website CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical v ...) NOT-FOR-US: PEGames CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News (si ...) NOT-FOR-US: Site News CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...) NOT-FOR-US: BirdBlog CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...) NOT-FOR-US: ASP ListPics CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart a ...) NOT-FOR-US: MidiCart ASP Shopping Cart CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds all ...) NOT-FOR-US: Enthreallweb eClassifieds CVE-2006-6207 NOT-FOR-US: Evolve Merchant CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping C ...) NOT-FOR-US: WarHound General Shopping Cart CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in E ...) NOT-FOR-US: Enthrallweb eHomes CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow rem ...) NOT-FOR-US: Enthrallweb eHomes CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...) NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...) NOT-FOR-US: PHP-Nuke CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...) NOT-FOR-US: Borland idsql32.dll CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...) NOT-FOR-US: PHP-Nuke CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Profes ...) NOT-FOR-US: BlazeVideo BlazeDVD CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) NOT-FOR-US: cPanel CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8 ...) - b2evolution (0.9 releases not vulnerable) CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: Fixit iDMS Pro Image Gallery CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...) NOT-FOR-US: Fixit iDMS Pro Image Gallery CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...) NOT-FOR-US: Ultimate Survey Pro CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...) NOT-FOR-US: BasicForum CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3. ...) NOT-FOR-US: 8pixel.net SimpleBlog CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...) NOT-FOR-US: 8pixel.net SimpleBlog CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (a ...) NOT-FOR-US: Anna^ IRC Bot CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...) NOT-FOR-US: ClickTech Click Blog CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTe ...) NOT-FOR-US: ClickTech Click Gallery CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery allo ...) NOT-FOR-US: ClickTech Click Gallery CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow remo ...) NOT-FOR-US: enomphp CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...) NOT-FOR-US: Wabbit PHP Gallery CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (A ...) NOT-FOR-US: Allied Telesyn TFTP Server CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and pos ...) NOT-FOR-US: 3Com 3CTftpSvc CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop store ...) NOT-FOR-US: Gabriele Teotino GNotebook CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech Cli ...) NOT-FOR-US: ClickTech ClickContact CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.n ...) NOT-FOR-US: iNews Publisher CVE-2006-6179 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstal ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2006-XXXX [libxslt segfault / DoS] - libxslt 1.1.19-1 (low) [sarge] - libxslt (vulnerability added later) CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...) NOT-FOR-US: Neocrome Seditio CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...) NOT-FOR-US: Blogn CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...) - kronolith2 2.1.4-1 (bug #400899; bug #401061) - kronolith (Vulnerable code not present) CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2. ...) - tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650) CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in vm/vm ...) NOT-FOR-US: Mac OS X CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP strea ...) {DSA-1244-1} - xine-lib 1.1.2+dfsg-2 (medium; bug #401740) - mplayer 1.0~rc1-11 (medium) CVE-2006-6171 {DSA-1218} - proftpd-dfsg 1.3.0-13 (low; bug #399070) CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...) {DSA-1222-1} - proftpd-dfsg 1.3.0-16 (medium; bug #400793) CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...) - tikiwiki 1.9.7+dfsg-1 (low) CVE-2006-6167 NOT-FOR-US: Active PHP Bookmarks CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin C ...) NOT-FOR-US: Joomla Content Editor (JCE) for Joomla! CVE-2006-6165 NOTE: non-issue CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...) NOT-FOR-US: OpenBSD CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in Tik ...) - tikiwiki 1.9.7+dfsg-1 (low) CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php i ...) - tikiwiki 1.9.7+dfsg-1 (low) CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) NOT-FOR-US: Doug Luxem Liberum Help Desk CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...) NOT-FOR-US: Doug Luxem Liberum Help Desk CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php i ...) NOT-FOR-US: DeskPRO CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help D ...) NOT-FOR-US: PMOS Help Desk CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and earlie ...) NOT-FOR-US: ContentNow CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX S ...) NOT-FOR-US: HIOX Star Rating System Script (HSRS) CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star R ...) NOT-FOR-US: HIOX Star Rating System Script (HSRS) CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star Ra ...) NOT-FOR-US: HIOX Star Rating System Script (HSRS) CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Class ...) NOT-FOR-US: vSpin.net CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...) NOT-FOR-US: vSpin.net CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie Lo ...) NOT-FOR-US: Messagerie Locale CVE-2006-6150 (PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.ph ...) NOT-FOR-US: OWLLib CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allo ...) NOT-FOR-US: JiRos FAQ Manager CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...) NOT-FOR-US: JiRos FAQ Manager CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow re ...) NOT-FOR-US: JiRos Links Manager CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator ...) NOT-FOR-US: libharu CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plai ...) NOT-FOR-US: CRYPTOCard CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for Kerber ...) - krb5 (Only 1.5 onwards are vulnerable) CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1 ...) - krb5 1.4.4-6 (high) [sarge] - krb5 CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...) {DSA-1241-1} - squirrelmail 2:1.4.9a-1 CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a den ...) NOT-FOR-US: Tftpd32 CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...) NOT-FOR-US: Sisfo Kampus CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...) NOT-FOR-US: Sisfo Kampus CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 ...) NOT-FOR-US: Sisfo Kampus CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...) NOT-FOR-US: Sisfo Kampus CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) doe ...) NOT-FOR-US: IBM WebSphere CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM WebSphere CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE ...) NOT-FOR-US: Windows Media CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for Micro ...) NOT-FOR-US: Business Objects Crystal Reports CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow rem ...) NOT-FOR-US: Link Exchange Lite CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWeb ...) NOT-FOR-US: Kerio WebSTAR CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of servi ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in openfil ...) {DSA-1231-1} - gnupg 1.4.5-3 (medium; bug #401765) - gnupg2 2.0.0-5.1 (medium; bug #400777) CVE-2006-XXXX [smb4k security issue] - smb4k 0.7.5-1 [sarge] - smb4k (Vulnerable code not present) CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows loca ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...) - linux (Kernel rejects the malformed filesystem) - linux-2.6 [squeeze] - linux-2.6 (Kernel rejects the malformed filesystem) NOTE: It's not obvious when or how this was fixed CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1 ...) NOT-FOR-US: NetGear CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server ...) NOT-FOR-US: SeleniumServer Web Server CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ena ...) NOT-FOR-US: Coppermine Photo Gallery (CPG) CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact ...) - tin 1:1.8.2-1 CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...) NOT-FOR-US: Acer CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft PowerPo ...) - koffice 1:1.6.1-1 (bug #401230; medium) CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: mmgallery CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1. ...) NOT-FOR-US: mmgallery CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earli ...) NOT-FOR-US: fipsGallery CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and earli ...) NOT-FOR-US: fipsForum CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier al ...) NOT-FOR-US: fipsCMS CVE-2006-6114 REJECTED CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Monkey Boards CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of t ...) NOT-FOR-US: LifeType CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 all ...) NOT-FOR-US: Alan Ward A-Cart Pro CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...) NOT-FOR-US: BPG-InfoTech Content Management System CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 al ...) NOT-FOR-US: CandyPress Store CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...) NOT-FOR-US: EC-CUBE CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in bus/sign ...) - dbus 1.0.2-1 (low) [sarge] - dbus (Minor issue) CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...) {DSA-1503-2 DSA-1503-1 DSA-1304} - linux-2.6 2.6.18.dfsg.1-9 CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...) - gdm 2.16.4-1 (medium; bug #403219) [sarge] - gdm (Vulnerable code not present) CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...) - mono 1.2.2.1-1 (low) CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE extensi ...) {DSA-1249-1} - xorg-server 2:1.1.1-15 CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE exten ...) {DSA-1249-1} - xorg-server 2:1.1.1-15 CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ext ...) {DSA-1249-1} - xorg-server 2:1.1.1-15 CVE-2006-6100 REJECTED CVE-2006-6099 REJECTED CVE-2006-6098 REJECTED CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...) {DSA-1223-1} - tar 1.16-2 (high; bug #399845) CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in A ...) NOT-FOR-US: ActiveNews Manage CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow rem ...) NOT-FOR-US: ActiveNews Manage CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow rem ...) NOT-FOR-US: ActiveNews Manage CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php i ...) NOT-FOR-US: PicturesPro Photo Cart CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...) NOT-FOR-US: Auto Gallery CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...) NOT-FOR-US: GrimBB CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote a ...) NOT-FOR-US: BaalAsp CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...) NOT-FOR-US: BaalAsp forum CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Ga ...) NOT-FOR-US: i-Gallery CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...) NOT-FOR-US: my little weblog CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1. ...) NOT-FOR-US: e-Ark CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions a ...) - kile 1:1.9.3-1 (low) [sarge] - kile (Minor issue) CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allo ...) NOT-FOR-US: aBitWhizzy CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...) NOT-FOR-US: CreaScripts Creadirectory CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Cre ...) NOT-FOR-US: CreaScripts Creadirectory CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php i ...) NOT-FOR-US: Telaen CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews Publ ...) NOT-FOR-US: gNews CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 al ...) NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth) CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...) NOT-FOR-US: a-ConMan CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earli ...) {DSA-1336-1} NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (high; bug #409220) - iceape 1.0.8-1 (high) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) - xulrunner 1.8.0.10-1 (medium) NOTE: Epiphany affected by xulrunner CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Compu ...) NOT-FOR-US: BrightStor CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp fo ...) NOT-FOR-US: BaalAsp forum CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart a ...) NOT-FOR-US: Enthrallweb eShopping Cart CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart a ...) NOT-FOR-US: Enthrallweb eShopping Cart CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTe ...) NOT-FOR-US: BPG-InfoTech Easy Publisher CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLog ...) - twiki 1:4.0.5-2 (bug #401303; low) CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...) NOT-FOR-US: ASP Nuke CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...) NOT-FOR-US: mAlbum CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in func ...) NOT-FOR-US: mAlbum CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Est ...) NOT-FOR-US: DataShed CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events Lis ...) NOT-FOR-US: Dragon Calendar CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in t ...) NOT-FOR-US: CalSnails Module for MxBB Portal CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...) NOT-FOR-US: Fuzzball MUCK CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allo ...) NOT-FOR-US: XMPlay CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possi ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possi ...) {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA52 ...) NOT-FOR-US: NetGear CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, includi ...) {DSA-1504-1 DSA-1436-1} - linux-2.6 2.6.22-6 NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on F ...) - linux-2.6 (Debian kernels up to 2.6.18 didn't include GFS) CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELi ...) {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G ...) NOT-FOR-US: D-Link CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users t ...) {DSA-1503-2 DSA-1503-1 DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages dep ...) NOT-FOR-US: NetEpi Case Manager CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the M ...) NOT-FOR-US: MosReporter (com_reporter) component for Joomla! CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allo ...) NOT-FOR-US: Rank'em CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 ...) NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when ...) NOT-FOR-US: Etomite CMS CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite 0.6. ...) NOT-FOR-US: Etomite CMSEtomite CMS CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 a ...) NOT-FOR-US: eggblog CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...) NOT-FOR-US: omdev One Admin CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQ ...) NOT-FOR-US: PHPQuickGallery CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver (forme ...) NOT-FOR-US: Oliver (formerly Webshare) CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...) NOT-FOR-US: phpWebThings CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...) NOT-FOR-US: WORK system e-commerce CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.p ...) NOT-FOR-US: vBulletin CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMak ...) NOT-FOR-US: MatchMaker CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pFor ...) NOT-FOR-US: Powie's PHP Forum CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Da ...) NOT-FOR-US: Travelsized CMS CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote atta ...) NOT-FOR-US: OpenHuman CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...) NOT-FOR-US: BLOG:CMS CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...) NOT-FOR-US: SitesOutlet E-commerce Kit-1 CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPB ...) NOT-FOR-US: Simple PHP Blog CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Simple PHP Blog CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet ...) NOT-FOR-US: ASPCart CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow rem ...) NOT-FOR-US: E-Calendar ProE-Calendar Pro CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allow ...) NOT-FOR-US: Property Pro CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov DoSe ...) NOT-FOR-US: DoSePa CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote at ...) NOT-FOR-US: Adobe Reader CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix Mob ...) NOT-FOR-US: Helix DNA Server CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denia ...) NOT-FOR-US: QUALCOMM Eudora WorldMail CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ve ...) NOT-FOR-US: Eudora Worldmail CVE-2006-6023 NOT-FOR-US: Bloo CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebA ...) NOT-FOR-US: BestWebApp Dating Site CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp Datin ...) NOT-FOR-US: BestWebApp Dating Site CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog Torre ...) NOT-FOR-US: Blog Torrent Preview CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in extensions/googiespell/goo ...) NOT-FOR-US: Bloo CVE-2006-6018 NOT-FOR-US: My-BIC CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a ...) - wordpress 2.0.5-0.1 CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...) - wordpress 2.0.5-0.1 CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple Ma ...) - kdebase (unimportant; bug #400121) NOTE: Browser crashes are not treated as security problems CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform bo ...) NOT-FOR-US: NetBSD CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the Fi ...) - kfreebsd-5 5.4-21 [etch] - kfreebsd-5 (no security support) CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MG ...) NOT-FOR-US: Car Site Manager CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 pa ...) NOT-FOR-US: SAP CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive informatio ...) NOT-FOR-US: SAP CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...) - sun-java5 1.5.0-08-1 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, d ...) {DSA-1217} - linux-ftpd 0.17-23 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...) NOT-FOR-US: WebEvents (Online Event Registration Template) CVE-2006-6006 REJECTED CVE-2006-6005 REJECTED CVE-2006-6004 REJECTED CVE-2006-6003 REJECTED CVE-2006-6002 REJECTED CVE-2006-6001 REJECTED CVE-2006-6000 REJECTED CVE-2006-5999 REJECTED CVE-2006-5998 REJECTED CVE-2006-5997 REJECTED CVE-2006-5996 REJECTED CVE-2006-5995 REJECTED CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...) NOT-FOR-US: Microsoft Word CVE-2006-5993 REJECTED CVE-2006-5992 REJECTED CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop all ...) NOT-FOR-US: CactuShop CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...) NOT-FOR-US: VMWare CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allo ...) {DSA-1247-1} - libapache-mod-auth-kerb 5.3-1 (low; bug #400589) CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...) NOT-FOR-US: Windows CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly 1. ...) NOT-FOR-US: ASPintranet CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not r ...) NOT-FOR-US: Extreme CMS CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in admin/options.p ...) NOT-FOR-US: Extreme CMS CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hostin ...) NOT-FOR-US: Helm Hosting Control Panel CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software D ...) NOT-FOR-US: DirectAdmin CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user passw ...) NOT-FOR-US: Selenium Server CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP Ser ...) NOT-FOR-US: Selenium Server CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ear ...) NOT-FOR-US: NetJetServer CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure p ...) NOT-FOR-US: NetJetServer CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impac ...) NOT-FOR-US: E-Xoopport CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...) NOT-FOR-US: MultiCalendars CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3. ...) NOT-FOR-US: BlogMe CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...) NOT-FOR-US: BlogMe CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message de ...) - fetchmail 6.3.6-1 (low) [sarge] - fetchmail (Vulnerable code not present) CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...) - dovecot 1.0.rc15-1 [sarge] - dovecot (Vulnerable code not present) CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability] - firefox-sage (medium; bug #399170) NOTE: Debian's version has HTML disabled CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...) NOT-FOR-US: NetGear CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity U ...) NOT-FOR-US: Verity Ultraseek CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Verity Ultraseek CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm 2. ...) - fvwm 1:2.5.18-2 (low; bug #400303) [sarge] - fvwm (Minor issue) CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ins ...) NOT-FOR-US: MDaemon CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...) NOT-FOR-US: Panda ActiveScan CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows re ...) NOT-FOR-US: Panda ActiveScan CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...) NOT-FOR-US: PassGo SSO Plus CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows ...) NOT-FOR-US: PentaZip CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite ...) NOT-FOR-US: PentaZip CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow re ...) NOT-FOR-US: Hpecs Shopping Cart CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...) NOT-FOR-US: Mercury Mail Transport CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in account_login.a ...) NOT-FOR-US: A+ Store E-Commerce CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce allow ...) NOT-FOR-US: A+ Store E-Commerce CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allo ...) NOT-FOR-US: INFINICART CVE-2006-5957 NOT-FOR-US: INFINICART CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) datab ...) NOT-FOR-US: PHPRunner CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Rea ...) NOT-FOR-US: DataShed CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier all ...) NOT-FOR-US: NetVIOS CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart (a ...) NOT-FOR-US: Evolve shopping cart CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 all ...) NOT-FOR-US: ASP Smiley CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...) NOT-FOR-US: Exophpdesk CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...) NOT-FOR-US: ALTools ALFTP FTP Server CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...) NOT-FOR-US: ALTools ALFTP FTP Server CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpP ...) NOT-FOR-US: phpPeanuts CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2 ...) NOT-FOR-US: Conxint FTP Server CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...) NOT-FOR-US: FunkyASP Glossary CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...) NOT-FOR-US: MGinternet Car Site Manager CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MG ...) NOT-FOR-US: MGinternet Car Site Manager CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...) NOT-FOR-US: Less Inventory Manager CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in inventory/display/display_ ...) NOT-FOR-US: Less Inventory Manager CVE-2006-5941 REJECTED CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...) NOT-FOR-US: Grisoft AVG Anti-Virus CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...) NOT-FOR-US: Grisoft AVG Anti-Virus CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote at ...) NOT-FOR-US: Grisoft AVG Anti-Virus CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 al ...) NOT-FOR-US: Grisoft AVG Anti-Virus CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce Syste ...) NOT-FOR-US: SiteXpress E-Commerce CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and earlie ...) NOT-FOR-US: ShopSystems CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent Manag ...) NOT-FOR-US: Estate Agent Manager CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows remo ...) NOT-FOR-US: UltraSite CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single su ...) NOT-FOR-US: Kahua CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web base ...) NOT-FOR-US: Aigaion CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web base ...) NOT-FOR-US: Aigaion CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in Phpjobschedu ...) NOT-FOR-US: Phpjobscheduler CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...) NOT-FOR-US: Phpjobscheduler CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...) NOT-FOR-US: ASP Scripter Easy Portal CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...) NOT-FOR-US: Vallheru CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...) {DSA-1240-1 DSA-1228-1 DSA-1226-1} - links 0.99+1.00pre12-1.1 (medium; bug #399188) - elinks 0.11.1-1.2 (medium; bug #399187) - links2 2.1pre25-2 (medium; bug #400718) CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...) NOT-FOR-US: Efficient IP iPmanager (IPm) CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac gtca ...) NOT-FOR-US: gtcatalog CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Wheatblog CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...) NOT-FOR-US: Wheatblog CVE-2006-5920 NOT-FOR-US: Exporia CVE-2006-5919 (PHP remote file inclusion vulnerability in admin/e_data/visEdit_contro ...) NOT-FOR-US: KnowledgeBuilder CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kil ...) NOT-FOR-US: RapidKill CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager all ...) NOT-FOR-US: OmniStar Article Manager CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass vi ...) NOT-FOR-US: Intego VirusBarrier CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMED ...) NOT-FOR-US: LandShop CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remot ...) NOT-FOR-US: LandShop CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a s ...) NOT-FOR-US: Microsoft CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has unknow ...) NOT-FOR-US: Campware Campsite CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware Campsit ...) NOT-FOR-US: Campware Campsite CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware Campsit ...) NOT-FOR-US: Campware Campsite CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research For ...) NOT-FOR-US: Stanford Conference And Research Forum (SCARF) CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in y ...) NOT-FOR-US: Yet Another News System CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in Jean ...) NOT-FOR-US: SCRIPT BANNIERES CVE-2006-5906 NOT-FOR-US: SCRIPT BANNIERES CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database a ...) NOT-FOR-US: Web Directory Pro CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 a ...) NOT-FOR-US: MWChat Pro CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perfo ...) NOT-FOR-US: GSpace CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...) NOT-FOR-US: viksoe GMail Drive CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP addres ...) NOT-FOR-US: Hawking Technology wireless router WR254-CA CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/H ...) NOT-FOR-US: Zend Framework Preview CVE-2006-5899 NOT-FOR-US: @cid stat CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 i ...) NOT-FOR-US: PhpMyChat CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...) NOT-FOR-US: PhpMyChat Plus CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the f ...) NOT-FOR-US: Web Mech Designer CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...) NOT-FOR-US: EncapsCMS CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ear ...) NOT-FOR-US: Rama CMS CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...) NOT-FOR-US: iWonder Designs Storystream CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Po ...) NOT-FOR-US: The Net Guys ASPired2Poll CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios USto ...) NOT-FOR-US: Superfreaker Studios UStore CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios USup ...) NOT-FOR-US: Superfreaker Studios UStore CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...) NOT-FOR-US: BrewBlogger CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...) NOT-FOR-US: Superfreaker Studios UPublisher CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Datawo ...) NOT-FOR-US: Dynamic Dataworx NuSchool CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic Datawor ...) NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems) CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows remo ...) NOT-FOR-US: NuStore CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX contro ...) NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) NOT-FOR-US: cPanel 10 CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...) NOT-FOR-US: Broadcom BCMWL5.SYS CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx N ...) NOT-FOR-US: Dynamic Dataworx NuCommunity CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...) NOT-FOR-US: Munch Pro CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta an ...) NOT-FOR-US: ASPPortal CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...) {DSA-1209} - trac 0.10.1-1 (bug #397683) CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, e ...) - enigmail 2:0.94.2-1 (bug #406604) CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP lib ...) {DSA-1248-1} - libsoup 2.2.98-2 (bug #405197; medium) CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attacke ...) {DSA-1236-1} - enemies-of-carlotta 1.2.4-1 (medium) CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ca ...) {DSA-1232-1} - clamav 0.86-1 CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...) {DSA-1230-1} - l2tpns 2.1.21-1 (medium; bug #401742) NOTE: http://secunia.com/advisories/23230/ CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...) {DSA-1239-1} - sql-ledger 2.6.21-1 CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.3 ...) {DSA-1237 DSA-1233} - linux-2.6 (Current Linux versions already implement intended behaviour) CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...) {DSA-1246-1} - openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679) CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute arbitrar ...) {DSA-1220} - pstotext 1.9-4 (bug #356988; medium) CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 b ...) {DSA-1213} - imagemagick 7:6.2.4.5.dfsg1-0.11 CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may trans ...) {DSA-1259-1} - fetchmail 6.3.6-1 (low) CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpM ...) NOT-FOR-US: phpManta CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...) NOT-FOR-US: Script Dowload CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for LetterI ...) NOT-FOR-US: LetterIt CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...) NOT-FOR-US: Network Administration Visualized CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...) NOT-FOR-US: Citrix CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...) NOT-FOR-US: Adobe JRun CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...) NOT-FOR-US: Adobe ColdFusion CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...) NOT-FOR-US: Adobe CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...) NOT-FOR-US: Adobe CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 a ...) NOT-FOR-US: Adobe Download Manager CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5 ...) NOT-FOR-US: Tivoli CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in Nove ...) NOT-FOR-US: Novell Netware CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CM ...) NOT-FOR-US: Immediacy CMS CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...) NOT-FOR-US: OpenBase SQL CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ar ...) NOT-FOR-US: OpenBase SQL CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows al ...) NOT-FOR-US: Essentia Web Server CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in Irayo ...) NOT-FOR-US: IrayoBlog CVE-2006-5848 REJECTED CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2 ...) NOT-FOR-US: FreeWebshop CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 an ...) NOT-FOR-US: FreeWebshop CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...) NOT-FOR-US: Speedywiki CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the ...) NOT-FOR-US: Speedywiki CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2. ...) NOT-FOR-US: Speedywiki CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running o ...) NOT-FOR-US: Unicore CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...) NOT-FOR-US: DodosMail CVE-2006-5840 NOT-FOR-US: Abarcar Realty Portal CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...) NOT-FOR-US: PHPAdventure CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in N ...) NOT-FOR-US: NewP News Publication System CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the SimpleCha ...) NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwi ...) NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Dom ...) NOT-FOR-US: IBM Lotus Notes Domino CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution Quick ...) NOT-FOR-US: OpenSolution Quick.Cms.Lite CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require auth ...) NOT-FOR-US: GreenBeast CMS CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote att ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP Classifi ...) NOT-FOR-US: PHP Classifieds CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...) NOT-FOR-US: phpComasy CMS CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 a ...) NOT-FOR-US: Texas Imperial Software WFTPD Pro Server CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako Suppor ...) NOT-FOR-US: Kayako SupportSuite CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows l ...) - kfreebsd-5 [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.18.dfsg.1-10 (low) CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...) NOT-FOR-US: Symantec Veritas NetBackup CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...) NOT-FOR-US: Citrix CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBudd ...) NOT-FOR-US: SuperBuddy ActiveX control CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...) NOT-FOR-US: Verity Ultraseek CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...) {DSA-1243-1 DSA-1214} - gv 1:3.6.2-3 (medium; bug #398292) - evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063) CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6 ...) NOT-FOR-US: Lotus Domino CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permis ...) NOT-FOR-US: Parallels CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Bu ...) NOT-FOR-US: Business Card Web Builder CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...) {DSA-1222-1} - proftpd-dfsg 1.3.0-15 (bug #399070; high) CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...) NOT-FOR-US: Novell eDirectory CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...) NOT-FOR-US: Novell eDirectory CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to caus ...) NOT-FOR-US: Kerio CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...) NOT-FOR-US: OpenEMR CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlis ...) NOT-FOR-US: XOOPS CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB befor ...) NOT-FOR-US: OvBB CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses in ...) NOT-FOR-US: Cisco CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escap ...) NOT-FOR-US: Cisco CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configure ...) NOT-FOR-US: Cisco CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a secur ...) NOT-FOR-US: Microsoft CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced Guest ...) NOT-FOR-US: Advanced Guestbook CVE-2006-5803 (PHP remote file inclusion vulnerability in modules/mx_smartor/album.ph ...) NOT-FOR-US: mxBB Smartor Album CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers ...) NOT-FOR-US: The Web Drivers Simple Forum CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not pro ...) NOT-FOR-US: owfs CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in xenis.creat ...) NOT-FOR-US: Xenis.creator CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: Xenis.creator CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...) NOT-FOR-US: Xenis.creator CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...) NOT-FOR-US: Xenis.creator CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro E ...) NOT-FOR-US: Soholaunch Pro CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 an ...) NOT-FOR-US: OpenEMR CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...) - openssh 1:4.3p2-6 (unimportant) NOTE: Not a direct vulnerability CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in li ...) - libpng 1.2.13-0 (low; bug #398706) [sarge] - libpng (Minor issue) CVE-2006-XXXX [obexpushd arbitrary command execution] - obexpushd 0.4+svn10-1 (bug #397297; medium) CVE-2006-XXXX [motion insecure tempfile creation] - motion 3.2.3-2 (bug #393846; low) [sarge] - motion (Minor issue) CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote a ...) NOT-FOR-US: XLink Omni-NFS Enterprise CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...) {DSA-1242-1} - elog 2.6.2+r1754-1 (medium; bug #392016) CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ea ...) {DSA-1242-1} - elog 2.6.2+r1754-1 (medium; bug #392016) CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated user ...) NOT-FOR-US: WarFTPd CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) admin ...) NOT-FOR-US: IPrimal Forums CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote attacke ...) NOT-FOR-US: IPrimal Forums CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and earl ...) NOT-FOR-US: e107 CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before pa ...) NOT-FOR-US: SAP Web Application Server CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application Serve ...) NOT-FOR-US: SAP Web Application Server CVE-2006-5783 NOTE: irreproducible firefox issue CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...) NOT-FOR-US: HP OpenView CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...) NOT-FOR-US: iodine CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 a ...) NOT-FOR-US: XLink Omni-NFS CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of se ...) - openldap2.2 (bug #397673) - openldap2.3 2.3.29-1 CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...) NOT-FOR-US: Creasito E-Commerce Content Manager CVE-2006-5776 NOT-FOR-US: Ariadne CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0 ...) NOT-FOR-US: FunkBoard CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...) NOT-FOR-US: Hyper NIKKI System CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 an ...) NOT-FOR-US: FreeWebshop CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...) NOT-FOR-US: FreeWebshop CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...) NOT-FOR-US: Arkoon SSL360 CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile all ...) NOT-FOR-US: Mobile CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...) NOT-FOR-US: admin.tool CMS CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 R ...) NOT-FOR-US: Cyberfolio CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...) NOT-FOR-US: Drake CMS CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article Syste ...) NOT-FOR-US: Article System CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ear ...) NOT-FOR-US: Article Script CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File Ho ...) NOT-FOR-US: Free File Hosting CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File Hostin ...) NOT-FOR-US: Free File Hosting CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free Fil ...) NOT-FOR-US: Free File Hosting CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CM ...) NOT-FOR-US: Rhadrix If-CMS CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2. ...) NOT-FOR-US: phpDynaSite CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote att ...) NOT-FOR-US: Rhadrix If-CMS CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 S ...) NOT-FOR-US: Microsoft CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 fi ...) {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (low) CVE-2006-5756 REJECTED CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not p ...) {DSA-1381-2} - linux-2.6 2.6.18.dfsg.1-10 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly initiali ...) {DSA-1304} - linux-2.6 (Fixed before initial upload; 2.6.10) CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux kernel ...) {DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304} - linux-2.6 2.6.20-1 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_st ...) - apache2 2.2.4-2 (low) [sarge] - apache2 2.0.54-5sarge2 [etch] - apache2 2.2.3-4+etch2 - apache (low) [etch] - apache 1.3.34-4.1+etch1 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in net/bridge/br_ioct ...) {DSA-1233} - linux-2.6 2.6.18-8 (medium) CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository clas ...) NOT-FOR-US: JBoss CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...) - linux-2.6 2.6.18.dfsg.1-10 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...) {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-65 - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - iceweasel 2.0+dfsg-1 (high) - icedove 1.5.0.8-1 (medium) - mozilla (high) - xulrunner 1.8.0.8-1 (high) CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...) NOTE: MFSA-2006-65 - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - iceweasel 2.0+dfsg-1 (high) - icedove 1.5.0.8-1 (medium) - mozilla (medium) - xulrunner 1.5.0.8-1 (high) - mozilla-firefox - mozilla-thunderbird [sarge] - mozilla (Vulnerable code not present) [sarge] - mozilla-firefox (Vulnerable code not present) [sarge] - mozilla-thunderbird (Vulnerable code not present) CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not pro ...) NOT-FOR-US: AirMagnet CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the XMLHTT ...) NOT-FOR-US: Microsoft CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and High ...) NOT-FOR-US: Highwall Enterprise CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterp ...) NOT-FOR-US: Highwall Enterprise CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...) NOT-FOR-US: AirMagnet Enterprise CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enter ...) NOT-FOR-US: AirMagnet Enterprise CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Le ...) NOT-FOR-US: communityPortals CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow re ...) NOT-FOR-US: PunBB CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from th ...) NOT-FOR-US: PunBB CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...) NOT-FOR-US: PunBB CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB befor ...) NOT-FOR-US: PunBB CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 a ...) NOT-FOR-US: ATutor CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and e ...) NOT-FOR-US: PostNuke CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earl ...) NOT-FOR-US: T.G.S. CMS CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...) NOT-FOR-US: Lithium CMS CVE-2006-5730 (PHP remote file inclusion vulnerability in manager/media/browser/mcpuk ...) NOT-FOR-US: Modx CMS CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum p ...) NOT-FOR-US: Yazd Discussion Forum CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote authentica ...) NOT-FOR-US: XM Easy Personal FTP Server CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...) NOT-FOR-US: sazcart CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to c ...) NOT-FOR-US: Solaris CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to determ ...) NOT-FOR-US: AEP Smartgate CVE-2006-5724 (Heap-based buffer overflow the "Answering Service" function in ICQ 200 ...) NOT-FOR-US: ICQ CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...) NOT-FOR-US: DataparkSearch Engine CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...) NOT-FOR-US: Segue CMS CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) a ...) NOT-FOR-US: Outpost Firewall PRO CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the Journ ...) NOT-FOR-US: PHP-Nuke CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall Expl ...) NOT-FOR-US: BytesFall Explorer (bfExplorer) CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...) - phpmyadmin 4:2.9.0.3-1 (low; bug #396638) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2006-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/39893dd0c956de6505d5a4d4590ad3e1f64bdffa CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Dat ...) NOT-FOR-US: Zend Google Data Client Library (ZendGData) CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allo ...) NOT-FOR-US: FreeNews CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS fil ...) NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file s ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) We ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows r ...) NOT-FOR-US: Mirapoint WebMail CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote att ...) NOT-FOR-US: ECI Telecom CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin k ...) NOT-FOR-US: Apple Mac OS X CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...) NOT-FOR-US: Alt-N Technologies MDaemon CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt ...) NOT-FOR-US: Alt-N Technologies MDaemon CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...) NOT-FOR-US: PHPEasyData CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...) - php5 5.2.0-1 (unimportant) - php4 (unimportant) NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy CVE-2006-5705 (Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...) - wordpress 2.0.5-0.1 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 befo ...) NOT-FOR-US: HP CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...) - tikiwiki 1.9.6+dfsg-1 (low) CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...) - tikiwiki 1.9.6+dfsg-1 (medium) CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel 2.6.x ...) - linux-2.6 (Vulnerable code not present) - squashfs 1:3.1r2-6.1 NOTE: Mounting filesystem partitions should be limited to root CVE-2006-5700 REJECTED CVE-2006-5699 REJECTED CVE-2006-5698 REJECTED CVE-2006-5697 REJECTED CVE-2006-5696 REJECTED CVE-2006-5695 REJECTED CVE-2006-5694 REJECTED CVE-2006-5693 REJECTED CVE-2006-5692 REJECTED CVE-2006-5691 REJECTED CVE-2006-5690 REJECTED CVE-2006-5689 REJECTED CVE-2006-5688 REJECTED CVE-2006-5687 REJECTED CVE-2006-5686 REJECTED CVE-2006-5685 REJECTED CVE-2006-5684 REJECTED CVE-2006-5683 REJECTED CVE-2006-5682 REJECTED CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Qua ...) NOT-FOR-US: QuickTime on Mac OS X CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...) - libarchive 1.3.1-1 (unimportant) CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows loc ...) - kfreebsd-5 (medium) [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-5678 NOT-FOR-US: Les Visiteurs CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...) - torque 2.1.6-1 CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert PhpL ...) NOT-FOR-US: PhpLeague CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...) NOT-FOR-US: Pentaho Business Intelligence (BI) Suite CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...) NOT-FOR-US: miniBB CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2 ...) NOT-FOR-US: miniBB CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in My ...) NOT-FOR-US: MySource CMS CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image H ...) NOT-FOR-US: Free Image Hosting CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free Ima ...) NOT-FOR-US: Free Image Hosting CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in G ...) NOT-FOR-US: Gepi CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_ ...) NOT-FOR-US: Ampache CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...) NOT-FOR-US: P-Book CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 all ...) NOT-FOR-US: E-Annu CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in t ...) NOT-FOR-US: phpBB module Spider Friendly CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...) NOT-FOR-US: IBM Informix CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software Developmen ...) NOT-FOR-US: IBM Informix CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows re ...) NOT-FOR-US: easy notesManager (eNM) CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netq ...) NOT-FOR-US: Netquery CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 doe ...) NOT-FOR-US: Cisco CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, whi ...) NOT-FOR-US: PAM_extern CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ( ...) NOT-FOR-US: BlooMooWeb ActiveX control CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 h ...) NOT-FOR-US: Vilistextum CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum be ...) NOT-FOR-US: Vilistextum CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows re ...) NOT-FOR-US: OpenDocMan CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in Su ...) NOT-FOR-US: Sun Java System Web Server CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...) NOT-FOR-US: Sun Java System Messenger Express CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Serv ...) NOT-FOR-US: Sun CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to o ...) NOT-FOR-US: DigiOz Guestbook CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5. ...) NOT-FOR-US: ICQPhone.SipxPhoneManager CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling" ...) {DSA-1237 DSA-1233} - linux-2.6 2.6.18-4 CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...) - linux-2.6 2.6.18-1 (low) CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for L ...) NOT-FOR-US: Sophos CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...) NOT-FOR-US: Sophos CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for L ...) NOT-FOR-US: Sophos CVE-2006-5644 RESERVED CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...) NOT-FOR-US: foresite CMS CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown i ...) NOT-FOR-US: NmnLogger CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Anno ...) NOT-FOR-US: Techno Dreams CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams Gues ...) NOT-FOR-US: Techno Dreams CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ( ...) NOT-FOR-US: OpenWBEM CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2 ...) NOT-FOR-US: PHPMyRing CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq Admini ...) NOT-FOR-US: Faq Administrator CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple Websit ...) NOT-FOR-US: Simple Website Software CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums allo ...) NOT-FOR-US: Web Wiz Forums CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...) NOT-FOR-US: phpProfiles CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ...) - firefox 45.0-1 (unimportant) - firefox-esr 45.0esr-1 (unimportant) - iceweasel (unimportant) - icedove (unimportant) - mozilla (unimportant) - xulrunner (unimportant) - mozilla-firefox (unimportant) - mozilla-thunderbird (unimportant) CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) NOT-FOR-US: iG Shop CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) NOT-FOR-US: iG Shop CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1 ...) NOT-FOR-US: Hosting Controller CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 befor ...) NOT-FOR-US: Hosting Controller CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management ...) NOT-FOR-US: UNISOR Content Management System (CMS) CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...) NOT-FOR-US: QnECMS CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htm ...) NOT-FOR-US: phpFaber CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...) NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS) CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comme ...) NOT-FOR-US: Multi-Page Comment System (MPCS) CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic En ...) NOT-FOR-US: Electronic Engineering Tool (EE Tool) CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...) NOT-FOR-US: ask_rave CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...) NOT-FOR-US: MiniBILL CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linu ...) {DSA-1233} - linux-2.6 2.6.18-4 (low) CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...) NOT-FOR-US: Netref CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...) NOT-FOR-US: Thepeak File Upload Manager CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...) NOT-FOR-US: OpenPBS CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...) NOT-FOR-US: Textpattern CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP S ...) NOT-FOR-US: Microsoft CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSa ...) NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS) CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...) NOT-FOR-US: GestArt CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ha ...) NOT-FOR-US: Toshiba CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php ...) NOT-FOR-US: Teake Nutma Foing CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...) - torrentflux 2.1-5 (bug #395930; medium) CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before ...) NOT-FOR-US: Extended Tracker (xtracker) for Drupal CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 all ...) NOT-FOR-US: INCA IM-204 CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplor ...) NOT-FOR-US: BytesFall Explorer (bfExplorer) CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer ...) NOT-FOR-US: phpCards CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards 1 ...) NOT-FOR-US: phpCards CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.0 ...) NOT-FOR-US: Snitz Forums CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores pass ...) NOT-FOR-US: Axalto Protiva CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) NOT-FOR-US: Oracle CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...) NOT-FOR-US: GOOP Gallery CVE-2006-5597 (join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows ...) NOT-FOR-US: MiniHTTP Web Forum CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate 4 ...) NOT-FOR-US: AEP Smartgate CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark (formerl ...) - wireshark 0.99.4-1 (bug #396258) CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British Colum ...) NOT-FOR-US: iPeer CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow re ...) NOT-FOR-US: Desknet's (niokeru) CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...) NOT-FOR-US: PacPoll CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4 ...) NOT-FOR-US: PacPoll CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach S ...) NOT-FOR-US: ArticleBeach Script CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and e ...) NOT-FOR-US: LedgerSMB (LSMB) CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 ...) NOT-FOR-US: CMS Faethon CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ea ...) NOT-FOR-US: MDweb CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...) NOT-FOR-US: Microsoft GDI CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and S ...) NOT-FOR-US: Microsoft CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 us ...) NOT-FOR-US: Microsoft CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft CVE-2006-5582 REJECTED CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...) NOT-FOR-US: Microsoft CVE-2006-5580 RESERVED CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to r ...) NOT-FOR-US: Microsoft CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to o ...) NOT-FOR-US: Microsoft CVE-2006-5576 REJECTED CVE-2006-5575 REJECTED CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...) NOT-FOR-US: Microsoft CVE-2006-5573 REJECTED CVE-2006-5572 REJECTED CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...) NOT-FOR-US: CruiseWorks CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in Cruise ...) NOT-FOR-US: CruiseWorks CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which a ...) NOT-FOR-US: FtpXQ CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: FtpXQ CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.3 ...) NOT-FOR-US: WinAmp CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script allow ...) NOT-FOR-US: Shop-Script CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote att ...) NOT-FOR-US: MAXdev MD-Pro CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro ...) NOT-FOR-US: MAXdev MD-Pro CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1. ...) NOT-FOR-US: Yahoo! Messenger CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in Sou ...) NOT-FOR-US: SourceForge (gforge is not affected) CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...) NOT-FOR-US: Discuz! GBK CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch Prog ...) NOT-FOR-US: ProgSys CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...) NOT-FOR-US: ADODB.Connection 2.7 ActiveX control CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...) NOT-FOR-US: HP-UX CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify comm ...) NOT-FOR-US: HP-UX CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other functio ...) NOT-FOR-US: swask CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in EPNad ...) NOT-FOR-US: EPNadmin CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows r ...) NOT-FOR-US: Imageview CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 befo ...) NOT-FOR-US: Cisco CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and e ...) NOT-FOR-US: RevilloC MailServer CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow re ...) NOT-FOR-US: QK SMTP CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...) - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-5549 NOT-FOR-US: Adobe PHP SDK CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...) NOT-FOR-US: Open Tibia Server Content Management System CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...) NOT-FOR-US: Open Tibia Server Content Management System CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...) NOT-FOR-US: Open Tibia Server Content Management System CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x bef ...) NOT-FOR-US: Symantec CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 allow ...) NOT-FOR-US: Microsoft CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP G ...) NOT-FOR-US: PHP Generator of Object SQL Database CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...) - postgresql-8.1 8.1.5-1 (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0. ...) - postgresql-7.4 1:7.4.14-1 (unimportant) - postgresql-8.1 8.1.5-1 (unimportant) [sarge] - postgresql (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remot ...) - postgresql-8.1 8.1.5-1 (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in UeberPr ...) NOT-FOR-US: UeberProject Management System CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attac ...) NOT-FOR-US: D-Link CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm i ...) NOT-FOR-US: D-Link CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...) NOT-FOR-US: D-Link CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...) NOT-FOR-US: WebHostManager cPanel CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zw ...) NOT-FOR-US: Zwahlen Online Shop Freeware CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...) NOT-FOR-US: AROUNDMe CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...) NOT-FOR-US: RMSOFT Gallery System CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended Gu ...) NOT-FOR-US: Ascended Guestbook CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...) NOT-FOR-US: SimpNews CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/ ...) NOT-FOR-US: SchoolAlumni Portal CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2. ...) NOT-FOR-US: SchoolAlumni Portal CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in Intel ...) NOT-FOR-US: InteliEditor CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foin ...) NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...) NOT-FOR-US: PHP-Nuke CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10. ...) - phplist (bug #612288) CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0 ...) NOT-FOR-US: EZ-Ticket CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...) NOT-FOR-US: Kawf CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...) NOT-FOR-US: Net_DNS CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in DeltaScrip ...) NOT-FOR-US: PHP Classifieds CVE-2006-5519 (PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_opti ...) - egroupware (there is no path variable used to include plugin.php) CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher Fowl ...) NOT-FOR-US: RSSonate CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island Ope ...) NOT-FOR-US: Open Meetings Filing Application CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in actions/userset ...) NOT-FOR-US: WikiNi CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in php ...) NOT-FOR-US: phpPgAds / phpAdsNew CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication Cen ...) NOT-FOR-US: Web Group Communication CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allo ...) NOT-FOR-US: GeoNetwork opensource CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...) - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...) - xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium) CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in ...) - xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium) CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities] - mysql-dfsg-5.0 5.0.26-1 (low) CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Onl ...) NOT-FOR-US: Zwahlen Online Shop CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...) NOT-FOR-US: JaxUltraBB CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH Pexp ...) NOT-FOR-US: Pexplorer CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book 1 ...) NOT-FOR-US: Burning Book CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burn ...) NOT-FOR-US: Burning Book CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (De ...) NOT-FOR-US: Der Dirigent CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 all ...) NOT-FOR-US: WiClear CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...) NOT-FOR-US: 2BGal CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple Machin ...) NOT-FOR-US: Simple Machines Forum CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple Machin ...) NOT-FOR-US: Simple Machines Forum CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX contro ...) NOT-FOR-US: AOL Security Edition CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDo ...) NOT-FOR-US: AOL Security Edition CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in in ...) NOT-FOR-US: XchangeBoard CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9 ...) - serendipity 1.0.2-1 CVE-2006-5498 (Directory traversal vulnerability in themes/program/themesettings.inc. ...) NOT-FOR-US: Segue CMS CVE-2006-5497 (PHP remote file inclusion vulnerability in themes/program/themesetting ...) NOT-FOR-US: Segue CMS CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...) NOT-FOR-US: Timothy Claason KnowledgeBank CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...) NOT-FOR-US: Trawler Web CMS CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in modules/My_eGall ...) NOT-FOR-US: pandaBB for PHP-Nuke CVE-2006-5493 (PHP remote file inclusion vulnerability in template/purpletech/base_in ...) NOT-FOR-US: DigitalHive CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allo ...) NOT-FOR-US: Maarch CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in UltraCM ...) NOT-FOR-US: UltraCMS CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management Sys ...) NOT-FOR-US: Segue CMS CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before H ...) NOT-FOR-US: RIM BlackBerry Enterprise Server CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier ...) NOT-FOR-US: XchangeBoard CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x ...) NOT-FOR-US: Marshal MailMarshal SMTP CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...) NOT-FOR-US: Sun Java System Messaging Server CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2bet ...) NOT-FOR-US: SpeedBerg CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 an ...) NOT-FOR-US: SSH Tectia CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified d ...) - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...) - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor P ...) NOT-FOR-US: Castor CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Casto ...) NOT-FOR-US: Castor CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...) NOT-FOR-US: Novell eDirectory CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x befor ...) NOT-FOR-US: Novell eDirectory CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ...) - drupal (Our version of drupal is too old) CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...) - drupal (Our version of drupal is too old) CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...) - drupal (Our version of drupal is too old) CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ge ...) NOT-FOR-US: OneOrZero Helpdesk CVE-2006-5473 NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer Libr ...) NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php i ...) NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5470 REJECTED CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark (formerl ...) - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...) {DSA-1235-1 DSA-1234-1} - ruby1.8 1.8.5-3 (low; bug #398457) - ruby1.9 1.9.0+20070606-1 (low) [etch] - ruby1.9 (Minor issue) CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...) - rpm 4.4.1-11 (low; bug #397076) [sarge] - rpm (You need to trust the RPMs you're installing) NOTE: Only hypothetical, far-fetched attacks feasible CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...) {DSA-1206-1} - php4 4:4.4.4-4 (high; bug #396764) - php5 5.1.6-6 (high; bug #396766) CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...) {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-65 - firefox 45.0-1 (low) - firefox-esr 45.0esr-1 (low) - iceweasel 2.0+dfsg-1 (low) - icedove 1.5.0.8-1 (low) - mozilla (low) - xulrunner 1.8.0.8-1 (low) CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...) {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-67 - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - iceweasel 2.0+dfsg-1 (high) - icedove 1.5.0.8-1 (medium) - mozilla (high) - xulrunner 1.8.0.8-1 (high) CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) {DSA-1227-1 DSA-1225-1 DSA-1224-1} NOTE: MFSA-2006-66 NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340 NOTE: the fixes for CVE-2006-4340 were incomplete - firefox 45.0-1 (high) - firefox-esr 45.0esr-1 (high) - iceweasel 2.0+dfsg-1 (high) - icedove 1.5.0.8-1 (medium) - mozilla (high) - xulrunner 1.8.0.8-1 (high) CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink mes ...) - avahi 0.6.15-1 (low) CVE-2006-XXXX [diffmon information leakage] - diffmon 20020222-2.2 (bug #382132) CVE-2006-5460 NOT-FOR-US: phpht Topsites CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) NOT-FOR-US: Download-Engine CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) NOT-FOR-US: phpht Topsites CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...) NOT-FOR-US: Casino Script (Masvet) CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagi ...) {DSA-1213} - graphicsmagick 1.1.7-9 (medium) - imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025) CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...) - bugzilla 2.22.1-1 (bug #395094; low) [sarge] - bugzilla (CSRF infrastructure not present, too intrusive to backport) CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.2 ...) - bugzilla 2.22.1-1 (bug #395094; low) [sarge] - bugzilla (Vulnerable code not present) CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...) {DSA-1208-1} - bugzilla 2.22.1-1 (bug #395094; low) CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...) NOT-FOR-US: HP Tru64 CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...) - torrentflux 2.1-5 (bug #395099; low) CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...) NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote authentica ...) {DSA-1204-1} - ingo1 1.1.2-1 (bug #396099) CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Man ...) NOT-FOR-US: Microsoft CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web Manag ...) NOT-FOR-US: DEV Web Management System (WMS) CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino S ...) NOT-FOR-US: Casinosoft Casino Script (aka Masvet) CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver (channels/chan_sip ...) - asterisk 1:1.2.13~dfsg-1 (medium; bug #395080) CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel drive ...) {DSA-1229-1} - asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025) CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Ser ...) - wims 3.60-1 (bug #395102) CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP header ...) - viewvc 1.0.3-1 (medium; bug #397669) CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...) NOT-FOR-US: Comdev Web Blogger CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev For ...) NOT-FOR-US: Comdev Web Blogger CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Mis ...) NOT-FOR-US: Comdev Web Blogger CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev For ...) NOT-FOR-US: Comdev Web Blogger CVE-2006-5437 NOT-FOR-US: phpAdsNew CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...) NOT-FOR-US: FreeFAQ CVE-2006-5435 - phpbb2 (not vulnerable) CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 a ...) NOT-FOR-US: P-News CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...) NOT-FOR-US: ALiCE-CMS CVE-2006-5432 (Multiple direct static code injection vulnerabilities in db/txt.inc.ph ...) NOT-FOR-US: phpPowerCards CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHP ...) NOT-FOR-US: PHPOutsourcing Zorum CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: db-central (dbc) Enterprise CMS CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...) NOT-FOR-US: BRIM CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileg ...) NOT-FOR-US: Cerberus Helpdesk CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...) NOT-FOR-US: Php AMX CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Cal ...) NOT-FOR-US: LoCal Calendar System CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attac ...) NOT-FOR-US: XORP (eXtensible Open Router Platform) CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial vers ...) NOT-FOR-US: Justsystem Ichitaro CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in L ...) NOT-FOR-US: Lou Portail CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel (p ...) NOT-FOR-US: Lodel CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitra ...) NOT-FOR-US: WSN Forum CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to c ...) NOT-FOR-US: Kerio WinRoute Firewall CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...) NOT-FOR-US: Specimen Image Database (SID) CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php i ...) NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAf ...) NOT-FOR-US: McAfee CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Netwo ...) NOT-FOR-US: F5 CVE-2006-5415 (PHP remote file inclusion vulnerability in includes/functions_newshr.p ...) NOT-FOR-US: News Defilante Horizontale CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to rea ...) NOT-FOR-US: Barry Nauta BRIM CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 f ...) NOT-FOR-US: SuperMod for YABB (YaBBSM) CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_gl ...) NOT-FOR-US: PHP Outburst Easynews CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web Publ ...) NOT-FOR-US: Free Web Publishing System (FreeWPS) CVE-2006-5410 (PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/ ...) NOT-FOR-US: BoonEx Dolphin CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...) NOT-FOR-US: Highwall Enterprise and Highwall Endpoint CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ID ...) NOT-FOR-US: Highwall Enterprise and Highwall Endpoint CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket a ...) NOT-FOR-US: osTicket CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure pe ...) NOT-FOR-US: Passgo Defender CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...) NOT-FOR-US: Toshiba Bluetooth wireless device driver CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec Autom ...) NOT-FOR-US: Symantec CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec Aut ...) NOT-FOR-US: Symantec CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...) NOT-FOR-US: PHPMyBibli CVE-2006-5401 (PHP remote file inclusion vulnerability in template/barnraiser_01/p_ne ...) NOT-FOR-US: AROUNDMe CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in CyberBra ...) NOT-FOR-US: CyberBrau CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...) NOT-FOR-US: PHPRecipeBook CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...) NOT-FOR-US: Simplog CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 an ...) - libx11 2:1.0.3-3 (low; bug #398460) CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20 ...) NOT-FOR-US: Sun Solaris CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka clspack.ex ...) NOT-FOR-US: Microsoft CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an uncheck ...) NOT-FOR-US: Cisco CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtSh ...) NOT-FOR-US: Cisco CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCor ...) NOT-FOR-US: OpenDock FullCore CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: Xfire CVE-2006-5390 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...) NOT-FOR-US: ACP User Registration (MMW) module for phpBB CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensi ...) NOT-FOR-US: PHP-Wyana CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earli ...) NOT-FOR-US: WebSPELL CVE-2006-5387 (PHP remote file inclusion vulnerability in mods/iai/includes/constants ...) NOT-FOR-US: PlusXL phpBB module CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm W ...) NOT-FOR-US: NuralStorm Webmail CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...) NOT-FOR-US: SpamOborona phpBB module CVE-2006-5384 (PHP remote file inclusion vulnerability in modification/SendAlertEmail ...) NOT-FOR-US: CDS Agenda CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlie ...) NOT-FOR-US: Def-Blog CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlie ...) NOT-FOR-US: 3Com CVE-2006-XXXX [unspecified steam cache vulnerability] - steam (affects the old steam environment for corporate knowledge management package shipped in lenny and before, not the new Valve steam package) CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with insufficie ...) NOT-FOR-US: Contenido CMS CVE-2006-5380 NOT-FOR-US: Contenido CMS CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics Driv ...) - nvidia-graphics-drivers 1.0.8776-1 (bug #393573) [sarge] - nvidia-graphics-drivers (1.0.7174 not affected) NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971 CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards Ente ...) NOT-FOR-US: EnterpriseOne CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...) NOT-FOR-US: PeopleSoft CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in Oracl ...) NOT-FOR-US: PeopleSoft CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in Oracl ...) NOT-FOR-US: PeopleSoft CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...) NOT-FOR-US: Oracle CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle E ...) NOT-FOR-US: Oracle CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle E ...) NOT-FOR-US: Oracle CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in Orac ...) NOT-FOR-US: Oracle CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...) NOT-FOR-US: Oracle CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...) NOT-FOR-US: Oracle CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...) NOT-FOR-US: Oracle CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...) NOT-FOR-US: Oracle CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) NOT-FOR-US: Oracle CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...) NOT-FOR-US: Oracle CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle Appl ...) NOT-FOR-US: Oracle CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle Applicat ...) NOT-FOR-US: Oracle CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer compo ...) NOT-FOR-US: Oracle CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle Applicat ...) NOT-FOR-US: Oracle CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle Ap ...) NOT-FOR-US: Oracle CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...) NOT-FOR-US: Oracle CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) NOT-FOR-US: Oracle CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...) NOT-FOR-US: Oracle CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle Ap ...) NOT-FOR-US: Oracle CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...) NOT-FOR-US: Oracle CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express (fo ...) NOT-FOR-US: Oracle CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-B ...) NOT-FOR-US: Oracle CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...) NOT-FOR-US: Oracle CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collab ...) NOT-FOR-US: Oracle CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Col ...) NOT-FOR-US: Oracle CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Or ...) NOT-FOR-US: Oracle CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in Or ...) NOT-FOR-US: Oracle CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle Data ...) NOT-FOR-US: Oracle CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in Or ...) NOT-FOR-US: Oracle CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC) ...) NOT-FOR-US: Oracle CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...) NOT-FOR-US: Oracle CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for ...) NOT-FOR-US: Oracle CVE-2006-5331 (The altivec_unavailable_exception function in arch/powerpc/kernel/trap ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/6c4841c2b6c32a134f9f36e5e08857138cc12b10 (2.6.19-rc3) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=213229 CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and e ...) - flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium) NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version) NOTE: or not but it's fix in 9.0.31.0.1 for sure. [sarge] - flashplugin-nonfree (Contrib not supported, only installer package) [etch] - flashplugin-nonfree (Contrib not supported, only installer package) CVE-2006-5329 REJECTED CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earl ...) NOT-FOR-US: OpenBase SQL CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...) NOT-FOR-US: OpenBase SQL CVE-2006-5326 (PHP remote file inclusion vulnerability in language/lang/lang_contact_ ...) NOT-FOR-US: Prillian French module for phpBB CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Se ...) NOT-FOR-US: dwingmods for phpBB CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM WebSpher ...) NOT-FOR-US: IBM WebSphere CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...) NOT-FOR-US: IBM WebSphere CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...) - phplist (bug #612288) CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...) - phplist (bug #612288) CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans No ...) NOT-FOR-US: Album Photo Sans Nom CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows r ...) NOT-FOR-US: Foafgen CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...) NOT-FOR-US: Nayco JASmine CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows r ...) NOT-FOR-US: eboli CVE-2006-5316 (registroTL stores sensitive information under the web root with insuff ...) NOT-FOR-US: registroTL CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL allo ...) NOT-FOR-US: registroTL CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3. ...) NOT-FOR-US: TribunaLibre CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...) - hastymail CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Sh ...) NOT-FOR-US: Ajax Shoutbox CVE-2006-5311 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...) NOT-FOR-US: Buzlas CVE-2006-5310 (PHP remote file inclusion vulnerability in common/visiteurs/include/me ...) NOT-FOR-US: phpMyConferences CVE-2006-5309 (PHP remote file inclusion vulnerability in language/lang_french/lang_p ...) NOT-FOR-US: Prillian French module for phpBB CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...) NOT-FOR-US: Open Conference Systems CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2 ...) NOT-FOR-US: AFGB GUESTBOOK CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals Sys ...) NOT-FOR-US: Journals System module for phpBB CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...) NOT-FOR-US: lat2cyr CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...) NOT-FOR-US: IncCMS Core CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtai ...) NOT-FOR-US: Secure Computing SafeWord RemoteAccess CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...) NOT-FOR-US: Redaction System CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in th ...) NOT-FOR-US: SpamBlockerMODv module for phpBB CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 all ...) NOT-FOR-US: HP CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gc ...) NOT-FOR-US: Gcontact CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlie ...) - mutt 1.5.13-1.1 (bug #396104; low) [sarge] - mutt (Minor issue, tmp dirs on NFS cause problems in many scenarios) CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client 1.5.1 ...) - mutt 1.5.13-1.1 (bug #396104; low) [sarge] - mutt (Minor issue, tmp dirs on NFS cause problems in many scenarios) CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a contain ...) NOT-FOR-US: Microsoft CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist befor ...) - phplist (bug #612288) CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcin ...) NOT-FOR-US: PhpOutsourcing Noah's Classifieds CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in Exhibi ...) NOT-FOR-US: Exhibit Engine CVE-2006-5291 (PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_co ...) NOT-FOR-US: Download-Engine CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of X ...) NOT-FOR-US: Xerox WorkCentre CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 a ...) NOT-FOR-US: Vtiger CRM CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...) NOT-FOR-US: Cisco CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 all ...) NOT-FOR-US: Xeobook CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allow ...) NOT-FOR-US: Novell BorderManager CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...) NOT-FOR-US: XeoPort CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...) NOT-FOR-US: PHP News Reader (aka pnews) CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 al ...) NOT-FOR-US: Minichat CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...) NOT-FOR-US: SH-News CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...) NOT-FOR-US: n@board CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...) NOT-FOR-US: communityPortals CVE-2006-5279 RESERVED CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data Collec ...) NOT-FOR-US: Cisco CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...) NOT-FOR-US: Cisco CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort befor ...) - snort (snort versions 2.3.x do not contain the DCE RPC preprocessor) CVE-2006-5275 RESERVED CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, Pro ...) NOT-FOR-US: McAfee CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...) NOT-FOR-US: McAfee CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...) NOT-FOR-US: McAfee CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, Pr ...) NOT-FOR-US: McAfee CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine (mpengine. ...) NOT-FOR-US: Microsoft CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 al ...) NOT-FOR-US: Trend Micro CVE-2006-5267 RESERVED CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Pla ...) NOT-FOR-US: Microsoft issue CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Pla ...) NOT-FOR-US: Microsoft issue CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.2 ...) NOT-FOR-US: MysqlDumper CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in phpMyAge ...) NOT-FOR-US: phpMyAgenda CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and e ...) - hastymail CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 an ...) NOT-FOR-US: PHPMyNews CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...) NOT-FOR-US: Compteur 2 CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in Compteu ...) NOT-FOR-US: Compteur 2 CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management befor ...) NOT-FOR-US: Asbru Web Content Management CVE-2006-5257 (PHP remote file inclusion vulnerability in modules/forum/include/confi ...) NOT-FOR-US: Ciamos Content Management System CVE-2006-5256 (PHP remote file inclusion vulnerability in claroline/inc/lib/import.li ...) NOT-FOR-US: Claroline CVE-2006-5255 NOT-FOR-US: gCards CVE-2006-5254 (PHP remote file inclusion vulnerability in registration_detailed.inc.p ...) NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana Netwo ...) NOT-FOR-US: phpOnline (aka PHP-Online) CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in We ...) NOT-FOR-US: Webmedia Explorer CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...) NOT-FOR-US: Deep CMS CVE-2006-5250 (PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSear ...) NOT-FOR-US: BlueShoes CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in Ta ...) NOT-FOR-US: TagIt! Tagboard CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with insuffi ...) NOT-FOR-US: Eazy Cart CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...) NOT-FOR-US: Eazy Cart CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...) NOT-FOR-US: Eazy Cart CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ad ...) NOT-FOR-US: Eazy Cart CVE-2006-5244 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Bl ...) NOT-FOR-US: Easy Blog CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Do ...) NOT-FOR-US: Easy Blog CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...) NOT-FOR-US: Etomite Content Management System CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Ga ...) NOT-FOR-US: Easy Gallery CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in Docmi ...) NOT-FOR-US: Docmint CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 a ...) NOT-FOR-US: eXpBlog CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley Org ...) NOT-FOR-US: Blue Smiley Organizer CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 allow ...) NOT-FOR-US: Blue Smiley Organizer CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows remo ...) NOT-FOR-US: 4images CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php i ...) NOT-FOR-US: Dimension of phpBB CVE-2006-5234 NOT-FOR-US: phpWebSite CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0 ...) NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone CVE-2006-5232 NOT-FOR-US: iSearch CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, all ...) NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9. ...) NOT-FOR-US: FreeForum CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote attack ...) {DSA-1196-1} - clamav 0.88.5-1 (high; bug #393445) CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and v ...) NOTE: This issues depends on the stack of selected authentication modules, while NOTE: some are resilient against such timing attacks, some aren't NOTE: This is inside responsibility of an admin CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...) NOT-FOR-US: ackerTodo CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2 ...) - torrentflux 2.1-4 (bug #392501; low) CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in Prolog ...) NOT-FOR-US: Freenews CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...) NOT-FOR-US: AAIportal CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php ...) NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB CVE-2006-5223 (PHP remote file inclusion vulnerability in includes/functions_user_vie ...) NOT-FOR-US: User Viewed Posts Tracker module for phpBB CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of php ...) NOT-FOR-US: Dimension of phpBB CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow re ...) NOT-FOR-US: Cahier de textes CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, wh ...) NOT-FOR-US: WebYep CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in Mo ...) - moodle 1.6.2+20060930-1 (medium; bug #390294) [sarge] - moodle (Vulnerable code not present) CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...) NOT-FOR-US: systrace in OpenBSD and NetBSD CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...) NOT-FOR-US: Emek Portal CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.3 ...) NOT-FOR-US: Simple HTTPD CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD befo ...) - xdm 1:1.0.5-1 (low) [sarge] - xfree86 (Minor issue) NOTE: probably fixed earlier than 1:1.0.5 CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager (x ...) - xdm 1:1.0.5-1 (low) - xorg 1:7.1.0-13 (low) [sarge] - xfree86 (Minor issue) NOTE: probably fixed earlier than 1:1.0.5 CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient permis ...) NOT-FOR-US: Solaris CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-1 ...) NOT-FOR-US: IronWebMail CVE-2006-5209 (PHP remote file inclusion vulnerability in admin/admin_topic_action_lo ...) NOT-FOR-US: Admin Topic Action Logging Mod for phpBB CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow re ...) NOT-FOR-US: PHP Classifieds CVE-2006-5207 (PHP remote file inclusion vulnerability in images/smileys/smileys_pack ...) NOT-FOR-US: phpMyTeam CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote at ...) NOT-FOR-US: Invision Gallery CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows rem ...) NOT-FOR-US: Invision Gallery CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...) NOT-FOR-US: Invision Power Board (IPB) CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...) NOT-FOR-US: Invision Power Board (IPB) CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when makin ...) NOT-FOR-US: Linksys CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...) - sun-java5 1.5.0-10-1 (bug #393042) NOTE: this is similar to CVE-2006-4339 CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...) NOT-FOR-US: Adobe CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...) NOT-FOR-US: Adobe CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "File ...) NOT-FOR-US: WinZip CVE-2006-5197 (PDshopPro stores sensitive information under the web root with insuffi ...) NOT-FOR-US: PDshopPro CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...) NOT-FOR-US: Motorola SURFboard CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 a ...) NOT-FOR-US: Wheatblog CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...) NOT-FOR-US: net2ftp CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt W ...) NOT-FOR-US: WikyBlog CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in phpG ...) NOT-FOR-US: phpGreetz CVE-2006-5191 (PHP remote file inclusion vulnerability in includes/functions_static_t ...) NOT-FOR-US: Nivisec Static Topics module for phpBB CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...) NOT-FOR-US: osCommerce CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php i ...) NOT-FOR-US: klinza professional cms CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP G ...) NOT-FOR-US: webGENEius GOOP Gallery CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in B ...) NOT-FOR-US: Bulletin Board Ace (BBaCE) CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in phpMyProfi ...) NOT-FOR-US: phpMyProfiler CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...) NOT-FOR-US: HAMweather CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 all ...) NOT-FOR-US: PKR Internet Taskjitsu CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs D ...) NOT-FOR-US: Dayfox Blog CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...) NOT-FOR-US: Travelsized CMS CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ph ...) NOT-FOR-US: phpMyWebmin CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in Seb ...) NOT-FOR-US: Newswriter SW CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attac ...) NOT-FOR-US: Intoto iGateway CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...) - php5 5.2.0-1 (bug #391281; unimportant) - php4 4:4.4.4-1 (bug #391282; unimportant) NOTE: open_basedir is not supported CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...) NOT-FOR-US: MailEnable Professional CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...) NOT-FOR-US: MailEnable Professional CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) NOT-FOR-US: TeraStation HD-HTGL CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 be ...) {DSA-1237 DSA-1233} - linux-2.6 2.6.18-5 NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4 CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...) - linux-2.6 2.6.18-1 CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Co ...) NOT-FOR-US: Computer Associates (CA) Brightstor CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Co ...) NOT-FOR-US: Computer Associates (CA) Brightstor CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...) {DSA-1203-1} - libpam-ldap 180-1.2 (bug #392984; medium) CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k ...) NOT-FOR-US: PowerPortal CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: Pebble CVE-2006-XXXX [zabbix format string vulnerabilities] - zabbix 1:1.1.2-4 (bug #391388) CVE-2006-XXXX [zabbix buffer overflows] - zabbix 1:1.1.2-4 (bug #391388) CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 an ...) NOT-FOR-US: BasiliX CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web Sc ...) NOT-FOR-US: PHP Web Scripts Easy Banner Free CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in Sk ...) NOT-FOR-US: Skrypty PPA Gallery CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...) NOT-FOR-US: digiSHOP CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly oth ...) NOT-FOR-US: IBM CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...) NOT-FOR-US: Microsoft CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved pass ...) NOT-FOR-US: IBM CVE-2006-5160 - firefox (no real issues) CVE-2006-5159 NOT-FOR-US: Bogus Firefox issue CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel be ...) - linux-2.6 2.6.15 CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) NOT-FOR-US: TrendMicro OfficeScan CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and Pr ...) NOT-FOR-US: McAfee CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2 ...) NOT-FOR-US: VideoDB CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...) NOT-FOR-US: DeluxeBB CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...) NOT-FOR-US: Kerio Personal Firewall CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...) NOT-FOR-US: HP CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...) NOT-FOR-US: OpenBiblio CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before 0.5. ...) NOT-FOR-US: OpenBiblio CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b a ...) NOT-FOR-US: Forum82 CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...) NOT-FOR-US: VAMP Webmail CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow rem ...) NOT-FOR-US: Yblog CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow re ...) NOT-FOR-US: OlateDownload CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in OlateDow ...) NOT-FOR-US: OlateDownload CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 a ...) NOT-FOR-US: Backup Agent RPC Server CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 cli ...) NOT-FOR-US: CA BrightStor ARCserver Backup CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. Gord ...) NOT-FOR-US: Open Geo Targeting (aka geotarget) CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...) NOT-FOR-US: Image Host Script (phpkimagehost) CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to corru ...) NOT-FOR-US: MkPortal CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Groupee UBB.threads CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee UBB.t ...) NOT-FOR-US: Groupee UBB.threads CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...) NOT-FOR-US: Groupee UBB.threads CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow r ...) NOT-FOR-US: A-Blog CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to c ...) NOT-FOR-US: Mercury SiteScope CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...) NOT-FOR-US: GuildFTPd CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...) NOT-FOR-US: phpMyAgenda CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...) NOT-FOR-US: just another flat file (JAF) CMS CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...) NOT-FOR-US: ust another flat file (JAF) CMS CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...) NOT-FOR-US: ust another flat file (JAF) CMS CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...) NOT-FOR-US: ConPresso CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...) NOT-FOR-US: ConPresso CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...) NOT-FOR-US: PowerPortal CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by home ...) NOT-FOR-US: phpMyWebmin CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ph ...) NOT-FOR-US: phpMyWebmin CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenthe ...) NOT-FOR-US: PHProjekt CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteSco ...) NOT-FOR-US: SiteScope CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the Admi ...) NOT-FOR-US: PostNuke CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer R ...) NOT-FOR-US: Red Mombin CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...) NOT-FOR-US: Zen Cart CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD packa ...) NOT-FOR-US: PHPSelect Web Development Division CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web do ...) - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant) NOTE: Only path disclosure CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdm ...) {DSA-1207-1} - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2006-5/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b3906852bbcb5c4e116cc20e214b7f6793ca97aa NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ac2f606a21d474596a4b2cada961385439cbc8f0 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/50319d634c620044a0542495939cd68530f00259 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows rem ...) NOT-FOR-US: KGB CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP In ...) NOT-FOR-US: SAP CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exp ...) NOT-FOR-US: Exporia CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...) NOT-FOR-US: NaviCOPA Web Server CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by gpg ...) - libksba 0.9.14-1 (low; bug #391278) [sarge] - libksba (Minor issue) CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2. ...) NOT-FOR-US: PHP Invoice CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive i ...) NOT-FOR-US: CubeCart CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeC ...) NOT-FOR-US: CubeCart CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x all ...) NOT-FOR-US: CubeCart CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 f ...) NOT-FOR-US: FacileForms for Mambo and Joomla! CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...) NOT-FOR-US: SyntaxCMS CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x all ...) NOT-FOR-US: vBulletin CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...) NOT-FOR-US: bbsNew CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...) NOT-FOR-US: Newswriter SW CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV I ...) NOT-FOR-US: Comdev CSV Importer CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in WEB//NE ...) NOT-FOR-US: WEB//NEWS (aka webnews) CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert ...) - dokuwiki 0.0.20060309-5.2 (bug #391291; medium) CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attack ...) - dokuwiki 0.0.20060309-5.2 (bug #391291; medium) CVE-2006-5097 NOT-FOR-US: net2ftp CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...) NOT-FOR-US: VirtueMart CVE-2006-5095 NOT-FOR-US: MyPhotos CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php i ...) NOT-FOR-US: phpBB XS CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...) NOT-FOR-US: TagIt! Tagboard CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in A-Bl ...) NOT-FOR-US: A-Blog CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Sa ...) NOT-FOR-US: HP-UX Samba CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evoluti ...) NOT-FOR-US: Phoenix Evolution CMS (PECMS) CVE-2006-5089 NOT-FOR-US: My-BIC CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...) NOT-FOR-US: phpMyChat CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ea ...) NOT-FOR-US: evoBB CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...) NOT-FOR-US: Blog Pixel Motion CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...) NOT-FOR-US: Blog Pixel Motion CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay Sk ...) NOT-FOR-US: Skype CVE-2006-5083 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...) NOT-FOR-US: Integrated MODs (IM) Portal CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB ...) NOT-FOR-US: QuickBlogger CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...) NOT-FOR-US: Movable Type CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt Hum ...) NOT-FOR-US: paBugs CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in Kristia ...) NOT-FOR-US: Polaring CVE-2006-5077 (PHP remote file inclusion vulnerability in admin/admin_topic_action_lo ...) NOT-FOR-US: Minerva CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back ...) NOT-FOR-US: OpenConcept Back-End CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 1 ...) NOT-FOR-US: Solaris CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2. ...) NOT-FOR-US: PHP Invoice CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote att ...) NOT-FOR-US: Solaris CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary fi ...) - mono 1.1.17.1-5 CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0. ...) NOT-FOR-US: eyeOS CVE-2006-5070 (PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links. ...) NOT-FOR-US: faceStones Personal CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...) - typo3-src (only versions 4.0.0+4.0.1 affected) CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in Brudaswe ...) NOT-FOR-US: BrudaNews CVE-2006-5067 NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK) CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0 ...) NOT-FOR-US: DanPHPSupport CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in Zoo ...) NOT-FOR-US: ZoomStats CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 an ...) NOT-FOR-US: BirdBlog CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote a ...) {DSA-1242-1} - elog 2.6.2+r1719-1 (bug #389361) CVE-2006-5062 (PHP remote file inclusion vulnerability in templates/pb/language/lang_ ...) NOT-FOR-US: PBLang (PBL) CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Sc ...) NOT-FOR-US: Advanced-Clan-Script (AVCX) CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.1 ...) NOT-FOR-US: Jamroom CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4. ...) NOT-FOR-US: WWWthreads CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...) NOT-FOR-US: Call of Duty CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net Phot ...) NOT-FOR-US: PhotoStore CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/V ...) NOT-FOR-US: Opial Audio/Video Download Management CVE-2006-5055 (PHP remote file inclusion vulnerability in admin/testing/tests/0004_in ...) NOT-FOR-US: syntaxCMS CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Bet ...) NOT-FOR-US: iyzi Forum CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in Web ...) NOT-FOR-US: Web-News CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...) [etch] - openssh (Minor issue) - openssh 1:4.6p1-1 (low) CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote atta ...) {DSA-1638-1 DSA-1212 DSA-1189-1} - openssh 1:4.6p1-1 (low) - openssh-krb5 (high) NOTE: From my analysis only openssh with Kerberos support should be vulnerable NOTE: However, we'll fix openssh as well just to make sure CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox allo ...) - busybox (bug #390555; irreproducible) [sarge] - busybox (Vulnerable code not present) CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component 1 ...) NOT-FOR-US: Classifieds (com_classifieds) component for Joomla! CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images ...) NOT-FOR-US: Security Images (com_securityimages) component for Joomla! CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 compon ...) NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2) CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and e ...) NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2) CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...) NOT-FOR-US: PollXT component (com_pollxt) for Joomla! CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...) NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla! CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard ...) NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla! CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...) NOT-FOR-US: mosMedia (com_mosmedia) for Joomla! CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly com_hotpropertie ...) NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla! CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspeci ...) NOT-FOR-US: SEF404x (com_sef) for Joomla! CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for J ...) NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla! CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...) NOT-FOR-US: FiWin CVE-2006-5037 NOT-FOR-US: MySource Matrix CVE-2006-5036 NOT-FOR-US: MySource Matrix CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Comp ...) NOT-FOR-US: vCAP CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...) NOT-FOR-US: vCAP CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...) NOT-FOR-US: vCAP CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1. ...) NOT-FOR-US: PHPartenaire CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in Cak ...) - cakephp 1.1.13.4450-1 CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 2.0. ...) NOT-FOR-US: exV2 CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board (wB ...) NOT-FOR-US: WoltLab Burning Board (wBB) CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in SW ...) NOT-FOR-US: Plesk CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...) NOT-FOR-US: JevonCMS CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner) CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner) CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...) NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner) CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...) NOT-FOR-US: xweblog CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in Josh ...) NOT-FOR-US: pNews System 1.1.0 (aka PowerNews) CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0 ...) NOT-FOR-US: RedBLoG CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 a ...) NOT-FOR-US: SolidState CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Google Mini CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an I ...) NOT-FOR-US: ContentKeeper CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...) NOT-FOR-US: e-Vision CMS CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava G ...) NOT-FOR-US: e-Vision CMS CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...) NOT-FOR-US: Kietu CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remot ...) NOT-FOR-US: cPanel CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 syst ...) NOT-FOR-US: Solaris CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...) NOT-FOR-US: Solaris CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3 ...) NOT-FOR-US: AIX CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...) NOT-FOR-US: AIX CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows l ...) NOT-FOR-US: AIX CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows a ...) NOT-FOR-US: AIX CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...) NOT-FOR-US: AIX CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local user ...) NOT-FOR-US: AIX CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5 ...) NOT-FOR-US: AIX CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5. ...) NOT-FOR-US: AIX CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5 ...) NOT-FOR-US: AIX CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 throu ...) NOT-FOR-US: AIX CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 be ...) NOT-FOR-US: WS_FTP CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and p ...) NOT-FOR-US: WS_FTP CVE-2006-4999 RESERVED CVE-2006-4998 RESERVED CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...) {DSA-1237 DSA-1233} - linux-2.6 2.6.18-1 CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 fo ...) NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla! CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestat ...) NOT-FOR-US: BSQ Sitestats for Joomla! CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache Friend ...) NOT-FOR-US: XAMPP CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4. ...) NOT-FOR-US: AllMyGuests CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...) NOT-FOR-US: JD-WordPress for Joomla! CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows p ...) NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow ...) NOT-FOR-US: PhotoPost CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...) NOT-FOR-US: Wili-CMS CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michael ...) NOT-FOR-US: Wili-CMS CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick Michaeli ...) NOT-FOR-US: Wili-CMS CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive inf ...) NOT-FOR-US: BandSite CMS CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandS ...) NOT-FOR-US: BandSite CMS CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSi ...) NOT-FOR-US: BandSite CMS CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network w ...) NOT-FOR-US: Cisco CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device prop ...) NOT-FOR-US: Cisco CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass co ...) NOT-FOR-US: Symantec CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...) {DSA-1198-1 DSA-1197-1} - python2.5 2.5-1 (bug #391589) - python2.4 2.4.3-9 (bug #391589) - python2.3 2.3.5-16 (bug #393053) - python2.2 (Compiled without UCS-4 support) CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php i ...) NOT-FOR-US: PhpQuiz CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...) NOT-FOR-US: PhpQuiz CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) back/upload_i ...) NOT-FOR-US: PhpQuiz CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote attac ...) - libphp-adodb (unimportant) - gallery2 (unimportant) - phppgadmin 5.1+ds-1 (unimportant) - egroupware (unimportant) - phpwiki (unimportant) - moodle (unimportant) NOTE: full path is known in Debian anyway CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain JavaScri ...) NOT-FOR-US: Yahoo! Messenger CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows re ...) NOT-FOR-US: WS_FTP CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual ...) NOT-FOR-US: DotNetNuke CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4. ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM E-C ...) NOT-FOR-US: Pie Cart Pro CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...) NOT-FOR-US: Pie Cart Pro CVE-2006-4968 (PHP remote file inclusion vulnerability in includes/functions_admin.ph ...) NOT-FOR-US: PNphpBB NOTE: code in phpBB is different and not affected CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart al ...) NOT-FOR-US: NextAge Cart CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in chump ...) NOT-FOR-US: phpQuestionnaire CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ex ...) NOT-FOR-US: Apple NOTE: also used for related MFSA-2007-28, but still a QuickTime/Windows only issue CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...) NOT-FOR-US: MAXdev MDPro CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 ...) NOT-FOR-US: Exponent CMS CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...) NOT-FOR-US: Php Blue Dragon CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in public_ ...) NOT-FOR-US: Php Blue Dragon CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon ...) NOT-FOR-US: Php Blue Dragon CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows rem ...) NOT-FOR-US: Sun Secure Global Desktop CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Glob ...) NOT-FOR-US: Sun Secure Global Desktop CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...) NOT-FOR-US: MyReview CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in ...) NOT-FOR-US: Neon WebMail for Java CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon ...) NOT-FOR-US: Neon WebMail for Java CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not v ...) NOT-FOR-US: Neon WebMail for Java CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...) NOT-FOR-US: Neon WebMail for Java CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows rem ...) NOT-FOR-US: Neon WebMail for Java CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute a ...) NOT-FOR-US: Neon WebMail for Java CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...) NOT-FOR-US: Cisco CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profil ...) NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFT ...) NOT-FOR-US: TFTPDWIN CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keyw ...) NOT-FOR-US: Search Keywords module for Drupal CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...) NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB) CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Fre ...) NOT-FOR-US: DigitalWebShop CVE-2006-4944 (PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.ph ...) NOT-FOR-US: ProgSys CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...) - moodle 1.6.2-1 [sarge] - moodle (File not present) CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ...) - moodle 1.6.2-1 CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ...) - moodle 1.6.2-1 CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ...) - moodle 1.6.2-1 [sarge] - moodle (Function not present) CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ...) - moodle 1.6.2-1 (unimportant) NOTE: Path disclosure CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of certai ...) - moodle 1.6.2-1 (unimportant) NOTE: Path disclosure CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...) - moodle 1.6.2-1 CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...) - moodle 1.6.2-1 CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle up ...) - moodle 1.6.2-1 CVE-2006-4934 RESERVED CVE-2006-4933 RESERVED CVE-2006-4932 RESERVED CVE-2006-4931 RESERVED CVE-2006-4930 RESERVED CVE-2006-4929 RESERVED CVE-2006-4928 RESERVED CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drive ...) NOT-FOR-US: Symantec AntiVirus CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...) NOT-FOR-US: Kaspersky Labs CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial o ...) - openssh 1:5.1p1-5 (unimportant) NOTE: That's a non-issue CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, all ...) {DSA-1212 DSA-1189-1} - openssh 1:4.3p2-4 (low; bug #389995) - openssh-krb5 (low) CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Po ...) NOT-FOR-US: eSyndiCat Portal System CVE-2006-4922 (Unrestricted file upload vulnerability in starnet/editors/htmlarea/pop ...) NOT-FOR-US: Site@School CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 an ...) NOT-FOR-US: Site@School CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S ...) NOT-FOR-US: Site@School CVE-2006-4919 (Directory traversal vulnerability in starnet/editors/htmlarea/popups/i ...) NOT-FOR-US: Site@School CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple Discussio ...) NOT-FOR-US: Simple Discussion Board CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7. ...) NOT-FOR-US: PT News CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1. ...) NOT-FOR-US: Tekman Portal CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate Port ...) NOT-FOR-US: Innovate Portal CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote att ...) NOT-FOR-US: A.l-Pifou CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in Alstr ...) NOT-FOR-US: AlstraSoft E-friends CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earli ...) NOT-FOR-US: PHP DocWriter CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 bef ...) NOT-FOR-US: Cisco CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before 4.1(5c) ...) NOT-FOR-US: Cisco CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigatio ...) NOT-FOR-US: Cisco CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive in ...) NOT-FOR-US: OSU CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive in ...) NOT-FOR-US: OSU CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in More.group ...) NOT-FOR-US: More.groupware CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...) NOT-FOR-US: Artmedic Links CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-C ...) NOT-FOR-US: X-Cart CVE-2006-4903 RESERVED CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...) NOT-FOR-US: Symantec Veritas NetBackup CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...) NOT-FOR-US: CA eTrust CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust S ...) NOT-FOR-US: CA eTrust CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security Com ...) NOT-FOR-US: CA eTrust CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...) NOT-FOR-US: guanxiCRM CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web do ...) NOT-FOR-US: CMtextS CVE-2006-4896 REJECTED CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to del ...) NOT-FOR-US: IDevSpot NexieAffiliate CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...) NOT-FOR-US: IDevSpot NexieAffiliate CVE-2006-4893 (PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_ ...) NOT-FOR-US: phpBB XS CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manage ...) NOT-FOR-US: Techno Dreams FAQ CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...) NOT-FOR-US: Techno Dreams CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...) NOT-FOR-US: UNAK-CMS CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKor ...) NOT-FOR-US: Telekorn SignKorn Guestbook CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to c ...) NOT-FOR-US: Microsoft CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...) NOT-FOR-US: Apple CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...) NOT-FOR-US: McAfee CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and e ...) NOT-FOR-US: Shadowed Portal CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSuppo ...) NOT-FOR-US: IDevSpot iSupport CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDir ...) NOT-FOR-US: IDevSpot BizDirectory CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon Car ...) NOT-FOR-US: Cart 3 CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett P ...) NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...) NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ( ...) NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett PHP-P ...) NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...) NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote att ...) NOT-FOR-US: Jupiter CMS CVE-2006-4875 (Unrestricted file upload vulnerability in modules/galleryuploadfunctio ...) NOT-FOR-US: Jupiter CMS CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS all ...) NOT-FOR-US: Jupiter CMS CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Jupiter CMS CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Jangh ...) NOT-FOR-US: ECardPro CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan J ...) NOT-FOR-US: EShoppingPro CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, an ...) NOT-FOR-US: AEDating CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ph ...) NOT-FOR-US: phpunity.postcard CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine (v ...) NOT-FOR-US: Microsoft CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allo ...) NOT-FOR-US: GNUTurk CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in R ...) NOT-FOR-US: Apple CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive i ...) NOT-FOR-US: PhpQuiz CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...) NOT-FOR-US: ReviewPost CVE-2006-4863 NOT-FOR-US: mcLinksCounter CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...) NOT-FOR-US: easypage CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panj ...) NOT-FOR-US: Complain Center CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc ...) NOT-FOR-US: Limbo CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the Cont ...) NOT-FOR-US: Limbo CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in t ...) NOT-FOR-US: Serverstat (com_serverstat) component for Mambo CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in Cli ...) NOT-FOR-US: ClickBlog CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogge ...) NOT-FOR-US: WebLogger CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) NOT-FOR-US: Symantec CVE-2006-4854 REJECTED CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1. ...) NOT-FOR-US: Haberx CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allow ...) NOT-FOR-US: QuadComm Q-Shop CVE-2006-4851 (PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHT ...) NOT-FOR-US: BolinOS CVE-2006-4850 (PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIn ...) NOT-FOR-US: BolinOS CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in MobilePublish ...) NOT-FOR-US: MobilePublisherPHP CVE-2006-4848 NOT-FOR-US: Hitweb CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...) NOT-FOR-US: WS_FTP CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced Acces ...) NOT-FOR-US: Citrix CVE-2006-4845 (PHP remote file inclusion vulnerability in includes/footer.html.inc.ph ...) NOT-FOR-US: TeamCal CVE-2006-4844 (PHP remote file inclusion vulnerability in inc/claro_init_local.inc.ph ...) NOT-FOR-US: Claroline CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) NOT-FOR-US: IBM Lotus Domino CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in S ...) - xulrunner 1.8.0.9-1 (low; bug #405062) [sarge] - mozilla (Minor issue) NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470 CVE-2006-4841 RESERVED CVE-2006-4840 REJECTED CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: Sophos CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6 ...) NOT-FOR-US: DCP-Portal CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6. ...) NOT-FOR-US: DCP-Portal CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows r ...) NOT-FOR-US: DCP-Portal CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attacke ...) NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum) CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...) NOT-FOR-US: phpQuiz CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 1 ...) NOT-FOR-US: NetPerformer CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT S ...) NOT-FOR-US: NetPerformer CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before 0 ...) NOT-FOR-US: IP over DNS is now easy (iodine) CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in D ...) NOT-FOR-US: Blojsom CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...) NOT-FOR-US: Blojsom CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in PhotoPo ...) NOT-FOR-US: PhotoPost CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1 ...) NOT-FOR-US: Vmist Downstat CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed Port ...) NOT-FOR-US: Shadowed Portal CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index. ...) NOT-FOR-US: PHP Event Calendar CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in Quick ...) NOT-FOR-US: Quicksilver Forums (QSF) CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in Re ...) NOT-FOR-US: Magic News CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in eM ...) NOT-FOR-US: emuCMS CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...) NOT-FOR-US: Drupal Userreview module CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11. ...) NOT-FOR-US: HP-UX CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attacke ...) NOT-FOR-US: Opera CVE-2006-4818 RESERVED CVE-2006-4817 RESERVED CVE-2006-4816 RESERVED CVE-2006-4815 RESERVED CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not prop ...) {DSA-1503-2 DSA-1503-1 DSA-1304} - linux-2.6 2.6.18.dfsg.1-9 (low) - kernel-patch-openvz 028.18.1 CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6 ...) {DSA-1233} - linux-2.6 2.6.13-1 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...) - php4 - php5 5.1.6-5 (bug #391586) CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 bef ...) {DSA-1200-1} - qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313) - qt4-x11 4.2.1-1 (bug #394192) CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used b ...) {DSA-1219} - texinfo 4.8.dfsg.1-4 CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, an ...) - imlib2 1.3.0.0debian1-3 (medium; bug #397371) CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...) - imlib2 1.3.0.0debian1-3 (medium; bug #397371) CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allo ...) - imlib2 1.3.0.0debian1-3 (medium; bug #397371) CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote attack ...) - imlib2 1.3.0.0debian1-3 (medium; bug #397371) CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...) {DSA-1201-1} - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-4804 RESERVED CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...) NOT-FOR-US: Novell Identity Manager CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in Sym ...) NOT-FOR-US: Symantec CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possi ...) NOT-FOR-US: Roxio Toast CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p200605 ...) {DSA-1215} - ffmpeg 0.cvs20060329-1 - xmovie - xine-lib 1.1.2-1 - gst-ffmpeg 0.8.7-7 (medium; bug #401304) - gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311) - mplayer 1.0~rc1-1 NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow contex ...) {DSA-1215} - xine-lib 1.1.2-1 (bug #369876; medium) NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which mig ...) - sql-ledger 2.4.5-1 CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Inter ...) NOT-FOR-US: CJ Tag Board CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...) NOT-FOR-US: Snitz Forums CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allo ...) NOT-FOR-US: e107 CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 a ...) NOT-FOR-US: TualBLOG CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...) {DSA-1217} - linux-ftpd 0.17-23 (low; bug #384454) CVE-2006-XXXX [ejabberd HTML code injection] - ejabberd 1.1.1-8 CVE-2006-4792 RESERVED CVE-2006-4791 RESERVED CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users t ...) NOT-FOR-US: Open Movie Editor CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in Tel ...) NOT-FOR-US: SignKorn Guestbook CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive informa ...) NOT-FOR-US: AlphaMail CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive i ...) - moodle 1.6.2-1 (low) CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earli ...) - moodle 1.6.2-1 (medium; bug #387177) CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 an ...) - moodle 1.6.2-1 (low) CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earl ...) NOT-FOR-US: WebSPELL CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals i ...) NOT-FOR-US: WebSPELL CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT ...) NOT-FOR-US: FutureSoft TFTP Server CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in p ...) NOT-FOR-US: phpBB XS CVE-2006-4779 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...) NOT-FOR-US: Vitrax Premodded phpBB CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before 3. ...) NOT-FOR-US: Creative Commons Tools ccHost CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control (Direct ...) NOT-FOR-US: DirectAnimation.PathControl CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...) NOT-FOR-US: Cisco CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and Cat ...) NOT-FOR-US: Cisco CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...) NOT-FOR-US: Cisco CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earl ...) NOT-FOR-US: Sun StorEdge CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with insuf ...) NOT-FOR-US: HotPlug CMS CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 all ...) NOT-FOR-US: ForumJBC CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...) NOT-FOR-US: MiniPort@l CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 al ...) NOT-FOR-US: p4CMS CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...) NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst Newsscrip ...) NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst Newsscr ...) NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows a ...) NOT-FOR-US: NETGEAR CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE W ...) NOT-FOR-US: WTools CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lig ...) NOT-FOR-US: IBM Lotus Domino Web Access CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...) NOT-FOR-US: Ykoon RssReader CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman S ...) NOT-FOR-US: SharpReader CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...) NOT-FOR-US: RSSOwl CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname end ...) NOT-FOR-US: PunBB CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which a ...) {DSA-1488-1} - phpbb2 2.0.21-4 (bug #388120; unimportant) NOTE: Only exploitable by admins, which you'd need to trust CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 0. ...) NOT-FOR-US: e107 CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...) NOT-FOR-US: phpMyDirectory CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirector ...) NOT-FOR-US: phpMyDirectory CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...) NOT-FOR-US: PHProg CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 al ...) NOT-FOR-US: PHProg CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote att ...) NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Mat ...) NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS CVE-2006-4750 (PHP remote file inclusion vulnerability in openi-admin/base/fileloader ...) NOT-FOR-US: OPENi-CMS CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Tra ...) NOT-FOR-US: PHP Advanced Transfer Manager (phpATM) CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow rem ...) NOT-FOR-US: F-ART BLOG:CMS CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAd ...) NOT-FOR-US: IdevSpot TextAds CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...) NOT-FOR-US: Web Server Creator CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to p ...) NOT-FOR-US: ScaryBear PocketExpense Pro CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...) NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...) - wordpress 2.0.5-0.1 (unimportant) NOTE: path disclosure only CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot P ...) NOT-FOR-US: PhpLinkExchange CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in IDevSp ...) NOT-FOR-US: PhpLinkExchange CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Jetbox CMS CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...) NOT-FOR-US: Jetbox CMS CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...) NOT-FOR-US: Jetbox CMS CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote a ...) NOT-FOR-US: Jetbox CMS CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allo ...) NOT-FOR-US: CMS.R CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sens ...) - magpierss (unimportant) NOTE: path disclosure only CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php i ...) - tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122) CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...) NOT-FOR-US: simple, integrated publishing system (SIPS) CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unkn ...) NOT-FOR-US: Microsoft CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) a ...) {DSA-1239-1} - sql-ledger 2.6.19-1 CVE-2006-4730 RESERVED CVE-2006-4729 RESERVED CVE-2006-4728 RESERVED CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in ...) NOT-FOR-US: Tumbleweed EMF Administration Module CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 th ...) NOT-FOR-US: Adobe CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security r ...) NOT-FOR-US: Adobe CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in ...) NOT-FOR-US: Adobe CVE-2006-4723 (PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/che ...) NOT-FOR-US: RaidenHTTPD CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB ...) NOT-FOR-US: Open Bulletin Board (OpenBB) CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...) NOT-FOR-US: CCleague Pro Sports CMS CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...) NOT-FOR-US: mcGalleryPRO CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1. ...) NOT-FOR-US: MyABraCaDaWeb CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...) NOT-FOR-US: KorviBlog CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module bef ...) NOT-FOR-US: Pubcookie module for Drupal CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...) NOT-FOR-US: Fire Soft Board (FSB) CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Arti ...) NOT-FOR-US: SpoonLabs Vivvo Article Management CMS CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivv ...) NOT-FOR-US: SpoonLabs Vivvo Article Management CMS CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...) NOT-FOR-US: PSYWERKS PUMA CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allo ...) - firefox-sage 1.3.6-3 (bug #388149; medium) CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remo ...) - firefox-sage 1.3.6-3 (bug #388149; medium) CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedD ...) NOT-FOR-US: NewsGator FeedDemon CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows re ...) NOT-FOR-US: Vikingboard CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...) NOT-FOR-US: Vikingboard CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic Gamb ...) NOT-FOR-US: Timesheet (aka Timesheet.php) CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker (WMIScript ...) NOT-FOR-US: Microsoft CVE-2006-4703 REJECTED CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft Windo ...) NOT-FOR-US: Microsoft CVE-2006-4701 REJECTED CVE-2006-4700 REJECTED CVE-2006-4699 REJECTED CVE-2006-4698 REJECTED CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...) NOT-FOR-US: Microsoft CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows 2 ...) NOT-FOR-US: Microsoft CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...) NOT-FOR-US: Microsoft Office CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...) NOT-FOR-US: Microsoft CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for M ...) NOT-FOR-US: Microsoft Word CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager (packa ...) NOT-FOR-US: Microsoft Word CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in th ...) NOT-FOR-US: Microsoft CVE-2006-4690 REJECTED CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for Net ...) NOT-FOR-US: Microsoft CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...) NOT-FOR-US: Microsoft CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core S ...) NOT-FOR-US: Microsoft CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 thro ...) {DSA-1176-1} - zope2.7 - zope2.8 2.8.8-2 CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: IBM Director CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...) NOT-FOR-US: IBM Director CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director befo ...) NOT-FOR-US: IBM Director CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords wh ...) NOT-FOR-US: Canon imageRUNNER CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, whic ...) - dokuwiki 0.0.20060309-5.1 (low; bug #388082) CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...) NOT-FOR-US: News Evolution CVE-2006-4677 NOT-FOR-US: phpopenchat CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...) NOT-FOR-US: TIBCO RendezVous CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in DokuWik ...) - dokuwiki 0.0.20060309-5.1 (medium; bug #388082) CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki bef ...) - dokuwiki 0.0.20060309-5.1 (medium; bug #388082) CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...) NOT-FOR-US: PHP-Fusion CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...) NOT-FOR-US: ppalCart CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...) NOT-FOR-US: Fantastic News CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Galler ...) NOT-FOR-US: PhotoKorn Gallery CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...) NOT-FOR-US: Somery CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley A ...) NOT-FOR-US: AckerTodo CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote at ...) NOT-FOR-US: RunCMS CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst New ...) NOT-FOR-US: Newsscript (aka WM-News) CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...) NOT-FOR-US: MKPortal CVE-2006-4664 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...) NOT-FOR-US: Premod Shadow CVE-2006-4663 NOT-FOR-US: User problem CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...) NOT-FOR-US: AOL ICQ CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not prop ...) NOT-FOR-US: AOL ICQ Toolbar CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed mo ...) NOT-FOR-US: AOL ICQ Toolbar CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 u ...) NOT-FOR-US: Panda Platinum Internet Security CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...) NOT-FOR-US: Panda Platinum Internet Security CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 store ...) NOT-FOR-US: Panda Platinum Internet Security CVE-2006-4656 (PHP remote file inclusion vulnerability in admin/editeur/spaw_control. ...) NOT-FOR-US: Web Provence SL_Site CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...) NOT-FOR-US: X11R6.4 CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...) NOT-FOR-US: Address Book Web Server CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store sens ...) NOT-FOR-US: Amazing Little Poll CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a def ...) NOT-FOR-US: Amazing Little Poll CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...) NOT-FOR-US: Php download CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...) NOT-FOR-US: Cisco CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ( ...) NOT-FOR-US: BinGo News CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ( ...) NOT-FOR-US: BinGo News CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...) NOT-FOR-US: Sponge News CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto mo ...) NOT-FOR-US: Drupal Pathauto module CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...) NOT-FOR-US: Social BookMarking Engine CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...) NOT-FOR-US: phpFullAnnu CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeag ...) NOT-FOR-US: PhpLeague CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator p ...) NOT-FOR-US: AuditWizard CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...) NOT-FOR-US: Muratsoft Haber Portal CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...) - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...) NOT-FOR-US: C-News.fr C-News CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News 0. ...) NOT-FOR-US: ACGV News CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...) NOT-FOR-US: ACGV News CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlie ...) NOT-FOR-US: PhpCommander CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ear ...) NOT-FOR-US: MySource Classic CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...) NOT-FOR-US: VBZooM CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...) NOT-FOR-US: SoftBB CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ear ...) NOT-FOR-US: SoftBB CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in So ...) NOT-FOR-US: SoftBB CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...) NOT-FOR-US: MySpeach CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...) NOT-FOR-US: C-News.fr C-News CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...) NOT-FOR-US: VCD-db CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via Mic ...) NOT-FOR-US: System Information ActiveX control CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4. ...) NOT-FOR-US: avast! Anti-virus Engine CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...) - php4 4:4.4.4-1 (bug #391282; unimportant) - php5 5.2.0-1 (bug #391281; unimportant) NOTE: open_basedir violations not supported in Debian's PHP CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 al ...) {DSA-1188-1} - mailman 1:2.1.8-3 CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation compo ...) {DSA-1304} - linux-2.6 2.6.18-1 CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3 ...) {DSA-1182-1} NOTE: GNUTLS-SA-2006-4 - gnutls13 1.4.4-1 (high) - gnutls12 (high) - gnutls11 (high) CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack] NOTE: GNUTLS-SA-2006-3 (withdrawn) - gnutls13 1.4.3-1 (unimportant) - gnutls12 (unimportant) - gnutls11 (unimportant) CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV (ak ...) NOT-FOR-US: AnnonceV CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...) NOT-FOR-US: Pheap CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with M ...) NOT-FOR-US: Alt-N WebAdmin CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...) NOT-FOR-US: Avira CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...) - libphp-adodb (vulnerable code seems to be In-link specific) - egroupware (vulnerable code seems to be In-link specific) - moodle (vulnerable code seems to be In-link specific) - phppgadmin (vulnerable code seems to be In-link specific) - gallery2 (vulnerable code seems to be In-link specific) - phpwiki (vulnerable code seems to be In-link specific) CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger CR ...) NOT-FOR-US: vtiger CRM CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise befo ...) NOT-FOR-US: MailEnable CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...) NOT-FOR-US: Shape Services CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords i ...) NOT-FOR-US: PDAapps Verichat CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...) NOT-FOR-US: SnapGear CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows re ...) NOT-FOR-US: ZIXForum CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks bef ...) NOT-FOR-US: dsocks CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.1 ...) NOT-FOR-US: GrapAgenda CVE-2006-4609 NOT-FOR-US: PHProjekt CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...) NOT-FOR-US: php-Revista CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote atta ...) NOT-FOR-US: php-Revista CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1 ...) NOT-FOR-US: php-Revista CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...) NOT-FOR-US: php-Revista CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php i ...) NOT-FOR-US: Lanifex Database of Managed Objects (DMO) CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass aut ...) NOT-FOR-US: Swift Sound Web Dictate CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows r ...) NOT-FOR-US: 1Two CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...) - openldap2.3 2.3.25-1 - openldap2.2 (low) - openldap2 (low) (slapd not built from this version) CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...) NOT-FOR-US: Autentificator CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 al ...) NOT-FOR-US: ssLinks CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...) NOT-FOR-US: ICBlogger CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...) NOT-FOR-US: MyBace Light Skrip CVE-2006-4595 (muforum (µforum) 0.4c stores membres/members.dat under the web do ...) NOT-FOR-US: muforum CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Tra ...) NOT-FOR-US: phpAtm CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 an ...) NOT-FOR-US: SoftBB CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...) NOT-FOR-US: Simple Blog CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Templ ...) NOT-FOR-US: AltraSoft Template Seller CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...) NOT-FOR-US: Jetstat.com JS ASP Faq Manager CVE-2006-4589 (PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte ...) NOT-FOR-US: DynCMS CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to byp ...) NOT-FOR-US: vtiger CRM CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2. ...) NOT-FOR-US: vtiger CRM CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash f ...) NOT-FOR-US: Tr Forum CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...) NOT-FOR-US: Tr Forum CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...) NOT-FOR-US: Tr Forum CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...) NOT-FOR-US: FlashChat CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1. ...) NOT-FOR-US: The Address Book CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e valid ...) NOT-FOR-US: The Address Book CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to bypa ...) NOT-FOR-US: The Address Book CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book 1.0 ...) NOT-FOR-US: The Address Book CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...) NOT-FOR-US: The Address Book CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Boo ...) NOT-FOR-US: The Address Book CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e all ...) NOT-FOR-US: The Address Book CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow ...) NOT-FOR-US: The Address Book CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark (formerl ...) - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...) {DSA-1202-1} - screen 4.0.3-0.1 (bug #395225; bug #395999; medium) CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows re ...) - linux-2.6 2.6.18.dfsg.1-9 (medium) CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ...) {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-64 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (high) - xulrunner 1.8.0.7-1 (high) CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "L ...) {DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-63 - thunderbird 1.5.0.7-1 - mozilla CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...) NOTE: MFSA-2006-62 - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (low) - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox (Regression only affecting 1.5) CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ...) {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-61 - mozilla (low) - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (low) - thunderbird 1.5.0.7-1 CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...) NOTE: MFSA-2006-58 - firefox 1.5.dfsg+1.5.0.7-1 (unimportant) - thunderbird 1.5.0.7-1 (unimportant) [sarge] - mozilla-firefox (unimportant) [sarge] - mozilla-thunderbird (unimportant) NOTE: The internal update mechanism is disabled in Debian CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ...) {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-57 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (high) CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ...) {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-57 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - xulrunner 1.8.0.7-1 (high) - thunderbird 1.5.0.7-1 (low) CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple Mach ...) NOT-FOR-US: Simple Machines Forum CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3 ...) NOT-FOR-US: PHP-Nuke CVE-2006-4562 NOT-FOR-US: Symantec CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary J ...) - xulrunner 1.8.0.7-1 (low) - firefox 1.5.dfsg+1.5.0.7-1 (low) [sarge] - mozilla (Mozilla products from Sarge no longer supported) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to execu ...) NOT-FOR-US: Internet Explorer CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another Comm ...) NOT-FOR-US: Yet Another Community System (YACS) CMS CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...) NOT-FOR-US: DeluxeBB CVE-2006-4557 NOT-FOR-US: Discloser CVE-2006-4556 NOT-FOR-US: JIM component for Mambo and Joomla! CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control a ...) NOT-FOR-US: Miniclip CR64Loader ActiveX control CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ZOO-proces ...) NOT-FOR-US: BeCubed Compression Plus CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the com ...) NOT-FOR-US: com_comprofiler Components for Mambo and Joomla! CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01- ...) NOT-FOR-US: CHXO Feedsplitter CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows re ...) NOT-FOR-US: CHXO Feedsplitter CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allo ...) NOT-FOR-US: CHXO Feedsplitter CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the sourc ...) NOT-FOR-US: CHXO Feedsplitter CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...) NOTE: this should be fixed in PHP (CVE-2006-3017) CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain sen ...) NOT-FOR-US: Lyris ListManager CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have adm ...) NOT-FOR-US: Lyris ListManager CVE-2006-4545 NOT-FOR-US: ModuleBased CMS Pre-Alpha CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...) NOT-FOR-US: ExBB CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...) NOT-FOR-US: HLStats CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...) {DSA-1199-1} - webmin (bug #391284) - usermin CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...) NOT-FOR-US: BlackICE PC Protection CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.c ...) NOT-FOR-US: Learn.com LearnCenter CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) includes/widge ...) NOT-FOR-US: Cerberus Helpdesk CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platfor ...) {DSA-1237 DSA-1233} - linux-2.6 2.6.17-9 CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alph ...) NOT-FOR-US: OpenVMS CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0. ...) NOT-FOR-US: CMS Frogss CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local u ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.18-1 CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 200 ...) NOT-FOR-US: Microsoft CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...) NOT-FOR-US: Plume CMS CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...) NOT-FOR-US: Yet Another Community System (YACS) CMS CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...) NOT-FOR-US: Pheap CMS CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in me ...) NOT-FOR-US: membrepass CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...) NOT-FOR-US: membrepass CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...) NOT-FOR-US: membrepass CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...) NOT-FOR-US: CubeCart CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in Cub ...) NOT-FOR-US: CubeCart CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlie ...) NOT-FOR-US: CubeCart CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...) NOT-FOR-US: Digiappz Freekot CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and Offic ...) NOT-FOR-US: 2Wire CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows loca ...) NOT-FOR-US: IBM AIX CVE-2006-XXXX [hostapd dos] - hostapd 1:0.5.4-1 [sarge] - hostapd (Vulnerable code not present) CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS modu ...) NOT-FOR-US: Novell eDirectory CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2 ...) NOT-FOR-US: Novell eDirectory CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...) {DSA-1335-1} - gimp 2.2.16-1 (medium) NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a deni ...) NOT-FOR-US: Qbik WinGate CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denia ...) NOT-FOR-US: Novell iManager CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...) - kfreebsd-5 (low) [etch] - kfreebsd-5 (no security support for freebsd) CVE-2006-4515 RESERVED CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in Gn ...) {DSA-1221-1} - libgsf 1.14.2-1 CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly mswor ...) - wv 1.2.4-1 (bug #396256; medium) - abiword 2.4.6-1 [sarge] - abiword 2.4.6-1.1 (bug #396360) NOTE: exact abiword fixed version not known, but <= 2.4.6-1 CVE-2006-4512 RESERVED CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...) NOT-FOR-US: Novell GroupWise CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in No ...) NOT-FOR-US: Novell eDirectory CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in th ...) NOT-FOR-US: Novell eDirectory CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1 ...) - tor 0.1.1.23-1 CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...) NOT-FOR-US: Sony NOTE: According to the original advisory, this is just CVE-2006-3459 CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...) NOT-FOR-US: Novell Identity Manager CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...) NOT-FOR-US: NX5Linx CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...) NOT-FOR-US: NX5Linx CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows re ...) NOT-FOR-US: NX5Linx CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...) NOT-FOR-US: ezPortal/ztml CMS CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allo ...) NOT-FOR-US: ezPortal/ztml CMS CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...) NOT-FOR-US: ezPortal/ztml CMS CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURL ...) NOT-FOR-US: ModernBill CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAl ...) NOT-FOR-US: PortailPHP CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows re ...) NOT-FOR-US: IwebNegar CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...) NOT-FOR-US: IwebNegar CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Microsoft CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ins ...) NOT-FOR-US: xbiff2 NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows a ...) NOT-FOR-US: Cybozu Office CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2( ...) NOT-FOR-US: Cybozu Collaborex CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before 6 ...) NOT-FOR-US: Cybozu Office CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07 ...) NOT-FOR-US: MiniBill CVE-2006-4488 (PHP remote file inclusion vulnerability in modules/userstop/userstop.p ...) NOT-FOR-US: ExBB Italia CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web doc ...) NOT-FOR-US: DUpoll CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, wh ...) {DSA-1331-1} - php5 5.1.6-1 - php4 4:4.4.4-1 CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...) - php5 5.1.6-1 - php4 (Vulnerable function doesn't exist) CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ...) - libgd2 2.0.33-5.1 (medium; bug #384838) - xloadimage (unimportant; bug #384841) NOTE: xloadimage is a crasher only, not a security problem CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ...) - php5 5.1.6-1 (unimportant) - php4 4:4.4.4-1 (unimportant) NOTE: Safe mode violations not supported, insufficient measure CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) wor ...) {DSA-1206-1} - php5 5.1.6-1 (medium) - php4 4:4.4.4-1 (medium) CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...) - php5 5.1.6-1 (unimportant) - php4 4:4.4.4-1 (unimportant) NOTE: Basedir violations not supported CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...) NOT-FOR-US: Nuked-Klan CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Sh ...) NOT-FOR-US: ezContents CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ez ...) NOT-FOR-US: ezContents CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers e ...) NOT-FOR-US: ezContents CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) NOT-FOR-US: Joomla! CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups functi ...) NOT-FOR-US: Joomla! CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, whe ...) NOT-FOR-US: Joomla! CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow at ...) NOT-FOR-US: Joomla! CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows r ...) NOT-FOR-US: Joomla! CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defi ...) NOT-FOR-US: Joomla! CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...) NOT-FOR-US: Joomla! CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) NOT-FOR-US: Joomla! CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0 ...) NOT-FOR-US: Simple Machines Forum CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...) NOT-FOR-US: Joomla! CVE-2006-4465 NOT-FOR-US: Microsoft CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allo ...) NOT-FOR-US: Nokia CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in Jets ...) NOT-FOR-US: JS ASP Faq Manager CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...) NOT-FOR-US: LinksCaffe CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...) NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian) CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0. ...) NOT-FOR-US: iAddressBook CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...) NOT-FOR-US: AnywhereUSB/5 CVE-2006-4458 (Directory traversal vulnerability in calendar/inc/class.holidaycalc.in ...) - phpgroupware 0.9.16.011-1 (bug #386061; medium) CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...) NOT-FOR-US: phpECard CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard 2 ...) NOT-FOR-US: phpECard CVE-2006-4455 - xchat (not reproducible) CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...) NOT-FOR-US: HLstats CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allow ...) NOT-FOR-US: PmWiki CVE-2006-4452 (PHP remote file inclusion vulnerability in security/include/_class.sec ...) NOT-FOR-US: Web3news CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...) NOT-FOR-US: Tag Board CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, a ...) - phpbb2 2.0.21-1 (unimportant) NOTE: That's by design and even disabled by default CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in MyBullet ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, wh ...) NOT-FOR-US: interact CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ...) {DSA-1193-1} - xbase-clients 1:7.1.ds-2 (unimportant) - xtrans 1.0.0-6 (unimportant) - xorg-server 1:1.0.2-9 (low) - libx11 2:1.0.0-7 (unimportant) - xdm 1:1.0.5-1 (unimportant) - xterm (unimportant) CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ( ...) NOT-FOR-US: Microsoft CVE-2006-4445 NOT-FOR-US: CuteNews CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Wind ...) NOT-FOR-US: Cybozu Garoon CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0. ...) NOT-FOR-US: iAddressBook CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System Soluti ...) NOT-FOR-US: Ay System Solutions CMS CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System Solut ...) NOT-FOR-US: Ay System Solutions CMS CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...) NOT-FOR-US: Solaris CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33 ...) NOT-FOR-US: SpIDer for Dr.Web Scanner CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to e ...) NOT-FOR-US: Tagger LE CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 S ...) - tikiwiki 1.9.4+dfsg2-3 CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Se ...) {DSA-1175-1} - isakmpd 20041012-4 (bug #385894; medium) CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows context-depende ...) NOT-FOR-US: OpenBSD CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote a ...) {DSA-1164} - sendmail 8.13.8-1 (bug #385054; medium) CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...) - php4 4:4.4.4-1 (unimportant) - php5 5.1.4-0.1 (unimportant) NOTE: Sanitising this is an application's job CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier a ...) NOT-FOR-US: Zend Platform CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...) NOT-FOR-US: Zend Platform CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows r ...) NOT-FOR-US: Cisco CVE-2006-4429 NOT-FOR-US: PHlyMail Lite CVE-2006-4428 NOT-FOR-US: Jupiter CMS CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass a ...) NOT-FOR-US: eFiction CVE-2006-4426 (PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurit ...) NOT-FOR-US: AlberT-EasySite CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 al ...) NOT-FOR-US: phpCOIN CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...) NOT-FOR-US: phpCOIN CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 all ...) NOT-FOR-US: Bigace CVE-2006-4422 NOT-FOR-US: Jetbox CMS CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in template/default/thanks_co ...) NOT-FOR-US: Yet Another PHP Image Gallery CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 a ...) NOT-FOR-US: Phaos CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows remo ...) NOT-FOR-US: ProManager CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a Op ...) NOT-FOR-US: Wikepage CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 all ...) NOT-FOR-US: Xoops CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...) NOT-FOR-US: IBM AIX CVE-2006-4415 RESERVED CVE-2006-4414 RESERVED CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...) NOT-FOR-US: Apple Remote Desktop CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x thr ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10. ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows re ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3. ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4405 RESERVED CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when u ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access i ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier al ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X 10 ...) NOT-FOR-US: Mac OS CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in M ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 throug ...) NOT-FOR-US: Mac OS CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier do ...) NOT-FOR-US: Apple Mac OS X CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3. ...) NOT-FOR-US: Mac OS CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, al ...) NOT-FOR-US: Mac OS CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 throug ...) NOT-FOR-US: Mac OS CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X 1 ...) NOT-FOR-US: Mac OS CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...) NOT-FOR-US: Mac OS CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remo ...) NOT-FOR-US: Mac OS CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...) NOT-FOR-US: Apple QuickTime CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...) NOT-FOR-US: Mac OS CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted r ...) NOT-FOR-US: Apple QuickTime CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...) NOT-FOR-US: Apple QuickTime CVE-2006-4383 RESERVED CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-a ...) NOT-FOR-US: Apple QuickTime CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service (p ...) {DSA-1169} - mysql-dfsg-5.0 (only 4.1 affected) - mysql-dfsg (only 4.1 affected) - mysql-dfsg-4.1 CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaborati ...) NOT-FOR-US: Ipswitch Collaboration 2006 Suite CVE-2006-4378 NOT-FOR-US: Rssxt component for Joomla! (com_rssxt) CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechn ...) NOT-FOR-US: Eichhorn Portal CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...) NOT-FOR-US: Eichhorn Portal CVE-2006-4375 NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd) CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...) NOT-FOR-US: IrfanView CVE-2006-4373 (PHP remote file inclusion vulnerability in modules/visitors2/include/c ...) NOT-FOR-US: pSlash CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...) NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 a ...) NOT-FOR-US: Alt-N WebAdmin CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibl ...) NOT-FOR-US: Alt-N WebAdmin CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...) NOT-FOR-US: IntegraMOD Portal CVE-2006-4368 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...) NOT-FOR-US: IntegraMOD Portal CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack 1. ...) NOT-FOR-US: All Topics Hack for phpBB CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 al ...) NOT-FOR-US: RedBLoG CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 a ...) NOT-FOR-US: VistaBB CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N Techn ...) NOT-FOR-US: Alt-N Technologies MDaemon CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...) NOT-FOR-US: CropImage component (com_cropimage) for Mambo CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid M ...) NOT-FOR-US: Diesel Paid Mail CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forg ...) NOT-FOR-US: Diesel Job Site CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...) NOT-FOR-US: E-commerce for Drupal CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 38 ...) NOT-FOR-US: PowerZip CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay al ...) NOT-FOR-US: Diesel Pay CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...) NOT-FOR-US: Diesel Smart Traffic CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module (easylinks.modu ...) NOT-FOR-US: Easylinks Module for Drupal CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (e ...) NOT-FOR-US: Easylinks Module for Drupal CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in P ...) NOT-FOR-US: Phome Empire CMS CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server 4 ...) NOT-FOR-US: Sun Java System Content Delivery Server CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content Ser ...) NOT-FOR-US: Cisco CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6 ...) NOT-FOR-US: OneOrZero CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows r ...) NOT-FOR-US: OneOrZero CVE-2006-4349 NOT-FOR-US: ToendaCMS CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...) NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla! CVE-2006-4347 (SQL injection vulnerability in user logon authentication request handl ...) NOT-FOR-US: Cool Manager CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to det ...) - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060) CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asteris ...) - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060) CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) bef ...) NOT-FOR-US: CGI-Rescue Mail F/W System CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL 0.9. ...) {DSA-1195-1 DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 - openssl096 CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...) - linux-2.6 (Flaw specific to Red Hat backport) CVE-2006-4341 REJECTED CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) {DSA-1210 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339 - mozilla (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (high) - xulrunner 1.8.0.7-1 (high) CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, wh ...) {DSA-1174-1 DSA-1173-1} - openssl 0.9.8b-3 (medium) - openssl097 0.9.7i-2 (medium) - openssl096 CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent at ...) {DSA-1181-1} - gzip 1.3.5-15 (medium) - lha 1.14i-10.1 (medium; bug #401301) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in gzi ...) {DSA-1181-1} - gzip 1.3.5-15 (high) - lha 1.14i-10.1 (high; bug #401301) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 ...) {DSA-1181-1} - gzip 1.3.5-15 (high) CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH dec ...) {DSA-1181-1} - gzip 1.3.5-15 (high) - lha 1.14i-10.1 (high; bug #401301) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent attac ...) {DSA-1974-1 DSA-1181-1} - gzip 1.3.5-15 (high) CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 all ...) {DSA-1171} - wireshark 0.99.2-5.1 (low; bug #384529) - ethereal (low; bug #384528) CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...) - wireshark (windows only) - ethereal (windows only) CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in Wires ...) - wireshark 0.99.2-5.1 (medium; bug #384529) - ethereal (only wireshark 0.99.2 affected) CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...) - wireshark 0.99.2-5 (medium; bug #384529) - ethereal (only wireshark 0.99.2 affected) CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising R ...) NOT-FOR-US: Shadows Rising CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive Link ...) NOT-FOR-US: CloudNine CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...) NOT-FOR-US: CloudNine CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, I ...) NOT-FOR-US: Ichitaro CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbo ...) NOT-FOR-US: Doika CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFre ...) NOT-FOR-US: CityForFree CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...) NOT-FOR-US: CityForFree CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the Esta ...) NOT-FOR-US: Mambo CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine P ...) NOT-FOR-US: Mambo CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0. ...) NOT-FOR-US: OpenSEF for Joomla CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows l ...) NOT-FOR-US: Solaris CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to execut ...) NOT-FOR-US: WFTPD CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...) NOT-FOR-US: WoltLab CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root priv ...) NOT-FOR-US: SSH Tectia Management Agent CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia prod ...) NOT-FOR-US: SSH Tectia Management Agent CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...) NOT-FOR-US: Symantec CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentr ...) NOT-FOR-US: Cisco CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...) NOT-FOR-US: Cisco CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise Adressboo ...) NOT-FOR-US: Sonium Enterprise Adressbook CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of s ...) {DSA-1227-1 DSA-1225-1 DSA-1224-1} - firefox 45.0-1 - firefox-esr 45.0esr-1 - iceweasel 2.0+dfsg-1 - mozilla - mozilla-firefox - xulrunner 1.8.0.8-1 CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not passw ...) NOT-FOR-US: AK-Systems Windows Terminal CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Lear ...) NOT-FOR-US: Blackboard Learning System CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...) NOT-FOR-US: Solaris CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allow ...) NOT-FOR-US: Solaris CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote att ...) {DSA-1190-1} - maxdb-7.5.00 7.5.00.34-5 (high; bug #386182) CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...) - kfreebsd-5 5.4-18 (bug #391289) [etch] - kfreebsd-5 (Etch doesn't have security support for the FreeBSD kernel) CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solar ...) NOT-FOR-US: Solaris CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Star ...) - sun-java5 1.5.0-07-1 CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earl ...) NOT-FOR-US: SimpleBlog CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in Ti ...) - tikiwiki 1.9.4+dfsg2-2 (low; bug #384796) CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in osCommerc ...) NOT-FOR-US: osCommerce CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...) NOT-FOR-US: osCommerce CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-B ...) NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda Activ ...) NOT-FOR-US: Panda ActiveScan CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4 ...) - twiki 1:4.0.4-3 (bug #389267; low) CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) NOT-FOR-US: cPanel CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows re ...) - honeyd 1.5b-1 (low; bug #384806) [sarge] - honeyd (Minor issue) CVE-2006-4291 (PHP remote file inclusion vulnerability in handlers/email/mod.listmail ...) NOT-FOR-US: PHlyMail Lite CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...) NOT-FOR-US: Sony CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x befor ...) NOT-FOR-US: Sony CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...) NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...) NOT-FOR-US: NES Game and NES System CVE-2006-4286 NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...) NOT-FOR-US: Fantastic News CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...) NOT-FOR-US: LBlog CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Ed ...) NOT-FOR-US: SOLMETRA SPAW Editor CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the Mambo ...) NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla! CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in AkoComme ...) NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo CVE-2006-4280 NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ear ...) NOT-FOR-US: XennoBB CVE-2006-4278 (PHP remote file inclusion vulnerability in includes/layout/plain.foote ...) NOT-FOR-US: SportsPHool CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 a ...) NOT-FOR-US: Tutti Nova CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...) NOT-FOR-US: Tutti Nova CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the Cata ...) NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop) CVE-2006-4274 REJECTED CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 an ...) NOT-FOR-US: Jelsoft vBulletin CVE-2006-4272 NOT-FOR-US: Jelsoft vBulletin CVE-2006-4271 NOT-FOR-US: Jelsoft vBulletin CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...) NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo CVE-2006-4269 NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla! CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...) NOT-FOR-US: CubeCart CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...) NOT-FOR-US: CubeCart CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...) NOT-FOR-US: Symantec CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows re ...) NOT-FOR-US: Kaspersky CVE-2006-4264 NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product Scro ...) NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla! CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow user-assist ...) {DSA-1186-1} - cscope 15.5+cvs20060902-1 (low; bug #385893) CVE-2006-4261 REJECTED CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 allo ...) NOT-FOR-US: Fotopholder CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1 ...) NOT-FOR-US: Fotopholder CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in Anti ...) NOT-FOR-US: Anti-Spam SMTP Proxy CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote au ...) NOT-FOR-US: IBM DB2 CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote at ...) {DSA-1406-1} - horde3 3.1.3-1 (low; bug #383416) CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Ho ...) - imp4 4.1.3-1 (low; bug #383416) CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...) NOT-FOR-US: IBM AIX CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ...) NOTE: MFSA-2006-59 - xulrunner 1.8.0.7-1 (medium) - firefox 1.5.dfsg+1.5.0.7-1 (medium) - mozilla (medium) - thunderbird 1.5.0.7-1 (low) - mozilla-firefox (unimportant) [sarge] - mozilla (unimportant) [sarge] - mozilla-thunderbird (unimportant) NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al. CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...) - pdns-recursor 3.1.4-1 (bug #398559) - pdns (Recursor module has been moved to pdns-recursor) CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow rem ...) {DSA-1211} - pdns-recursor 3.1.4-1 (bug #398557; high) - pdns 2.9.20-4 NOTE: Recursor module has been moved to pdns-recursor CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows loc ...) {DSA-1278-1} - man-db 2.4.3-5 CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ano ...) - zope-cmfplone 2.5.1-3 (bug #401796) [sarge] - zope-cmfplone (Vulnerable code not present) CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows l ...) {DSA-1205-1} - thttpd 2.23beta1-5 (bug #396277) CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on P ...) [sarge] - zope-cmfplone (Vulnerable code not present) - zope-cmfplone 2.5.1-1 CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read arbitr ...) {DSA-1177-1} - usermin (bug #374609) CVE-2006-4245 (archivemail 0.6.2 uses temporary files insecurely leading to a possibl ...) - archivemail 0.6.2-2 (bug #385253) CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...) {DSA-1239-1} - sql-ledger 2.6.18-1 (medium; bug #386519) CVE-2006-4243 (linux vserver 2.6 before 2.6.17 suffers from privilege escalation in r ...) - linux-2.6 2.6.17-9 CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...) NOT-FOR-US: JIM component for Joomla or Mambo CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...) NOT-FOR-US: Reporter Mambo component (com_reporter) CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News 3. ...) NOT-FOR-US: Fusion News CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in Outr ...) NOT-FOR-US: Outreach Project Tool CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2. ...) NOT-FOR-US: WebTorrent (WTcom) CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php i ...) NOT-FOR-US: Invisionix Roaming System Remote (IRSR) CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow r ...) NOT-FOR-US: POWERGAP CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...) NOT-FOR-US: Sony CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...) NOT-FOR-US: dotProject CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local use ...) NOT-FOR-US: Globus Toolkit CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4. ...) NOT-FOR-US: Globus Toolkit CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a denia ...) NOT-FOR-US: IrfanView CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in Liz ...) NOT-FOR-US: Lizge Web Portal CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the mosListM ...) NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla! CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before M ...) NOT-FOR-US: Symantec CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...) - mysql-dfsg-5.0 5.0.24-3 (low; bug #384798) CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ru ...) {DSA-1169} - mysql-dfsg-5.0 5.0.24-3 (low; bug #384798) [sarge] - mysql-dfsg (Vulnerable code not present) CVE-2006-4225 REJECTED CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual Wa ...) NOT-FOR-US: Virtual War CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context- ...) NOT-FOR-US: IBM WebSphere Application CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM WebSphere Application CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer Active ...) NOT-FOR-US: IBM CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novel ...) NOT-FOR-US: Novell GroupWise WebAccess CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote attacker ...) NOT-FOR-US: Terminal Services COM object CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allo ...) NOT-FOR-US: Zen Cart CVE-2006-4217 (PHP remote file inclusion vulnerability in modules/usersonline/users.p ...) NOT-FOR-US: WEBInsta CMS CVE-2006-4216 REJECTED CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0 ...) NOT-FOR-US: Zen Cart CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...) NOT-FOR-US: Zen Cart CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent No ...) NOT-FOR-US: Thatware CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Eng ...) NOT-FOR-US: Owl Intranet Engine CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...) NOT-FOR-US: Owl Intranet Engine CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register ...) NOT-FOR-US: phPay CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta Ma ...) NOT-FOR-US: WEBInsta Mailing List Manager CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB- ...) - wordpress 2.0.5-0.1 (unimportant; bug #384800) NOTE: Only exploitable by admin users, someone with the privilege to backup NOTE: your data must be trustworthy CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discl ...) NOT-FOR-US: Discloser CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlaygro ...) NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite Proj ...) NOT-FOR-US: WebDynamite ProjectButler CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 an ...) NOT-FOR-US: PHProjekt CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP Com ...) NOT-FOR-US: MMP Component (com_mmp) for Mambo CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...) NOT-FOR-US: Spidey Blog Script CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP O ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows remot ...) NOT-FOR-US: 04WebServer CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...) NOT-FOR-US: 04WebServer CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in Whe ...) NOT-FOR-US: Wheatblog CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBra ...) {DSA-1162} - libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030) - libmusicbrainz-2.0 (medium; bug #383031) CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0 ...) NOT-FOR-US: WEBInsta CMS CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...) NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook) CVE-2006-XXXX [gallery2 session ID disclosure] - gallery2 2.1.2-1 CVE-2006-XXXX [insecure filehandling in mysql_upgrade] - mysql-dfsg-5.0 5.0.24-1 NOTE: mysql_upgrade not in 4.x CVE-2006-4194 NOT-FOR-US: Cisco CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...) NOT-FOR-US: MS IE CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...) - libmodplug 1:0.7-5.2 (medium; bug #383574) - gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956) CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...) NOT-FOR-US: XMB CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML modu ...) NOT-FOR-US: PHP-Nuke module AutoHTML CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allo ...) NOT-FOR-US: Dolphin CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.0 ...) NOT-FOR-US: HP-UX CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...) NOT-FOR-US: HP-UX CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes pa ...) NOT-FOR-US: Novell eDirectory CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3. ...) NOT-FOR-US: Novell eDirectory CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce a ...) NOT-FOR-US: SmartLine DeviceLock CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) an ...) NOT-FOR-US: Microsoft CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions befor ...) {DSA-1196-1} - clamav 0.88.5-1 (high; bug #393445) CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL accounti ...) NOT-FOR-US: GNU Radius CVE-2006-4180 REJECTED CVE-2006-4179 RESERVED CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...) - kfreebsd-5 (bug #391289; low) [etch] - kfreebsd-5 (Etch doesn't have security support for the FreeBSD kernel) CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory befo ...) NOT-FOR-US: Novell eDirectory CVE-2006-4176 RESERVED CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Pat ...) NOT-FOR-US: Sun Java System Directory Server CVE-2006-4174 RESERVED CVE-2006-4173 RESERVED CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5 ...) - kfreebsd-5 (bug #391289; low) [etch] - kfreebsd-5 (Etch doesn't have security support for the FreeBSD kernel) CVE-2006-4171 RESERVED CVE-2006-4170 REJECTED CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...) NOT-FOR-US: G/PGP (GPG) plugin for Squirrelmail CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in libexif/ ...) {DSA-1310-1} - libexif 0.6.16-1 (bug #430012) CVE-2006-4167 RESERVED CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earl ...) NOT-FOR-US: TinyWebGallery CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earli ...) NOT-FOR-US: NetCommons CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in phpPr ...) NOT-FOR-US: phpPrintAnalyzer CVE-2006-4163 NOT-FOR-US: miniBloggie CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...) NOT-FOR-US: Dragonfly CMS CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in prof ...) NOT-FOR-US: XennoBB CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and V ...) NOT-FOR-US: MVCnPHP CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette 08070 ...) NOT-FOR-US: Chaussette CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...) NOT-FOR-US: Spaminator CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another B ...) NOT-FOR-US: Yet another Bulletin Board (YaBB) CVE-2006-4156 NOT-FOR-US: pearlabs mafia moblog CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded vie ...) NOT-FOR-US: Invision Power Board (IPB) CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x a ...) NOT-FOR-US: mod_tcl CVE-2006-4153 RESERVED CVE-2006-4152 RESERVED CVE-2006-4151 RESERVED CVE-2006-4150 RESERVED CVE-2006-4149 RESERVED CVE-2006-4148 RESERVED CVE-2006-4147 RESERVED CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2r ...) - gdb 7.3-1 (unimportant) NOTE: Every sensible use of gdb involves executing the debugged binary NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=204841 NOTE: https://bugs.launchpad.net/ubuntu/+source/gdb/+bug/62695 CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6. ...) {DSA-1184-2} - linux-2.6 2.6.17-7 CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to caus ...) NOT-FOR-US: Netgear CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...) NOT-FOR-US: Virtual War (VWar) CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 an ...) NOT-FOR-US: Virtual War (VWar) CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before 5.3 ...) NOT-FOR-US: IPCheck Server Monitor CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...) NOT-FOR-US: Solaris CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File vi ...) NOT-FOR-US: Microsoft CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ob ...) NOT-FOR-US: IBM WebSphere CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM WebSphere CVE-2006-4135 NOT-FOR-US: Calendarix CVE-2006-4134 (Unspecified vulnerability related to a "design flaw" in SAP Internet G ...) NOT-FOR-US: SAP CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...) NOT-FOR-US: SAP CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and po ...) NOT-FOR-US: ArcSoft MMS Composer CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibl ...) NOT-FOR-US: ArcSoft MMS Composer CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...) NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla! CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in t ...) NOT-FOR-US: Webring Component (com_webring) for Joomla! CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec f ...) NOT-FOR-US: Symantec VERITAS CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ea ...) NOT-FOR-US: DConnect Daemon (dcd) CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...) NOT-FOR-US: DConnect Daemon (dcd) CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ear ...) NOT-FOR-US: DConnect Daemon (dcd) CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...) - lesstif2 1:0.94.4-1 (bug #382411; medium) CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in Boi ...) NOT-FOR-US: Boite de News CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to b ...) NOT-FOR-US: Simple one-file guestbook CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...) NOT-FOR-US: See-Commerce CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module (recipe. ...) NOT-FOR-US: Recipe module (recipe.module) for Drupal CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier a ...) NOT-FOR-US: GeheimChaos CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...) NOT-FOR-US: GeheimChaos CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...) NOT-FOR-US: Solaris CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-a ...) NOT-FOR-US: Lhaz CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...) NOT-FOR-US: PgMarket CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMy ...) NOT-FOR-US: PHPMyRing CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fr ...) NOT-FOR-US: hitweb CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution mechanism" in ...) - rails 1.1.6-1 (bug #382255; medium) CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ...) - rails 1.1.5-1 (bug #382255; medium) CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...) - apache2 (Affects Apache on Windows only) CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography (biblio.modul ...) NOT-FOR-US: Bibliography (biblio.module) for Drupal CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...) NOT-FOR-US: Bibliography (biblio.module) for Drupal CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...) NOT-FOR-US: Job Search module (job.module) for Drupal CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allow ...) NOT-FOR-US: blur6ex CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD ...) NOT-FOR-US: Fill Threads Database CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.c ...) NOT-FOR-US: mojoGallery CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason Al ...) NOT-FOR-US: phNNTP CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...) NOT-FOR-US: SQLiteWebAdmin CVE-2006-4101 RESERVED CVE-2006-4100 RESERVED CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ses ...) NOT-FOR-US: Business Objects CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Ac ...) NOT-FOR-US: Cisco CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...) NOT-FOR-US: Cisco CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...) {DSA-1172-1} - bind (Not vulnerable according to CERT advisory) - bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237) CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...) {DSA-1172-1} - bind (Not vulnerable according to CERT advisory) - bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237) CVE-2006-4094 RESERVED CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerP ...) {DSA-1184-2 DSA-1237} - linux-2.6 2.6.17-7 CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...) NOT-FOR-US: Simpliciti Locked Browser CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel Manag ...) NOT-FOR-US: Archangel Weblog CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 all ...) NOT-FOR-US: Webligo BlogHoster CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earl ...) {DSA-1179-1} - alsaplayer 0.99.76-9 (medium; bug #382842) CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8. ...) NOT-FOR-US: CivicSpace CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.c ...) NOT-FOR-US: mojoGallery CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...) NOT-FOR-US: Online Zone Journals (OZJournals) CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search En ...) NOT-FOR-US: The Search Engine Project (TSEP) CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...) NOT-FOR-US: phpAutoMembersArea (phpAMA) CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...) NOT-FOR-US: myEvent CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcod ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...) NOT-FOR-US: DeluxeBB CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1. ...) NOT-FOR-US: DeluxeBB CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, all ...) NOT-FOR-US: DeluxeBB CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...) NOT-FOR-US: Comet WebFileManager CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...) NOT-FOR-US: docpile: wim's edition CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...) NOT-FOR-US: docpile: wim's edition CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...) NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla! CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz php ...) NOT-FOR-US: phpCC CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...) NOT-FOR-US: Club-Nuke [XP] CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...) {DSA-1213} - imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314) - graphicsmagick 1.1.7-7 (medium; bug #383333) CVE-2006-XXXX [crash in the certificate verification logic] NOTE: GNUTLS-SA-2006-2 - gnutls11 (unimportant) - gnutls12 1.2.11-3 (unimportant) - gnutls13 1.4.2-1 (unimportant) NOTE: Normal bug, no reliable denial of service potential CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in th ...) NOT-FOR-US: Microsoft CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows user-assist ...) NOT-FOR-US: Imendio Planner CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino O ...) NOT-FOR-US: Online Zone Journals (OZJournals) CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a usernam ...) NOT-FOR-US: pswd.js CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in Cak ...) - cakephp 1.1.13.4450-1 CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...) NOT-FOR-US: Microsoft CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SA ...) NOT-FOR-US: SAPID Gallery CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script 1 ...) NOT-FOR-US: YenerTurk Haber Script CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPI ...) NOT-FOR-US: SAPID Blog CVE-2006-4062 (PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc ...) NOT-FOR-US: SAPID Shop CVE-2006-4061 NOT-FOR-US: phpPrintAnalyzer CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual Even ...) NOT-FOR-US: Visual Events Calendar CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolve ...) NOT-FOR-US: USOLVED NEWSolved Lite CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9 ...) NOT-FOR-US: Simplog CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch Mur ...) NOT-FOR-US: Eremove CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process i ...) NOT-FOR-US: katzlbt The Address Book CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring Th ...) NOT-FOR-US: The Search Engine Project (TSEP) CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download Syst ...) NOT-FOR-US: ME Download System CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...) NOT-FOR-US: ME Download System CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...) NOT-FOR-US: Turnkey Web Tools PHP Simple Shop CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web T ...) NOT-FOR-US: Turnkey Web Tools PHP Live Helper CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...) NOT-FOR-US: phpAutoMembersArea (phpAMA) CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server S ...) NOT-FOR-US: Sun CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP address ...) NOT-FOR-US: Netious CMS CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and earlie ...) NOT-FOR-US: Netious CMS CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...) NOT-FOR-US: Torbstoff News CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...) NOT-FOR-US: phpCodeCabinet CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote attac ...) NOT-FOR-US: myWebland myBloggie CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland m ...) NOT-FOR-US: myWebland myBloggie CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a Postgr ...) - pike7.6 7.6.86-1 [sarge] - pike7.6 (unimportant; bug #382607; bug #383766) [sarge] - pike7.2 (unimportant; bug #382607; bug #383766) NOTE: No applications using pike+postgres in Sarge, fix provides NOTE: new functions for proper quoting CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland my ...) NOT-FOR-US: myWebland myEvent CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...) NOT-FOR-US: GaesteChaos CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php i ...) NOT-FOR-US: GaesteChaos CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...) NOT-FOR-US: Fenestrae Faxination Server CVE-2006-4036 (PHP remote file inclusion vulnerability in includes/usercp_register.ph ...) NOT-FOR-US: ZoneX Publishers CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...) NOT-FOR-US: CounterChaos CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...) NOT-FOR-US: ModernGigabyte ModernBill CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibl ...) NOT-FOR-US: Lhaplus CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) allow ...) NOT-FOR-US: Cisco CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to a ...) - mysql-dfsg-5.0 5.0.24-1 (bug #382415; low) - mysql-dfsg (bug #380271; low) [sarge] - mysql-dfsg-4.1 (Now documented design error, no real fix feasible) [sarge] - mysql-dfsg (Now documented design error, no real fix feasible) CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...) {DSA-1148-1} - gallery 1.5.3-1 - gallery2 (vulnerable code not present) CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 al ...) NOT-FOR-US: AGEphone CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have un ...) - wordpress 2.0.4-1 CVE-2006-4027 RESERVED CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root] - realtime-lsm 0.8.7-2 (bug #382161; low) [sarge] - realtime-lsm NOTE: only to user 1017 or group 1001 and only while root is building the module CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows re ...) NOT-FOR-US: SAPID CMS CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlie ...) NOT-FOR-US: XennoBB CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5. ...) - festalon (vuln. code introduced in 0.5.0) CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...) - php5 (unimportant; bug #382257) - php4 (unimportant; bug #382270) NOTE: Not every lack of protection of programmer's flaws is a vulnerability NOTE: See notes by Sean for details NOTE: > the entry states that this is more likely a bug in any NOTE: > applications not performing further validation/sanitizing, NOTE: > and i tend to agree based on the php.net documentation, which NOTE: > states: "ip2long() should not be used as the sole form of IP NOTE: > validation. Combine it with long2ip()". CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4. ...) NOT-FOR-US: Intel Windows driver CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to iden ...) NOT-FOR-US: ScatterChat CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows contex ...) - php5 5.1.6-1 (unimportant; bug #382256; bug #382262) - php4 4:4.4.4-1 (unimportant; bug #382261) NOTE: Only exploitable by malicious, local user CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in SquirrelMa ...) {DSA-1154} - squirrelmail 2:1.4.8-1 (bug #382621) CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in libclamav/upx. ...) {DSA-1153} - clamav 0.88.4-1 (high; bug #382004; bug #382007) CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...) NOT-FOR-US: Inter Network Marketing (INM) CMS G3 CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS st ...) NOT-FOR-US: toendaCMS CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...) NOT-FOR-US: Hewlett-Packard CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Cen ...) NOT-FOR-US: Symantec CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail An ...) NOT-FOR-US: Symantec CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...) NOT-FOR-US: circeOS SaveWeb CVE-2006-4011 (PHP remote file inclusion vulnerability in esupport/admin/autoclose.ph ...) NOT-FOR-US: Kayako eSupport CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...) NOT-FOR-US: Virtual War CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vw ...) NOT-FOR-US: Virtual War CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Knusperleicht Guestbook CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Knusperleicht Faq CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and possib ...) {DSA-1180-1} - bomberclone 0.11.7-1 (bug #382082; medium) CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a deni ...) {DSA-1180-1} - bomberclone 0.11.7-1 (bug #382082; medium) CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 throu ...) NOT-FOR-US: vbPortal CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 perm ...) NOT-FOR-US: Henrik Storner Hobbit monitor CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...) {DSA-1147-1} - drupal 4.5.8-2 (bug #382087; medium) CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.05 ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barr ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ver ...) NOT-FOR-US: ISS BlackICE CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...) NOT-FOR-US: WoWRoster CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster (ak ...) NOT-FOR-US: WoWRoster CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and e ...) NOT-FOR-US: ATutor CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.p ...) NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in u2u.inc.p ...) NOT-FOR-US: XMB (aka extreme message board) CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf Noehr ...) NOT-FOR-US: The Search Engine Project CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.s ...) NOT-FOR-US: Intel CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...) NOT-FOR-US: Voodoo chat CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Sa ...) - egroupware NOTE: According to upstream egroupware is not affected, see #382207 CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Knusperleicht CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Knusperleicht CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in Knu ...) NOT-FOR-US: Knusperleicht CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...) NOT-FOR-US: Knusperleicht CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerA ...) NOT-FOR-US: ConeXware CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in A ...) NOT-FOR-US: Phpauction CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in php(Reac ...) NOT-FOR-US: php(Reactor) CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in Knusperleich ...) NOT-FOR-US: Knusperleicht CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gall ...) NOT-FOR-US: Mambo Gallery Manager for Mambo CVE-2006-3980 (PHP remote file inclusion vulnerability in administrator/components/co ...) NOT-FOR-US: Mambo Gallery Manager for Mambo CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass authenticat ...) NOT-FOR-US: ColdFusion MX CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...) NOT-FOR-US: Adobe ColdFusion MX CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0. ...) NOT-FOR-US: CA eTrust Antivirus WebScan CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0. ...) NOT-FOR-US: CA eTrust Antivirus WebScan CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...) NOT-FOR-US: CA eTrust Antivirus WebScan CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com Offi ...) NOT-FOR-US: 3Com CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is run ...) NOT-FOR-US: My Firewall Plus CVE-2006-3972 (Directory traversal vulnerability in includes/operator_chattranscript. ...) NOT-FOR-US: Ajax Chat CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.p ...) NOT-FOR-US: Ajax Chat CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8] - libxml-parser-perl 2.34-4.2 (bug #378411; medium) CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting] - libxml-parser-perl 2.34-4.1 (bug #378412; medium) CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO Componen ...) NOT-FOR-US: LMO for joomla CVE-2006-3969 (PHP remote file inclusion vulnerability in administrator/components/co ...) NOT-FOR-US: Colophon for joomla CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01 ...) NOT-FOR-US: Solaris CVE-2006-3967 (PHP remote file inclusion vulnerability in component/option,com_moskoo ...) NOT-FOR-US: moskool CVE-2006-3966 (PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.ph ...) NOT-FOR-US: MyNewsGroups CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web docu ...) NOT-FOR-US: Banex PHP MySQL Banner Exchange CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP My ...) NOT-FOR-US: Banex PHP MySQL Banner Exchange CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Excha ...) NOT-FOR-US: Banex PHP MySQL Banner Exchange CVE-2006-3962 (PHP remote file inclusion vulnerability in administrator/components/co ...) NOT-FOR-US: com_bayesiannaivefilter for mambo CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee S ...) NOT-FOR-US: McAfee CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2 ...) NOT-FOR-US: X-Scripts X-Poll CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection 1 ...) NOT-FOR-US: X-Scripts X-Protection CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in Tas ...) NOT-FOR-US: Taskjitsu CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev BosDa ...) NOT-FOR-US: BosDates CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...) NOT-FOR-US: Advanced Webhost Billing System CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...) NOT-FOR-US: MiniBB Forum CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka MyBulleti ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka My ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP Serv ...) NOT-FOR-US: EFS Software Easy File Sharing FTP CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle al ...) NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts X-Statist ...) NOT-FOR-US: X-Statistics CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...) NOT-FOR-US: com_artlinks for Mambo CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke IN ...) NOT-FOR-US: php-nuke CVE-2006-3947 (PHP remote file inclusion vulnerability in components/com_mambatstaff/ ...) NOT-FOR-US: Mambatstaff CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...) NOT-FOR-US: Apple Safari 2.0.4 NOTE: konqueror 3.5.x is not affected NOTE: PoC http://web.archive.org/web/20130701013045/http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote attac ...) NOT-FOR-US: Opera CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Ex ...) NOT-FOR-US: Microsoft CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...) NOT-FOR-US: Microsoft CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 an ...) NOT-FOR-US: N1 Grid Engine CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote a ...) NOT-FOR-US: phpbb-Auction CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ad ...) NOT-FOR-US: ScriptsCenter ezUpload Pro CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...) NOT-FOR-US: DotClear CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...) NOT-FOR-US: x_atrix xGuestBook CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 al ...) NOT-FOR-US: Alkacon OpenCms CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...) NOT-FOR-US: Alkacon OpenCms CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in Alkaco ...) NOT-FOR-US: Alkacon OpenCms CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2 ...) NOT-FOR-US: OpenCms CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 al ...) NOT-FOR-US: LinksCaffe CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas Aira ...) NOT-FOR-US: Midirecord CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php i ...) NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1 CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin scrip ...) NOT-FOR-US: Zyxel CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a an ...) NOT-FOR-US: WMNews CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpPr ...) NOT-FOR-US: PhpProBid CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...) NOT-FOR-US: PhpProBid CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...) NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1 ...) NOT-FOR-US: Dokeos CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Topl ...) NOT-FOR-US: Fire-Mouse Toplist CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...) NOT-FOR-US: PortailPHP CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Serve ...) NOT-FOR-US: Sun Java System Application Server CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 all ...) NOT-FOR-US: Sun Solaris CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows remot ...) NOT-FOR-US: SD Studio CMS CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 bef ...) {DSA-1167-1} - apache2 2.0.55-4.1 (bug #381376; low) [sarge] - apache2 2.0.54-5sarge2 - apache 1.3.34-3 (bug #381381; medium) CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. Cors ...) NOT-FOR-US: PHP Forge CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka So ...) NOT-FOR-US: Solucija News CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...) NOT-FOR-US: Academic Suite CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 200 ...) {DSA-1142-1} - freeciv 2.0.8-3 (bug #381378; medium) CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 be ...) NOT-FOR-US: WinRAR CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 a ...) NOT-FOR-US: PHP Live CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allo ...) NOT-FOR-US: Microsoft CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...) NOT-FOR-US: WWWthreads CVE-2006-3908 (Format string vulnerability in the flush_output function in ConsoleStr ...) - gnelib 0.75+svn20091130-1 NOTE: issue was fixed back in 2006 but there hasn't been any NOTE: release since 0.70 which is affected CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...) NOT-FOR-US: Siemens CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisc ...) NOT-FOR-US: Cisco CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote a ...) NOT-FOR-US: Webland MyBloggie CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...) NOT-FOR-US: Etomite CMS CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in myW ...) NOT-FOR-US: Webland MyBloggie CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopS ...) NOT-FOR-US: phpFaber TopSites CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EM ...) NOT-FOR-US: Tumbleweed Email Firewall CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1 ...) NOT-FOR-US: TP-Book CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attack ...) NOT-FOR-US: Microsoft CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attack ...) NOT-FOR-US: Microsoft CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...) NOT-FOR-US: Microsoft CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...) NOT-FOR-US: NeoScale Systems CryptoStor CVE-2006-3895 RESERVED CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...) NOT-FOR-US: RSA BSAFE CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...) NOT-FOR-US: Newtone ImageKit CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato NetWor ...) NOT-FOR-US: EMC NetWorker CVE-2006-3891 RESERVED CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX contr ...) NOT-FOR-US: Sky Software FileView ActiveX CVE-2006-3889 RESERVED CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDo ...) NOT-FOR-US: AOL CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX c ...) NOT-FOR-US: AOL CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allo ...) NOT-FOR-US: Shalwan MusicBox CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W befor ...) NOT-FOR-US: Check Point Firewall-1 CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish LinksC ...) NOT-FOR-US: Gonafish LinksCaffe CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksC ...) NOT-FOR-US: Gonafish LinksCaffe CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain c ...) NOT-FOR-US: Shalwan MusicBox CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...) NOT-FOR-US: Shalwan MusicBox CVE-2006-3880 NOT-FOR-US: Zen Cart CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in li ...) - libmikmod (Debian's 3.1.1 version doesn't have GT2 support) CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...) NOT-FOR-US: Opsware Network Automation System CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...) NOT-FOR-US: Microsoft CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...) NOT-FOR-US: Microsoft CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...) NOT-FOR-US: Microsoft CVE-2006-3874 REJECTED CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft CVE-2006-3872 REJECTED CVE-2006-3871 REJECTED CVE-2006-3870 REJECTED CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows remot ...) NOT-FOR-US: Microsoft CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...) NOT-FOR-US: Microsoft CVE-2006-3866 REJECTED CVE-2006-3865 REJECTED CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...) NOT-FOR-US: Microsoft CVE-2006-3863 REJECTED CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10. ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) al ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 a ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBo ...) NOT-FOR-US: Micro GuestBook CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earl ...) NOT-FOR-US: X7 Chat CVE-2006-3850 NOT-FOR-US: Vanilla CMS CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2 ...) NOT-FOR-US: Warzone CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calcula ...) - ipcalc 0.41-1 (bug #381469; low) [sarge] - ipcalc (No exploit potential) CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...) NOT-FOR-US: MoSpray CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...) NOT-FOR-US: MultiBanners CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 bet ...) NOT-FOR-US: WinRAR CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenti ...) NOT-FOR-US: Quick 'n Easy FTP Server CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in Calenda ...) NOT-FOR-US: Calendar Mambo Module CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Bu ...) NOT-FOR-US: Zoho Virtual Office CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before 20060718- ...) NOT-FOR-US: WebScarab CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...) NOT-FOR-US: various ISS products CVE-2006-3839 RESERVED CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise Securi ...) NOT-FOR-US: eIQnetworks Enterprise CVE-2006-XXXX [syslog-ng dos] - syslog-ng 2.0rc1-2 (low) [sarge] - syslog-ng (Vulnerable code not present) CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure] - courier-authlib 0.58-3.1 (bug #378571; medium) [sarge] - courier-authlib (bug #378571; medium) CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 a ...) - ocp 0.1.10rc6-1 (medium; bug #381098) CVE-2006-XXXX [uqwk buffer overflow] - uqwk 2.21-13 (bug #376577; low) [sarge] - uqwk (Minor issue) CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ex ...) NOT-FOR-US: Professional Home Page Tools Guestbook CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...) NOT-FOR-US: UNIDOmedia Chameleon CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list director ...) - tomcat5 (bug #380361; maintainter can't reproduce) - tomcat5.5 (bug #380376; maintainer can't reproduce) CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...) NOT-FOR-US: EJ3 TOPo CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite exi ...) NOT-FOR-US: EJ3 TOPo CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...) NOT-FOR-US: Gerrit van Aaken Loudblog CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...) NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh boastMa ...) NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Ka ...) NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine (forme ...) NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Ka ...) NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh bo ...) NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine) CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...) NOT-FOR-US: Solaris CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...) NOT-FOR-US: Solaris CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoA ...) NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions GeoAucti ...) NOT-FOR-US: GeodesicSolutions GeoAuctions CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 al ...) NOT-FOR-US: ATutor CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loud ...) NOT-FOR-US: Loudblog CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 th ...) - twiki (only 4.0.x is affected) CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell G ...) NOT-FOR-US: Novell GroupWise WebAccess CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...) NOT-FOR-US: Novell GroupWise WebAccess CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connectio ...) - krusader (bug #380063; file in directory with 0700 permissions) CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a s ...) {DSA-1128} - heartbeat 1.2.4-13 (bug #379904; bug #380289) CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...) {DSA-1166} - cheesetracker 0.9.9-6 (bug #380364; low) CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...) NOT-FOR-US: Perl in Red Hat Enterprise Linux 4 CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...) NOTE: MFSA-2006-56 [sarge] - mozilla - mozilla (medium) - xulrunner 1.8.0.5-1 (medium) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 (unimportant) [sarge] - mozilla-thunderbird (unimportant) CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ...) {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-55 - mozilla (high) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...) {DSA-1159} NOTE: MFSA-2006-54 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...) {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-53 - mozilla (medium) - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox (medium) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ...) {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-52 - mozilla (medium) - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox (medium) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...) {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-51 - mozilla (high) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...) {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-50 - mozilla (high) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ...) {DSA-1161 DSA-1160 DSA-1159} NOTE: MFSA-2006-50 - mozilla (high) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird (medium) CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and S ...) NOTE: MFSA-2006-49 - mozilla-firefox (only firefox >= 1.5) [sarge] - mozilla (mozilla 1.7 not affected) - mozilla (high) - thunderbird 1.5.0.5-1 (high) - mozilla-thunderbird (high) CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...) NOTE: MFSA-2006-48 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...) NOTE: MFSA-2006-47 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...) NOTE: MFSA-2006-44 - mozilla-firefox (only firefox >= 1.5) - mozilla-thunderbird (only firefox >= 1.5) - mozilla (mozilla 1.7 not affected) - firefox 1.5.dfsg+1.5.0.5-1 (high) - xulrunner 1.8.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce S ...) NOT-FOR-US: AFCommerce CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL inject ...) NOT-FOR-US: DeluxeBB CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...) NOT-FOR-US: DeluxeBB CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...) NOT-FOR-US: DeluxeBB CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...) NOT-FOR-US: DeluxeBB CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...) NOT-FOR-US: DeluxeBB CVE-2006-3794 NOT-FOR-US: AFCommerce CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...) NOT-FOR-US: SiteDepth CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in server_ ...) NOT-FOR-US: UFO2000 CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) NOT-FOR-US: UFO2000 CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) NOT-FOR-US: UFO2000 CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) recv_select_uni ...) NOT-FOR-US: UFO2000 CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow r ...) NOT-FOR-US: UFO2000 CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 doe ...) NOT-FOR-US: Sunbelt Kerio Personal Firewall CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...) NOT-FOR-US: Symantec pcAnywhere CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox wit ...) NOT-FOR-US: Symantec pcAnywhere CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the "Symant ...) NOT-FOR-US: Symantec pcAnywhere CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...) NOT-FOR-US: Solaris CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...) NOT-FOR-US: Solaris CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent a ...) NOT-FOR-US: Solaris CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web r ...) NOT-FOR-US: Keyifweb Keyif Portal CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Window ...) NOT-FOR-US: Citrix CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...) NOT-FOR-US: IBM CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLi ...) NOT-FOR-US: IDevSpot PhpLinkExchange CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...) NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the perForm ...) NOT-FOR-US: perForms component (com_performs) for Joomla! CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1. ...) NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...) NOT-FOR-US: PHP-Post CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...) NOT-FOR-US: iManage CMS CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber TopSit ...) NOT-FOR-US: phpFaber TopSites CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...) NOT-FOR-US: Top XL CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2 ...) NOT-FOR-US: FileCOPA FTP Server CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in Darren' ...) NOT-FOR-US: Darren's $5 Script Archive osDate CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to bo ...) NOT-FOR-US: Darren's $5 Script Archive osDate CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher We ...) NOT-FOR-US: uttenlocher Webdesign hwdeGUEST CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new pol ...) NOT-FOR-US: phpPolls CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...) NOT-FOR-US: Diesel Joke Site CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...) NOT-FOR-US: Touch Control ActiveX control CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensit ...) NOT-FOR-US: Zen Cart CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earli ...) NOT-FOR-US: Geeklog CVE-2006-3755 (PHP remote file inclusion vulnerability in Include/editor/class.rich.p ...) NOT-FOR-US: FlushCMS CVE-2006-3754 (PHP remote file inclusion vulnerability in Include/editor/rich_files/c ...) NOT-FOR-US: FlushCMS CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page T ...) NOT-FOR-US: Professional Home Page Tools Guestbook CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional Ho ...) NOT-FOR-US: Professional Home Page Tools Guestbook CVE-2006-3751 (PHP remote file inclusion vulnerability in popups/ImageManager/config. ...) NOT-FOR-US: HTMLArea3 CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...) NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...) NOT-FOR-US: Sitemap component (com_sitemap) for Mambo CVE-2006-3748 (PHP remote file inclusion vulnerability in includes/abbc/abbc.class.ph ...) NOT-FOR-US: LoudMouth Component for Mambo CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module (mo ...) {DSA-1132-1 DSA-1131-1} - apache 1.3.34-3 (medium; bug #380231) - apache2 2.0.55-4.1 (medium; bug #380182) CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote a ...) {DSA-1141-1 DSA-1140-1} - gnupg 1.4.5-1 (medium; bug #381204) - gnupg2 1.9.20-2 (medium) CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.17-7 CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows user-ass ...) {DSA-1168-1} - imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062) - graphicsmagick 1.1.7-7 CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assis ...) {DSA-1168-1} - imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062) - graphicsmagick 1.1.7-8 CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwo ...) - kdebase NOTE: only in Fedora CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...) {DSA-1233} - linux-2.6 2.6.18-1 CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree ...) {DSA-1193-1} - libxfont 1:1.2.2-1 CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X s ...) {DSA-1193-1} - libxfont 1:1.2.2-1 CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9. ...) {DSA-1195-1 DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 - openssl096 CVE-2006-XXXX [htdig: several unspecified security problems] - htdig 1:3.2.0b6-1 CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it] - ldap-account-manager 1.0.2-1.1 (bug #368804; medium) [sarge] - ldap-account-manager CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords] - ldap-account-manager 1.0.3-1 (bug #375453; medium) [sarge] - ldap-account-manager CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in filemanager/filemanager.ph ...) NOT-FOR-US: Plesk CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...) NOT-FOR-US: VideoDB for Mambo CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (modu ...) NOT-FOR-US: Mail2Forum CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface (CL ...) NOT-FOR-US: Cisco CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web applicatio ...) NOT-FOR-US: Cisco CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) befo ...) NOT-FOR-US: Cisco CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attack ...) - firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low) [sarge] - mozilla-firefox (Unreproducible on Sarge) CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 al ...) NOT-FOR-US: MSIE CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...) NOT-FOR-US: MSIE CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch 11882 ...) NOT-FOR-US: Solaris CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow re ...) NOT-FOR-US: Eskolar CMS CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th Ju ...) NOT-FOR-US: FileCOPA FTP Server CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a d ...) NOT-FOR-US: Norton Personal Firewall CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorl ...) NOT-FOR-US: Oracle CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle P ...) NOT-FOR-US: Oracle CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle P ...) NOT-FOR-US: Oracle CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...) NOT-FOR-US: Oracle CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle E ...) NOT-FOR-US: Oracle CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise Ma ...) NOT-FOR-US: Oracle CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-B ...) NOT-FOR-US: Oracle CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite 1 ...) NOT-FOR-US: Oracle CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2 ...) NOT-FOR-US: Oracle CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3 ...) NOT-FOR-US: Oracle CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4. ...) NOT-FOR-US: Oracle CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...) NOT-FOR-US: Oracle CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...) NOT-FOR-US: Oracle CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...) NOT-FOR-US: Oracle CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...) NOT-FOR-US: Oracle CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...) NOT-FOR-US: Oracle CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...) NOT-FOR-US: Oracle CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...) NOT-FOR-US: Oracle CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle Databas ...) NOT-FOR-US: Oracle CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9 ...) NOT-FOR-US: Oracle CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...) NOT-FOR-US: Oracle CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10 ...) NOT-FOR-US: Oracle CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...) NOT-FOR-US: Oracle CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavas ...) NOT-FOR-US: Outpost Firewall Pro CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows l ...) NOT-FOR-US: Outpost Firewall Pro CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...) {DSA-1157 DSA-1139-1} - ruby1.8 1.8.4-3 (bug #378029; medium) - ruby1.9 1.9.0+20060609-1 (medium) CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges v ...) NOT-FOR-US: Rocks Clusters CVE-2006-3692 NOT-FOR-US: ListMessenger CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allo ...) NOT-FOR-US: VBZooM CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...) NOT-FOR-US: MiniBB CVE-2006-3689 NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite] CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gal ...) NOT-FOR-US: Francisco Charrua Photo-Gallery CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...) NOT-FOR-US: D-Link CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 a ...) NOT-FOR-US: HP OpenVMS CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...) NOT-FOR-US: CzarNews CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...) NOT-FOR-US: SoftComplex PHP Event Calendar CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1. ...) NOT-FOR-US: Flipper Poll CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attack ...) - awstats 6.5-2 (bug #378960; low) [sarge] - awstats 6.4-1sarge3 NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in A ...) - awstats 6.5-2 (bug #378960; unimportant) NOTE: Path disclosure is not an issue for Debian CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1 ...) NOT-FOR-US: Photocycle CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...) NOT-FOR-US: FatWire Content Server CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) befor ...) NOT-FOR-US: TippingPoint CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ...) NOTE: MFSA-2006-45 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird - mozilla-thunderbird CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remo ...) NOT-FOR-US: planetGallery CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configurati ...) NOT-FOR-US: Password Safe NOTE: mypasswordsafe and pwsafe might use code from Password Safe, NOTE: but the problematic functionality is not present CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) - armagetron 0.2.8.2.1-1 (bug #379062; low) [sarge] - armagetron (Minor game DoS) [etch] - armagetron (Minor game DoS) CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) - armagetron 0.2.8.2.1-1 (bug #379062; low) [sarge] - armagetron (Minor game DoS) [etch] - armagetron (Minor game DoS) CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a den ...) - kdelibs 4:3.5.4-1 (bug #378962; unimportant) CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate fun ...) {DTSA-31-1} - hyperestraier 1.3.3-1 (bug #379060; low) CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...) NOT-FOR-US: Winlpd CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running o ...) NOT-FOR-US: Mercury Messenger CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...) {DSA-1123} - libdumb 1:0.9.3-5 (bug #379064; medium) CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...) NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc d ...) NOT-FOR-US: AjaxPortal CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...) - squirrelmail 2:1.4.7-1 (unimportant) NOTE: Operation with registers_globals not supported CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 al ...) NOT-FOR-US: Sun Solaris CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...) NOT-FOR-US: Finjan Appliance CVE-2006-3662 NOT-FOR-US: ATutor CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4. ...) NOT-FOR-US: CuteNews CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown imp ...) NOT-FOR-US: Microsoft PowerPoint CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-ass ...) NOT-FOR-US: Microsoft PowerPoint CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allo ...) NOT-FOR-US: Microsoft PowerPoint CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...) NOT-FOR-US: Microsoft Works Spreadsheet CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote a ...) NOT-FOR-US: Microsoft Works Spreadsheet CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...) NOT-FOR-US: Microsoft Internet Security and Acceleration Server CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 200 ...) NOT-FOR-US: Microsoft CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...) NOT-FOR-US: Microsoft CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6 ...) NOT-FOR-US: Microsoft CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP ...) NOT-FOR-US: Microsoft CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...) NOT-FOR-US: Microsoft CVE-2006-3646 REJECTED CVE-2006-3645 REJECTED CVE-2006-3644 REJECTED CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...) NOT-FOR-US: Microsoft CVE-2006-3642 REJECTED CVE-2006-3641 REJECTED CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to persis ...) NOT-FOR-US: Microsoft CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...) NOT-FOR-US: Microsoft CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle uninit ...) NOT-FOR-US: Microsoft CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle va ...) NOT-FOR-US: Microsoft CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...) {DSA-1188-1} - mailman 1:2.1.8-3 CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local user ...) - linux (Fixed before initial rename to src:linux) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440 NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5) CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functi ...) - linux-2.6 2.6.17-1 (medium) CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to exe ...) NOT-FOR-US: shiela CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows re ...) {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka Ether ...) {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 ...) {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Eth ...) {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.1 ...) {DSA-1127} - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (ak ...) - ethereal (bug #378745; high) - wireshark 0.99.2-1 (high) [sarge] - ethereal (Vulnerable code not present) CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: FLV Players CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 a ...) NOT-FOR-US: FLV Players CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in Mc ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to o ...) NOT-FOR-US: Koobi Pro CMS CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5 ...) NOT-FOR-US: Koobi Pro CMS CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in Ko ...) NOT-FOR-US: Koobi Pro CMS CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...) {DSA-1170} - gcc-4.1 4.1.1-11 (bug #368397; low) - gcc-3.4 3.4.4-0 NOTE: gcc-3.4 no longer builds the fastjar package CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (P ...) NOT-FOR-US: Pixelated By Lev (PBL) Guestbook CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixela ...) NOT-FOR-US: Pixelated By Lev (PBL) Guestbook CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazar ...) NOT-FOR-US: Carbonize Lazarus Guestbook CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, w ...) NOT-FOR-US: Phorum CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to tr ...) NOT-FOR-US: Orbitcoders OrbitMATRIX CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Tec ...) NOT-FOR-US: Chamberland Technology ezWaiter CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remot ...) NOT-FOR-US: Phorum CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...) NOT-FOR-US: Phorum CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ob ...) NOT-FOR-US: Orbitcoders OrbitMATRIX CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders O ...) NOT-FOR-US: Orbitcoders OrbitMATRIX CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when G ...) NOT-FOR-US: Simone Vellei Flatnuke CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...) NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script) CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange libra ...) NOTE: Sun Solaris CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...) NOT-FOR-US: FlexWATCH Network Camera CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Net ...) NOT-FOR-US: FlexWATCH Network Camera CVE-2006-3602 (Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.p ...) NOTE: this is CVE-2005-4600 NOT-FOR-US: Farsinews CVE-2006-3601 NOT-FOR-US: DotNetNuke CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup functio ...) {DSA-1135-1} - libtunepimp 0.4.2-4 (bug #378091; medium) CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module fo ...) NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...) NOT-FOR-US: Sections module for PHP-Nuke CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password bla ...) - shadow (fix for a mistake in the Ubuntu installer) CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco In ...) NOT-FOR-US: Cisco CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...) NOT-FOR-US: Cisco CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0 ...) NOT-FOR-US: Cisco CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5 ...) NOT-FOR-US: Cisco CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...) NOT-FOR-US: Cisco CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...) {DSA-1111} - linux-2.6 2.6.17-4 (bug #378324; high) CVE-2006-XXXX [insufficient form variable escaping] - webauth 3.5.2-1 CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows use ...) NOT-FOR-US: Microsoft PowerPoint CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructu ...) NOT-FOR-US: VMware CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attack ...) NOT-FOR-US: Jetbox CMS CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...) NOT-FOR-US: Jetbox CMS CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2 ...) NOT-FOR-US: Jetbox CMS CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote att ...) NOT-FOR-US: Jetbox CMS CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earli ...) - adplug 2.0.1-1 (bug #378279; medium) CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earl ...) - adplug 2.0.1-1 (bug #378279; medium) CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...) NOT-FOR-US: ASP Stats Generator CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...) NOT-FOR-US: Fujitsu ServerView CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.6 ...) NOT-FOR-US: Fujitsu ServerView CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows remo ...) NOT-FOR-US: LifeType CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense CM ...) NOT-FOR-US: SenseSites CommonSense CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee Viru ...) NOT-FOR-US: McAfee VirusScan Enterprise CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupma ...) NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...) NOT-FOR-US: Milan Mimica Sparklet CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earl ...) NOT-FOR-US: Papoo CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.p ...) NOT-FOR-US: Papoo CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in Drup ...) - drupal (webform module is not in Debian Drupal 4.5 package) CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...) NOT-FOR-US: IBM Data ONTAP CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php i ...) NOT-FOR-US: Fantastic Guestbook CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration int ...) NOT-FOR-US: Juniper CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...) NOT-FOR-US: HiveMail CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...) NOT-FOR-US: HiveMail CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 an ...) NOT-FOR-US: HiveMail CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winge ...) NOT-FOR-US: Winged Gallery CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow rem ...) NOT-FOR-US: Plume CMS CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earli ...) NOT-FOR-US: BT Voyager CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...) NOT-FOR-US: Blue Dojo Graffiti Forums CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...) NOT-FOR-US: auraCMS CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...) NOT-FOR-US: auraCMS CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...) NOT-FOR-US: MT Orumcek Toplist CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...) NOT-FOR-US: Mohamed Moujami ExtCalendar CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in P ...) NOT-FOR-US: PHP-Fusion CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...) NOT-FOR-US: MKPortal CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass authentica ...) NOT-FOR-US: planetNews CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaborati ...) NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and p ...) NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell) CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks Fir ...) NOT-FOR-US: F5 Netowrks FirePass CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 an ...) {DSA-1406-1} - horde3 3.1.2-1 (bug #378281; low) CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...) {DSA-1406-1} - horde3 3.1.2-1 (bug #378281; low) CVE-2006-3547 NOT-FOR-US: EMC VMware Player CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attacker ...) NOT-FOR-US: Patrice Freydiere ImgSvr CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote atta ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3544 NOT-FOR-US: Invision Power Board CVE-2006-3543 NOT-FOR-US: Invision Power Board CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...) NOT-FOR-US: Garry Glendown Shopping Cart CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna k ...) NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6 ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dr ...) NOT-FOR-US: DKScript.com Dragon's Kingdom Script CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in Bea ...) NOT-FOR-US: BeatificFaith Eprayer CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop befor ...) NOT-FOR-US: Randshop CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php i ...) NOT-FOR-US: EJ3 TOPo CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9 ...) NOT-FOR-US: Nullsoft SHOUTcast DSP CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9 ...) NOT-FOR-US: Nullsoft SHOUTcast DSP CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...) - pivot (bug #305786) CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.3 ...) - pivot (bug #305786) CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...) - pivot (bug #305786) CVE-2006-3530 (PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.p ...) NOT-FOR-US: PccookBook Component for Mambo and Joomla CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 200 ...) NOT-FOR-US: Juniper JUNOS CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mamb ...) NOT-FOR-US: Simpleboard Mambo module CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds C ...) NOT-FOR-US: BosClassifieds Classified Ads CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php i ...) NOT-FOR-US: Sport-slo Advanced Guestbook CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...) NOT-FOR-US: PHCDownload CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...) NOT-FOR-US: SIPfoundry sipXtapi CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote atta ...) NOT-FOR-US: Clearswift MIMEsweeper CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...) NOT-FOR-US: Clearswift MIMEsweeper CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge ...) NOT-FOR-US: SiteForge Collaborative Development Platform CVE-2006-3520 (PHP remote file inclusion vulnerability in skins/advanced/advanced1.ph ...) NOT-FOR-US: Sabdrimer Pro CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engi ...) NOT-FOR-US: The Banner Engine CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...) NOT-FOR-US: Webvizyon Portal CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...) NOT-FOR-US: RW::Download CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote attack ...) NOT-FOR-US: FreeHost CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in A ...) NOT-FOR-US: AjaxPortal CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.p ...) NOT-FOR-US: PHP-Blogger CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a d ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple M ...) NOT-FOR-US: Apple CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...) NOT-FOR-US: Apple CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver o ...) NOT-FOR-US: Apple CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and O ...) NOT-FOR-US: Mac OS X CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ca ...) NOT-FOR-US: Apple Mac OS CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assis ...) NOT-FOR-US: Apple Mac OS CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows u ...) NOT-FOR-US: Apple Mac OS CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assi ...) NOT-FOR-US: Apple Mac OS CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...) NOT-FOR-US: Apple Mac OS CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...) NOT-FOR-US: Apple Mac OS CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...) NOT-FOR-US: Apple Mac OS CVE-2006-3497 (Unspecified vulnerability in the "compression state handling" in Bom f ...) NOT-FOR-US: Apple Mac OS CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...) NOT-FOR-US: Apple Mac OS CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys i ...) NOT-FOR-US: Apple Mac OS CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0. ...) NOT-FOR-US: Buddy Zone CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9 ...) NOT-FOR-US: Microsoft Office CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...) NOT-FOR-US: MICO CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...) NOT-FOR-US: Kaillera Server CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Sec ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Sec ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in VirtuaSt ...) NOT-FOR-US: VirtuaStore CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with insuffi ...) NOT-FOR-US: VirtuaStore CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1. ...) NOT-FOR-US: AstroDog Press Some Chess CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1 ...) NOT-FOR-US: ATutor CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...) NOT-FOR-US: PHPMailList CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailLis ...) NOT-FOR-US: PHPMailList CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...) NOT-FOR-US: Joomla! CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block funct ...) NOT-FOR-US: Nuked-Klan CVE-2006-3478 (PHP remote file inclusion vulnerability in styles/default/global_heade ...) NOT-FOR-US: MyPHP CMS CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate Pr ...) NOT-FOR-US: Stalker CommuniGate Pro CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGall ...) NOT-FOR-US: PhpWebGallery CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...) NOT-FOR-US: QBoard CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO a ...) NOT-FOR-US: Belchior Foundry vCard PRO CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...) - drupal (form_mail Module not in debian) CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not requir ...) NOT-FOR-US: Dell Openmanage CD CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1. ...) {DSA-1112} - mysql-dfsg-5.0 5.0.22-1 (bug #375694) CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attack ...) {DSA-1184-2} - linux-2.6 2.6.17-6 CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to cau ...) {DSA-1193-1 DSA-1178-1} - freetype 2.2.1-5 (bug #379920; medium) - libxfont 1:1.2.0-2 (medium; bug #383353) CVE-2006-3466 REJECTED CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF libra ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library (li ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) be ...) {DSA-1137-1} - tiff 3.8.2-6 - tiff3 (fixed prior to initial upload) CVE-2006-3486 - mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102) [sarge] - mysql-dfsg-4.1 (Vulnerable code not present) [sarge] - mysql-dfsg (Vulnerable code not present) NOTE: Only DoS possible, only root can trigger this -> non-issue CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Vir ...) NOT-FOR-US: Symantec CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiViru ...) NOT-FOR-US: Symantec CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate E ...) NOT-FOR-US: Symantec CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...) NOT-FOR-US: Symantec CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...) NOT-FOR-US: Adobe acrobat CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure f ...) NOT-FOR-US: Adobe acrobat CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collec ...) NOT-FOR-US: Microsoft CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, p ...) NOT-FOR-US: Microsoft CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...) NOT-FOR-US: Microsoft CVE-2006-3447 REJECTED CVE-2006-3446 REJECTED CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Mic ...) NOT-FOR-US: Microsoft CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows 2 ...) NOT-FOR-US: Microsoft CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in Micr ...) NOT-FOR-US: Microsoft CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP ...) NOT-FOR-US: Microsoft CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP S ...) NOT-FOR-US: Microsoft CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, X ...) NOT-FOR-US: Microsoft CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink ...) NOT-FOR-US: Microsoft CVE-2006-3437 REJECTED CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2 ...) NOT-FOR-US: Microsoft CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X f ...) NOT-FOR-US: Microsoft CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...) NOT-FOR-US: Microsoft CVE-2006-3433 REJECTED CVE-2006-3432 REJECTED CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...) NOT-FOR-US: Microsoft Excel CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink Updat ...) NOT-FOR-US: Novell PatchLink Update Server CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) NOT-FOR-US: TTCalc CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) NOT-FOR-US: TTCalc CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server (PLUS ...) NOT-FOR-US: Novell PatchLink Update Server CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2 ...) NOT-FOR-US: Novell PatchLink Update Server CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, possibl ...) NOT-FOR-US: WebEx Downloader ActiveX Control CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1. ...) NOT-FOR-US: WebEx Downloader ActiveX Control CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows r ...) NOT-FOR-US: WonderEdit Pro CMS CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlie ...) NOT-FOR-US: SmartSiteCMS CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in MyB ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_byte ...) - tor 0.1.1.20-1 CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's finge ...) - tor 0.1.1.20-1 CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or is ...) - tor 0.1.1.20-1 CVE-2006-3416 - tor 0.1.1.20-1 CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" destinati ...) - tor 0.1.1.20-1 CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...) - tor 0.1.1.20-1 CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on App ...) - tor 0.1.1.20-1 CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall option ...) - tor 0.1.1.20-1 CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys bas ...) - tor 0.1.1.20-1 CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting o ...) - tor 0.1.1.20-1 CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to exe ...) - tor 0.1.1.20-1 CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor b ...) - tor 0.1.1.20-1 CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or po ...) - tor 0.1.1.20-1 CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 a ...) NOT-FOR-US: QTOFileManager CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManage ...) NOT-FOR-US: QTOFileManager CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows ...) {DSA-1110} - samba 3.0.23a-1 (bug #378070) CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...) NOT-FOR-US: VirtuaStore CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Aren ...) NOT-FOR-US: Quake 3 CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...) NOT-FOR-US: Soldier of Fortune 2 CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki befor ...) NOT-FOR-US: MoniWiki CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes passwor ...) NOT-FOR-US: Taskjitsu CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu befor ...) NOT-FOR-US: Taskjitsu CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in Galler ...) NOT-FOR-US: Galleria Mambo Module CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3 ...) NOT-FOR-US: SiteBuilder-FX CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP 0.3. ...) NOT-FOR-US: BXCP CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...) NOT-FOR-US: Papyrus NASCAR Racing CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path f ...) {DSA-1199-1} - webmin (medium; bug #381537) CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 a ...) NOT-FOR-US: iMBCContents CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation pat ...) - wordpress 2.0.4-1 (unimportant) NOTE: http://wordpress.org/news/2006/07/wordpress-204/ CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain sensiti ...) - wordpress 2.0.4-1 (unimportant) NOTE: http://wordpress.org/news/2006/07/wordpress-204/ CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 al ...) - phpmyadmin 4:2.8.2-0.1 (bug #377748; low) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2006-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6d6f47bdb2c7f5519dcc6497a6ebf9ebc305e6de CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News 1 ...) NOT-FOR-US: Fusion News CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to obta ...) NOT-FOR-US: Vincent Leclercq News CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent Lecl ...) NOT-FOR-US: Vincent Leclercq News CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...) NOT-FOR-US: Vincent Leclercq News CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allo ...) NOT-FOR-US: mAds CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 all ...) NOT-FOR-US: mAds CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...) NOT-FOR-US: SturGeoN CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 al ...) NOT-FOR-US: FreeStyle Wiki CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...) {DSA-1119} - hiki 0.8.6-1 (bug #378059; low) CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...) {DSA-1150-1} - shadow 1:4.0.14-1 (bug #379174) CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...) NOT-FOR-US: JMB Software AutoRank PHP CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple pr ...) {DSA-1194-1} - libwmf 0.2.8.4-2 (bug #381538; medium) CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) NOT-FOR-US: Randshop CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 a ...) NOT-FOR-US: Randshop CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...) NOT-FOR-US: Hobbit CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Apple Safari CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...) NOT-FOR-US: Eupla Foros CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root wi ...) NOT-FOR-US: Blueboy CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with i ...) NOT-FOR-US: Kamikaze-QSCM CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with insu ...) NOT-FOR-US: Efone CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...) NOT-FOR-US: Mp3NetBox CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow r ...) NOT-FOR-US: V3 Chat CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via (1 ...) NOT-FOR-US: V3 Chat CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG: ...) NOT-FOR-US: BLOG:CMS CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...) NOT-FOR-US: Glossaire for Xoops CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connector.php ...) - knowledgeroot (fixed before first upload; see bug #381912) CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier ...) NOT-FOR-US: Stud.IP CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...) - phpsysinfo (unimportant) - egroupware (unimportant) - phpgroupware (unimportant) NOTE: Only the existence of files inside the WWW root is leaked. If this is NOTE: a threat to your setup you most probably shouldn't install a script which NOTE: exposes all your system data, either. CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PR ...) NOT-FOR-US: NewsPHP CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ne ...) NOT-FOR-US: NewsPHP CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) i ...) NOT-FOR-US: HTML Help ActiveX control CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ear ...) NOT-FOR-US: Apple CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll al ...) - mpg123 0.60-1 (bug #377264; medium) [sarge] - mpg123 (Non-free not supported) CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) v ...) NOT-FOR-US: Opera CVE-2006-3352 NOTE: firefox, but invalid CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2 ...) NOT-FOR-US: Windows Explorer CVE-2006-3695 (Trac before 0.9.6 does not disable the "raw" or "include" commands whe ...) {DSA-1152} - trac 0.9.6-1 (medium) [sarge] - trac 0.8.1-3sarge5 CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does n ...) {DSA-1113} - zope2.7 (bug #377285; medium) - zope2.8 2.8.7-2 (bug #377277; medium) - zope2.9 2.9.3-3 (bug #377286; medium) CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...) {DSA-1116} - gimp 2.2.11-3.1 (bug #377049; medium) CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...) NOT-FOR-US: AutoVue SolidModel Professional Desktop CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote atta ...) NOT-FOR-US: SmS Script CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Be ...) NOT-FOR-US: HSPcomplete CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3 ...) NOT-FOR-US: deV!Lz Clanportal DZCP CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows rem ...) NOT-FOR-US: MyNewsGroups CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...) NOT-FOR-US: AliPAGER CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...) NOT-FOR-US: Siemens Speedstream Wireless Router CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in Cris ...) NOT-FOR-US: CrisoftRicette CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...) NOT-FOR-US: Arctic CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...) NOT-FOR-US: MyAds module for Xoops CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...) NOT-FOR-US: Pearl For Mambo CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows r ...) NOT-FOR-US: Atlassian CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...) NOT-FOR-US: Atlassian CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in frontend/x/files/select.ht ...) NOT-FOR-US: cPanel (not the Chinese language tool in Debian) CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the up ...) - twiki 1:4.0.4-3 (low; bug #381907) NOTE: only in some server configurations CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: HP-UX CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...) - libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant) NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow NOTE: cannot overwrite other memory sections CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3 ...) NOT-FOR-US: Zorum Forum CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows rem ...) NOT-FOR-US: Zorum Forum CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...) NOT-FOR-US: Opera CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...) NOT-FOR-US: PHP/MySQL Classifieds CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PH ...) NOT-FOR-US: PHP/MySQL Classifieds CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal a ...) NOT-FOR-US: Hostflow CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating s ...) NOT-FOR-US: Custom dating biz dating script CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote use ...) NOT-FOR-US: QuickZip CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quak ...) - ioquake3 1.36+svn1788j-1 - tremulous 1.1.0-6 (bug #660834) [squeeze] - tremulous 1.1.0-7~squeeze1 CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the Icc ...) - ioquake3 1.36+svn1788j-1 - tremulous 1.1.0-6 (bug #660832) [squeeze] - tremulous 1.1.0-7~squeeze1 CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF Piada ...) NOT-FOR-US: MF Piadas CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in phpRa ...) NOT-FOR-US: phpRaid CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp i ...) NOT-FOR-US: OpenForum CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3 ...) {DSA-1130-1} - sitebar 3.3.8-1.1 (bug #377299; low) CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCale ...) NOT-FOR-US: PHP iCalendar CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and poss ...) NOT-FOR-US: phpRaid CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...) NOT-FOR-US: phpRaid CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 al ...) NOT-FOR-US: phpRaid CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...) NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop" CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...) NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop" CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smar ...) NOT-FOR-US: Netsoft smartNet CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bil ...) NOT-FOR-US: QaTraq CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Prof ...) - flashplugin-nonfree 7.0.68.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) CVE-2006-3310 RESERVED CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal To ...) NOT-FOR-US: Scout Portal CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS bbsengin ...) NOT-FOR-US: bbsengine CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine befor ...) NOT-FOR-US: bbsengine CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring function ...) NOT-FOR-US: bbsengine CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmai ...) NOT-FOR-US: UebiMiau CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier all ...) NOT-FOR-US: DeluxeBB CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in Delux ...) NOT-FOR-US: DeluxeBB CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mamb ...) NOT-FOR-US: CBSMS Mambo module CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2. ...) - phpqladmin (bug #376442; low) CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in P ...) NOT-FOR-US: phpmysms CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...) NOT-FOR-US: Usenet Script CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to caus ...) NOT-FOR-US: Offical Yahoo! Messenger client CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webm ...) NOT-FOR-US: UebiMiau CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows r ...) NOT-FOR-US: Open Guestbook CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open Guestbo ...) NOT-FOR-US: Open Guestbook CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in C ...) NOT-FOR-US: CBSMS Mambo module CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...) NOT-FOR-US: EnergyMech CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...) NOT-FOR-US: Jaws CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on th ...) NOT-FOR-US: Cisco CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and Windo ...) NOT-FOR-US: Cisco CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...) NOT-FOR-US: Cisco CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...) NOT-FOR-US: Cisco CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and e ...) NOT-FOR-US: Cisco CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...) NOT-FOR-US: Cisco CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...) NOT-FOR-US: Cisco CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 all ...) NOT-FOR-US: Dating Agent PRO CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote at ...) NOT-FOR-US: Dating Agent PRO CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...) NOT-FOR-US: Dating Agent PRO CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...) NOT-FOR-US: aeDating CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...) NOT-FOR-US: H-Sphere CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...) NOT-FOR-US: MailEnable CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 1 ...) NOT-FOR-US: Helix DNA Server CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlie ...) NOT-FOR-US: YaBB CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...) - webmin (only windows) CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...) NOT-FOR-US: Some Chess CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some Ch ...) NOT-FOR-US: Some Chess CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow rem ...) NOT-FOR-US: Softbiz Dating CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows r ...) NOT-FOR-US: THoRCMS CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...) NOT-FOR-US: THoRCMS CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell GroupWis ...) NOT-FOR-US: Novell GroupWise CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...) NOT-FOR-US: Infinite Core Technologies CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1. ...) NOT-FOR-US: Bee-hive CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qd ...) NOT-FOR-US: Qdig CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSe ...) NOT-FOR-US: Namo DeepSearch CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in M ...) - mambo 4.5.3h-2 (medium) CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in M ...) - mambo 4.5.3h-2 (medium) CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control Manage ...) NOT-FOR-US: Trend Micro Control Manager CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 a ...) NOT-FOR-US: vlbook CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allo ...) NOT-FOR-US: e107 CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in B ...) NOT-FOR-US: BNBT TrinEdit and EasyTracker CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...) NOT-FOR-US: Claroline CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board (WB ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ( ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-3253 NOT-FOR-US: vBulletin CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic Re ...) NOT-FOR-US: Algorithmic Research PrivateWire VPN CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c fo ...) {DSA-1114} - hashcash 1.21 (bug #376444) CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-a ...) NOT-FOR-US: Windows Live Messenger CVE-2006-3249 NOT-FOR-US: Phorum CVE-2006-3248 REJECTED CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL- ...) NOT-FOR-US: GL-SH Deaf Forum CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf For ...) NOT-FOR-US: GL-SH Deaf Forum CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...) NOT-FOR-US: mvnForum CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier al ...) NOT-FOR-US: Anthill CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1. ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in im ...) {DSA-1108} - mutt 1.5.11+cvs20060403-2 (low; bug #375828) CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1. ...) NOT-FOR-US: XennoBB CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in do ...) NOT-FOR-US: dotProject CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...) NOT-FOR-US: VBZooM CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allo ...) NOT-FOR-US: VBZooM CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise Gr ...) NOT-FOR-US: Enterprise Groupware System CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier all ...) NOT-FOR-US: thinkWMS CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...) NOT-FOR-US: FineShop CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 an ...) NOT-FOR-US: FineShop CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Ope ...) NOT-FOR-US: OpenWebMail CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...) NOT-FOR-US: IBM WebSphere CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) be ...) NOT-FOR-US: IBM WebSphere CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Trac ...) NOT-FOR-US: Azureus plugin that isn't distributed by default CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, a ...) NOT-FOR-US: OpenWebMail CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5 ...) NOT-FOR-US: WinAmp CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web browse ...) NOT-FOR-US: Internet Explorer CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the clie ...) NOT-FOR-US: Cisco CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...) NOT-FOR-US: Sun ONE Application Server CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attacker ...) NOT-FOR-US: Apple Safari CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...) NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...) NOT-FOR-US: Fortinet FortiOS CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ea ...) NOT-FOR-US: DataLife CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab Burni ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board (WB ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board (W ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...) NOT-FOR-US: JaguarEditControl CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exch ...) NOT-FOR-US: MAILsweeper CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exch ...) NOT-FOR-US: MAILsweeper CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ear ...) NOT-FOR-US: Hitachi Groupmax CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attack ...) NOT-FOR-US: WeBBoA Hosting CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1. ...) NOT-FOR-US: cjGuestbook CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1. ...) NOT-FOR-US: cjGuestbook CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when reg ...) NOT-FOR-US: Ralf Image Gallery CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spa ...) NOT-FOR-US: Microsoft Windows CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remo ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically we ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier include ...) NOT-FOR-US: Ultimate PHP Board CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...) NOT-FOR-US: NetBSD's KAME stack CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: HP-UX CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ca ...) NOT-FOR-US: Internet Explorer CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) v ...) NOT-FOR-US: Opera CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...) NOT-FOR-US: Opera CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) NOT-FOR-US: Invision Power Board CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to o ...) NOT-FOR-US: singapore CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.1 ...) NOT-FOR-US: singapore CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...) NOT-FOR-US: singapore CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSi ...) NOT-FOR-US: BandSite CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows r ...) NOT-FOR-US: Ad Manager CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 al ...) NOT-FOR-US: MPCS CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...) NOT-FOR-US: HotPlug CMS CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in administration/tblcontent/ ...) NOT-FOR-US: HotPlug CMS CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earli ...) NOT-FOR-US: Sharky e-shop CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3 ...) NOT-FOR-US: Sharky e-shop CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3 ...) NOT-FOR-US: CMS Faethon CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS Faet ...) NOT-FOR-US: CMS Faethon CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator befo ...) NOT-FOR-US: ASP Stats Generator CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts M ...) NOT-FOR-US: Mobile Space Community CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile S ...) NOT-FOR-US: Mobile Space Community CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space C ...) NOT-FOR-US: Mobile Space Community CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx P ...) NOT-FOR-US: Confixx Pro CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...) NOT-FOR-US: Confixx Pro CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...) {DSA-1144-1} - chmlib 0.38-1 (bug #374085; low) CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...) NOT-FOR-US: The Bible Portal Project CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allo ...) NOT-FOR-US: xarancms CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...) NOT-FOR-US: mcGuestbook CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...) - squirrelmail 2:1.4.7-1 (bug #375782; unimportant) NOTE: Operation with registers_globals not supported CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) NOT-FOR-US: Content*Builder CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) NOT-FOR-US: Content*Builder CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote att ...) NOT-FOR-US: CS-Forum CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: CS-Forum CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 a ...) NOT-FOR-US: CS-Forum CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote atta ...) NOT-FOR-US: CS-Forum CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...) NOT-FOR-US: Free Realty CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free Realt ...) NOT-FOR-US: Free Realty CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...) NOT-FOR-US: Free Realty CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...) NOT-FOR-US: tplShop CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...) NOT-FOR-US: IMGallery CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in Sma ...) NOT-FOR-US: SmartSiteCMS CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...) NOT-FOR-US: SaphpLesson CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...) NOT-FOR-US: Simple File Manager CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...) NOT-FOR-US: Sun ONE/iPlanet Messaging Server CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...) NOT-FOR-US: Eduha Meeting CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...) NOT-FOR-US: UltimateGoogle CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eSho ...) NOT-FOR-US: Ultimate eShop CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auctio ...) NOT-FOR-US: Ultimate Auction CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ear ...) NOT-FOR-US: Ultimate Estate CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estat ...) NOT-FOR-US: Ultimate Estate CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlie ...) NOT-FOR-US: phpTRADER CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (a ...) NOT-FOR-US: AssoCIateD CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlie ...) NOT-FOR-US: CavoxCms CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4. ...) NOT-FOR-US: phpMyForum CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in Open-Realt ...) NOT-FOR-US: Open-Realty CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...) NOT-FOR-US: Hosting Controller CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...) NOT-FOR-US: Toshiba drivers for Windows CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remo ...) - netpbm-free (Debian's version is too old; affects 10.30 to 10.33 only) CVE-2006-3144 (PHP remote file inclusion vulnerability in micro_cms_files/microcms-in ...) NOT-FOR-US: IBD Micro CMS CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...) NOT-FOR-US: Maximus SchoolMAX CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...) NOT-FOR-US: VBZooM CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...) NOT-FOR-US: Tradingeye Shop CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...) NOT-FOR-US: openCI CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar ...) NOT-FOR-US: Virtual War CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...) NOT-FOR-US: phpMyDirectory CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...) NOT-FOR-US: Edge eCommerce Shop CVE-2006-3136 NOT-FOR-US: Nucleus CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...) NOT-FOR-US: CMS Mundo CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by m ...) NOT-FOR-US: GraceNote ActiveX Control CVE-2006-3133 RESERVED CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManag ...) NOT-FOR-US: QTOFileManager CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...) NOT-FOR-US: Clubpage CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote att ...) NOT-FOR-US: Clubpage CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...) NOT-FOR-US: LinkList CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does no ...) NOT-FOR-US: easy-CMS CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun Ja ...) - mozilla (SunSolve claims it is only in 3.11; latest released is 3.10) CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...) {DSA-1165} - capi4hylafax 1:01.03.00.99.svn.300-3 CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...) {DSA-1163} - gtetrinet 0.7.10-1 CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before 1.61 ...) {DSA-1158} - streamripper 1.61.25-2 CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt func ...) {DSA-1138-1} - cfs 1.4.1-17 CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2. ...) {DSA-1143-1} - dhcp 2.0pl5-19.5 (bug #380273) CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsyst ...) {DSA-1151-1} - heartbeat-2 2.0.6-2 - heartbeat 1.2.4-14 CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 allow ...) {DSA-1129} - osiris 4.2.0-2 (medium) CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ty ...) {DSA-1124} - fbi 2.05-1 CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...) - spread 3.17.3-4 (bug #375617; low) [sarge] - spread (Minimal security implications) CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...) {DSA-1104} - openoffice.org 2.0.3-1 CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 an ...) NOT-FOR-US: phpRaid CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...) NOT-FOR-US: phpRaid CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the " ...) NOT-FOR-US: PC Tools AntiVirus CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ...) NOTE: MFSA-2006-46 - mozilla (mozilla 1.7 not affected) - xulrunner 1.8.0.5-1 (high) - mozilla-firefox (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird 1.5.0.5-1 (medium) - mozilla-thunderbird CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Chipmailer CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...) NOT-FOR-US: Chipmailer CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.0 ...) NOT-FOR-US: Chipmailer CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 befo ...) NOT-FOR-US: Cisco CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email Serve ...) NOT-FOR-US: EmailArchitect CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) NOT-FOR-US: Docebo CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop| ...) NOT-FOR-US: phpMyDesktop CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...) NOT-FOR-US: Bitweaver CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain sen ...) NOT-FOR-US: Bitweaver CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remot ...) NOT-FOR-US: Bitweaver CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run o ...) NOT-FOR-US: Bitweaver CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Se ...) NOT-FOR-US: Cisco CVE-2006-3099 RESERVED CVE-2006-3098 RESERVED CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and st ...) NOT-FOR-US: HP-UX Support Tools Manager CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...) NOT-FOR-US: iPostMX CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2. ...) NOT-FOR-US: iPostMX CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.2006040 ...) NOT-FOR-US: Calendarix Basic CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread ...) NOT-FOR-US: Adobe Reader CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass authen ...) NOT-FOR-US: PhpMyFactures CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attacke ...) NOT-FOR-US: PhpMyFactures CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possi ...) NOT-FOR-US: PhpMyFactures CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1 ...) NOT-FOR-US: PhpMyFactures CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car Classifie ...) NOT-FOR-US: Car Classifieds CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 a ...) NOT-FOR-US: EZGallery CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName f ...) NOT-FOR-US: Microsoft CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1 ...) {DSA-1146-1} - krb5 1.4.3-9 (medium) CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...) {DSA-1146-1} - krb5 1.4.3-9 (medium) CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...) {DSA-1115 DSA-1107} - gnupg 1.4.3-2 (bug #375052; bug #375473; low) - gnupg2 1.9.20-1.1 (bug #375053; low) CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x be ...) {DSA-1112} - mysql-dfsg-5.0 5.0.19-1 (bug #373913; high) CVE-2006-3100 (termpkg 3.3 suffers from buffer overflow. ...) - termpkg 3.3-7 (bug #358028; medium) CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...) - linux-2.6 2.6.16-15 CVE-2006-XXXX [webalizer-stonesteps XSS] - webalizer-stonesteps 2.4.1.2-1 CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForu ...) NOT-FOR-US: aXentForum CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1 ...) NOT-FOR-US: SSPwiz Plus CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier a ...) NOT-FOR-US: APBoard CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGues ...) NOT-FOR-US: aXentGuestbook CVE-2006-3076 (PHP remote file inclusion vulnerability in software_upload/public_incl ...) NOT-FOR-US: PhpBlueDragon CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis Profe ...) NOT-FOR-US: PictureDis Professional CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Vi ...) NOT-FOR-US: Several Kaspersky products CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feat ...) NOT-FOR-US: Cisco CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before 4.0.2 ...) NOT-FOR-US: Symantec Security Information Manager CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Ar ...) NOT-FOR-US: MP3 Search/Archive CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_m ...) NOT-FOR-US: Zeroboard CVE-2006-3069 NOT-FOR-US: DoubleSpeak CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote at ...) NOT-FOR-US: IBM DB2 CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UD ...) NOT-FOR-US: IBM DB2 CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ( ...) NOT-FOR-US: IBM DB2 CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.4 ...) NOT-FOR-US: blur6ex CVE-2006-3064 (SQL injection vulnerability in the add_hit function in include/functio ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...) NOT-FOR-US: myPHP Guestbook CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbo ...) NOT-FOR-US: myPHP Guestbook CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review a ...) NOT-FOR-US: 5 Star Review CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...) NOT-FOR-US: P.A.I.D CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) NOT-FOR-US: Microsoft Excel CVE-2006-3058 RESERVED CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) a ...) - dhcdbd 1.14-1 CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows remo ...) NOT-FOR-US: VBZooM CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote att ...) NOT-FOR-US: VBZooM CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote att ...) NOT-FOR-US: VBZooM CVE-2006-3053 NOT-FOR-US: PHORUM CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...) NOT-FOR-US: Event Registration CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, an ...) NOT-FOR-US: SixCMS CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and oth ...) NOT-FOR-US: SixCMS CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...) NOT-FOR-US: Mole Group Ticket Booking Script CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier v ...) - tikiwiki 1.9.4-1 (medium) CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possi ...) - tikiwiki 1.9.4-1 (medium) CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, i ...) NOT-FOR-US: Subtext CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing 0 ...) NOT-FOR-US: Foing CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows re ...) NOT-FOR-US: LogiSphere CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...) NOT-FOR-US: CFXe-CMS CVE-2006-3042 NOT-FOR-US: ISPConfig CVE-2006-3041 NOT-FOR-US: Codewalkers Ltwcalendar CVE-2006-3040 NOT-FOR-US: Amr Talkbox CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts Rea ...) NOT-FOR-US: Cescripts Realty Home Rent CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts Rea ...) NOT-FOR-US: Cescripts Realty Home Rent CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...) NOT-FOR-US: ST AdManager Lite CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegaller ...) NOT-FOR-US: 35mmslidegallery CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...) NOT-FOR-US: MyScrapbook CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: MyScrapbook CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows rem ...) NOT-FOR-US: MyScrapbook CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Phot ...) NOT-FOR-US: Xtreme ASP Photo Gallery CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fi ...) NOT-FOR-US: fipsCMS CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...) NOT-FOR-US: DwZone Shopping Cart CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech C ...) NOT-FOR-US: ClickTech Clickcart CVE-2006-3028 (PHP remote file inclusion vulnerability in stat_modules/users_age/modu ...) NOT-FOR-US: Minerva CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...) NOT-FOR-US: Enthrallwebe ePhotos CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5. ...) NOT-FOR-US: ClickGallery CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Luci ...) NOT-FOR-US: Chris Lea Lucid Calendar CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counte ...) NOT-FOR-US: EvGenius Counter CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...) NOT-FOR-US: Uapplication Uphotogallery CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1. ...) NOT-FOR-US: fipsGallery CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Ga ...) NOT-FOR-US: BlueCollar i-Gallery CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp i ...) NOT-FOR-US: WS-Album CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...) NOT-FOR-US: phpCMS CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in PH ...) - php5 5.1.4-0.1 (unimportant) - php4 (unimportant) NOTE: Sanitising is the application's responsibilitys CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...) {DSA-1206-1} - php5 5.1.4-0.1 (medium) - php4 4:4.4.4-1 (medium; bug #381998) CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...) - php5 5.1.4-0.1 (unimportant) - php4 4:4.4.4-1 (unimportant; bug #382259) NOTE: Sanitising is the application's responsibilitys CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remo ...) NOT-FOR-US: WinSCP CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ja ...) NOT-FOR-US: Microsoft Excel / Flashplayer for Windows CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...) NOT-FOR-US: phpBannerExchange CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 a ...) NOT-FOR-US: phpBannerExchange CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and 5. ...) - php4 4:4.4.4-1 (unimportant) - php5 5.1.6-1 (unimportant) NOTE: Safe mode violations are not supported CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management (OB ...) NOT-FOR-US: Open Business Management CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...) NOT-FOR-US: Open Business Management CVE-2006-3008 REJECTED CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...) NOT-FOR-US: SHOUTcast CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly o ...) NOT-FOR-US: iFoto CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is bu ...) - libjpeg6b (--maxmem is set during configure) - libjpeg-mmx (bug #373672; low) [sarge] - libjpeg-mmx (If this poses a threat, the admin can apply resource limits) CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Man ...) NOT-FOR-US: Ez Ringtone CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the f ...) NOT-FOR-US: Easy Ad-Manager CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Man ...) NOT-FOR-US: OkScripts product CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Ok ...) NOT-FOR-US: OkScripts product CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Ok ...) NOT-FOR-US: OkScripts product CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Qu ...) NOT-FOR-US: OkScripts product CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free QBoa ...) NOT-FOR-US: QBoard CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...) - zope-zms (bug #373667; unimportant) [sarge] - zope-zms (Only exploitable with register_globals) NOTE: register_globals is an unsupported mode of operation in Debian CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in LoveC ...) NOT-FOR-US: aePartner CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1 ...) NOT-FOR-US: WebprojectDB CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...) NOT-FOR-US: phazizGuestbook CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and e ...) NOT-FOR-US: My Photo Scrapbook CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo Sc ...) NOT-FOR-US: My Photo Scrapbook CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 al ...) NOT-FOR-US: Ringlink CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...) NOT-FOR-US: VanillaSoft CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPi ...) NOT-FOR-US: ASP ListPics CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...) NOT-FOR-US: Chemical Dictionary CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...) NOT-FOR-US: PICRATE CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Medi ...) NOT-FOR-US: vSCAL and vsREAL CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earli ...) NOT-FOR-US: IntegraMOD CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1. ...) NOT-FOR-US: IntegraMOD CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and Pa ...) NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS) CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise Times ...) NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS) CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats be ...) NOT-FOR-US: Arantius Vice Stats CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...) NOT-FOR-US: ViArt CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...) NOT-FOR-US: ViArt CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the i ...) NOT-FOR-US: Moblog CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earli ...) NOT-FOR-US: Moblog CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery b ...) NOT-FOR-US: Coppermine CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.ph ...) NOT-FOR-US: PBL Guestbook CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...) NOT-FOR-US: EmailArchitect CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite Calend ...) NOT-FOR-US: PHP Lite Calendar CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...) NOT-FOR-US: Arantius Vice Stats CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows r ...) - overkill 0.16-9 (bug #373687; low) [sarge] - overkill (Only DoS against an obscure game, no code injection possible) CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...) NOT-FOR-US: tinyMuw CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...) NOT-FOR-US: tinyMuw CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...) NOT-FOR-US: LabWiki CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network r ...) NOT-FOR-US: SafeNET CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wik ...) NOT-FOR-US: Particle Wiki CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft P ...) NOT-FOR-US: Particle Whois CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts D ...) NOT-FOR-US: Xtreme Downloads CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Caba ...) NOT-FOR-US: Cabacos Web CMS CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergeni ...) NOT-FOR-US: Empris CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remot ...) NOT-FOR-US: CesarFTP CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in Joom ...) NOT-FOR-US: Joomla! CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 an ...) NOT-FOR-US: Snitz Forum CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote attacke ...) NOT-FOR-US: FilZip CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlie ...) NOT-FOR-US: i.List CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...) NOT-FOR-US: i.List CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...) NOT-FOR-US: KAPhotoservice CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...) NOT-FOR-US: OfficeFlow CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...) NOT-FOR-US: OfficeFlow CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...) NOT-FOR-US: NPDS CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dyna ...) NOT-FOR-US: NPDS CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attack ...) NOT-FOR-US: NPDS CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root wi ...) NOT-FOR-US: A-CART CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...) NOT-FOR-US: Dmx Forum CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with insuffi ...) NOT-FOR-US: Dmx Forum CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...) - dokuwiki 0.0.20060309-4 (bug #373689; low) CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier all ...) NOT-FOR-US: FORM2MAIL CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...) NOT-FOR-US: WebFORM CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ad ...) - twiki (Debian's version is old and does not include affected file) CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of s ...) - mailman (Mailman uses the system version of the affected Python lib) CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...) {DSA-1195-1 DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 - openssl096 CVE-2006-2939 REJECTED CVE-2006-2938 REJECTED CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote atta ...) {DSA-1185-2} - openssl 0.9.8c-2 (bug #389940) - openssl097 0.9.7k-2 - openssl096 CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up t ...) {DSA-1184-2} - linux-2.6 2.6.17-5 (low) CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in drivers/cdrom/cd ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.17-5 (low) CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kern ...) - linux-2.6 2.6.17-3 CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterpri ...) [sarge] - kdebase (Only KDE < 3.2 vulnerable) - kdebase 3.5.2-1 (medium) NOTE: exact fixed version not known, however bug only affects < 3.2 CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split sup ...) - linux-2.6 (vulnerable code not present) CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image ...) NOT-FOR-US: CMS Mundo CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engin ...) NOT-FOR-US: Sun CVE-2006-2929 (PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_ ...) NOT-FOR-US: OpenEMR CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...) NOT-FOR-US: CMS-Bandits CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in Cod ...) NOT-FOR-US: CAForum CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6. ...) NOT-FOR-US: Qbik CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in Ingat ...) NOT-FOR-US: Ingate CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4. ...) NOT-FOR-US: Ingate CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as use ...) - iaxclient 0.0+svn20060520-2 CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2. ...) NOT-FOR-US: MiraksGalerie CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in Cla ...) NOT-FOR-US: CMPro CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote att ...) - sylpheed 2.2.6-1 (low) [sarge] - sylpheed (Minor evasion of phishing protection feature) - sylpheed-gtk1 1.0.6-3 (bug #373187; low) - sylpheed-claws 1.0.5-3 (bug #372891; low) [sarge] - sylpheed-claws (Minor evasion of phishing protection feature) - sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low) CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote a ...) NOT-FOR-US: Microsoft CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores th ...) NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate 6.1.2. ...) NOT-FOR-US: WinGate CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...) - arts 1.5.3-2 (bug #374003; low) [sarge] - arts (Not setuid root in Debian) NOTE: artswrapper is not suid root by default, but README.Debian describes it CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote a ...) NOT-FOR-US: DeluxeBB CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...) NOT-FOR-US: DeluxeBB CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows rem ...) NOT-FOR-US: SelectaPix CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...) NOT-FOR-US: SelectaPix CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo bef ...) NOT-FOR-US: CMS Mundo CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ver ...) NOT-FOR-US: jetAudio CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension (zipinfo.d ...) NOT-FOR-US: PicoZip CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard (My ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2907 RESERVED CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...) {DSA-1117} - libgd2 2.0.33-5 (bug #372912; low) - tetex-bin (Links dynamically, see #382506) CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Partial Links CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...) NOT-FOR-US: Partial Links CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle Link ...) NOT-FOR-US: Partial Links CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...) NOT-FOR-US: Partial Links CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...) NOT-FOR-US: D-Link CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read arbi ...) NOT-FOR-US: Microsoft CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before 2006 ...) NOT-FOR-US: ESTsoft InternetDISK CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 an ...) {DSA-1126} - asterisk 1:1.2.10.dfsg-2 (bug #380054) - iax 0.2.2-5 [sarge] - iax (Vulnerable code not present) - iaxmodem 0.1.8.dfsg-2 CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remo ...) NOT-FOR-US: Funkboard CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change arbi ...) NOT-FOR-US: Funkboard CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to vers ...) - mediawiki (Affects only 1.6.0-1.6.6) CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, M ...) {DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8 - xulrunner 1.8.1.9-1 - iceape 1.1.5 CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full p ...) NOT-FOR-US: GANTTy CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...) NOT-FOR-US: GANTTy CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelp ...) NOT-FOR-US: Pixelpost CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allo ...) NOT-FOR-US: Pixelpost CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc ...) NOT-FOR-US: Pixelpost CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...) NOT-FOR-US: Wikiwig CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earli ...) NOT-FOR-US: myNewsletter CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...) - knowledgetree (bug #373137; low) CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree O ...) - knowledgetree (bug #373137; low) CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remot ...) NOT-FOR-US: Kmita CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1. ...) NOT-FOR-US: Kmita CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPS ...) NOT-FOR-US: ASPScriptz CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...) NOT-FOR-US: DreamAccount CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages f ...) NOT-FOR-US: pyblosxom package doesn't ship plugins CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine 1. ...) NOT-FOR-US: Alex News-Engine CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier a ...) - dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high) CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlie ...) NOT-FOR-US: Bookmark4U CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...) NOT-FOR-US: PHP Pro Publish CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...) - tremulous 1.1.0-6 (bug #660827) [squeeze] - tremulous 1.1.0-7~squeeze1 - ioquake3 1.36+svn1788j-1 CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has un ...) NOT-FOR-US: OSADS CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4 ...) NOT-FOR-US: Enigma Haber CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 a ...) NOT-FOR-US: Rumble CVE-2006-2871 NOT-FOR-US: CyBoards CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in Intell ...) NOT-FOR-US: Intelligent Solutions Inc. CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...) NOT-FOR-US: Avast CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...) NOT-FOR-US: Claroline CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta an ...) NOT-FOR-US: CoolForum CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in DotCl ...) NOT-FOR-US: DotClear CVE-2006-2865 NOTE: phpbb2, but invalid CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framew ...) NOT-FOR-US: BlueShoes CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in C ...) NOT-FOR-US: CS-Cart CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...) NOT-FOR-US: Particle Gallery CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ea ...) NOT-FOR-US: Particle Wiki CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allow ...) NOT-FOR-US: Webspotblogging CVE-2006-2859 NOT-FOR-US: MyBloggie CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1 ...) NOT-FOR-US: LocazoList CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows remo ...) NOT-FOR-US: LifeType CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib d ...) NOT-FOR-US: ActiveState CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...) NOT-FOR-US: xueBook CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...) NOT-FOR-US: iBWd CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal 5. ...) NOT-FOR-US: abarcar CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ear ...) NOT-FOR-US: dotWidget CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject 2. ...) NOT-FOR-US: dotProject CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP L ...) NOT-FOR-US: LabWiki CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...) NOT-FOR-US: Bytehoard CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the adm ...) NOT-FOR-US: aspWebLinks CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows rem ...) NOT-FOR-US: aspWebLinks CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Po ...) NOT-FOR-US: VisionGate CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...) NOT-FOR-US: Redaxo CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...) NOT-FOR-US: Redaxo CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...) NOT-FOR-US: Redaxo CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...) NOT-FOR-US: AssoCIateD CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "u ...) NOT-FOR-US: PmWiki CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module (PGProbl ...) NOT-FOR-US: WeBWorK CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for Microsof ...) NOT-FOR-US: F-Secure CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book a ...) NOT-FOR-US: Techno Dreams CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies L ...) NOT-FOR-US: Pineapple Technologies Lore CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...) NOT-FOR-US: saphplesson CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in gnop ...) NOT-FOR-US: gnopaste CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ...) {DSA-1125} - drupal 4.5.8-1.1 (medium) CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module (upload. ...) {DSA-1125} - drupal 4.5.8-1.1 (medium) CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ...) {DSA-1125} NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1) NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which NOTE: fixes CVE-2006-2831. - drupal 4.5.8-1.1 (medium) CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...) NOT-FOR-US: TIBCO CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4 ...) NOT-FOR-US: TIBCO CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote atta ...) NOT-FOR-US: PHP-Nuke CVE-2006-2827 NOT-FOR-US: X-Cart CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLi ...) NOT-FOR-US: PHPLIB CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir configu ...) NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...) NOT-FOR-US: Logicalware CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive in ...) NOT-FOR-US: ashopKart CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeA ...) NOT-FOR-US: cforum CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pr ...) NOT-FOR-US: DeltaScripts CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog O ...) NOT-FOR-US: HotWebScripts CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Iglo ...) NOT-FOR-US: Barnraiser Igloo CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...) NOT-FOR-US: Cameron McKay Informium CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...) NOT-FOR-US: tekno.Portal CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in co ...) NOT-FOR-US: CoolPHP CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Fac ...) NOT-FOR-US: SimpleBoard CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions i ...) NOT-FOR-US: iShopCart CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart allow ...) NOT-FOR-US: iShopCart CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Do ...) NOT-FOR-US: PICRATE CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidenti ...) NOT-FOR-US: Ovidentia CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundr ...) NOT-FOR-US: Belchior vCard CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar ...) NOT-FOR-US: ar-blog CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR gues ...) NOT-FOR-US: Lycos CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to chan ...) NOT-FOR-US: ASPwebSoft CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache Jame ...) NOT-FOR-US: Apache James CVE-2006-2842 - squirrelmail 2:1.4.7-1 (unimportant; bug #373731) NOTE: Only exploitable with register_globals enabled CVE-2006-XXXX [webalizer: symlink vulnerability] - webalizer 2.01.10-29 (low; bug #359745) [sarge] - webalizer (Minor issue) NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote attacker ...) NOT-FOR-US: vBulletin CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intellig ...) NOT-FOR-US: Goss iCM CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...) NOT-FOR-US: PHP ManualMaker CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...) {DSA-1105} - xine-lib 1.1.1-2 (bug #369876; medium) CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...) NOT-FOR-US: Unak CMS CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC ...) NOT-FOR-US: Unak CMS CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in toen ...) NOT-FOR-US: toendaCMS CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCal ...) NOT-FOR-US: phpCommunityCalendar CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 a ...) NOT-FOR-US: phpCommunityCalendar CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1 ...) NOT-FOR-US: Captivate gallery.php CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking S ...) NOT-FOR-US: XiTi Tracking Script CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to rea ...) NOT-FOR-US: ASPSitem CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier a ...) NOT-FOR-US: ASPSitem CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...) NOT-FOR-US: wbboard CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and p ...) NOT-FOR-US: iBoutique.MALL CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment (S ...) NOT-FOR-US: Sun StorADE CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if s ...) - evolution 2.4.0-1 (low) [sarge] - evolution (Not reproducible on Sarge's evolution) NOTE: Verified that the patch has been applied in 2.4.0-1, NOTE: may have been fixed earlier. CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...) {DSA-1210 DSA-1192-1 DSA-1191-1} - mozilla (high) - firefox 1.5.dfsg+1.5.0.4 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-31 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - thunderbird 1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-33 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - thunderbird 1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5 ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-34 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-36 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - mozilla (medium) - xulrunner 1.8.0.4-1 (medium) CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-42 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - thunderbird 1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) - webkit 1.0.1-1 (bug #535793) NOTE: http://trac.webkit.org/changeset/33380 - qt4-x11 4:4.6.2-4 (low; bug #561760) [lenny] - qt4-x11 (Minor impact, no apps in Lenny which use qtwebkit ) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected - kdelibs (bug #561765) CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1 ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-41 - firefox 1.5.dfsg+1.5.0.4-1 (medium) - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...) {DSA-1134-1 DSA-1118} NOTE: MFSA-2006-40 - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-32 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...) {DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-32 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-38 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMon ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-43 - firefox 1.5.dfsg+1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-37 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-35 - firefox 1.5.dfsg+1.5.0.4-1 (high) - thunderbird 1.5.0.4-1 (high) - mozilla 2:1.7.13-0.3 (high) - xulrunner 1.8.0.4-1 (high) CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne C ...) NOT-FOR-US: QontentOne CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...) NOT-FOR-US: Hogstorps CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogst ...) NOT-FOR-US: Hogstorps CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not v ...) NOT-FOR-US: Hogstorps CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 an ...) NOT-FOR-US: pppBLOG CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2. ...) - snort 2.3.3-8 (low; bug #381726) [sarge] - snort (Minor impact) CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when register ...) NOT-FOR-US: METAjour CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when registe ...) NOT-FOR-US: Ottoman CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in In ...) NOT-FOR-US: Interlink CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows rem ...) NOT-FOR-US: GuestbookXL CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote atta ...) NOT-FOR-US: Pre News Manager CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in WebC ...) {DSA-1096-1} - webcalendar 1.0.4-1 (medium) CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITS ...) NOT-FOR-US: Hitachi CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...) NOT-FOR-US: 4nForum CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...) - jetty (vulnerable code not in Debian version) CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allow ...) - jetty (vulnerable code not in Debian version) CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...) NOT-FOR-US: Chipmunk guestbook CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Eitsop CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5. ...) NOT-FOR-US: UBBThreads CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3. ...) - openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant) NOTE: File is only written and read by slurpd, only editable by root CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...) NOT-FOR-US: RedCarpet CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image Cata ...) NOT-FOR-US: OSIC CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query functio ...) NOT-FOR-US: OSIC CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image Cat ...) NOT-FOR-US: OSIC CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...) NOT-FOR-US: OSIC CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...) NOT-FOR-US: PhpMyDesktop CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interact ...) NOT-FOR-US: F@cile CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile Interacti ...) NOT-FOR-US: F@cile CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in F@cil ...) NOT-FOR-US: F@cile CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_m ...) {DSA-1125} - drupal 4.5.8-1.1 (bug #368835; medium) CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 all ...) {DSA-1125} - drupal 4.5.8-1.1 (medium) CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 all ...) NOT-FOR-US: tinyBB CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...) NOT-FOR-US: tinyBB CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...) NOT-FOR-US: tinyBB CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a stati ...) NOT-FOR-US: Open-Xchange CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote atta ...) NOT-FOR-US: Nukedit CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...) NOT-FOR-US: Blend Portal CVE-2006-2735 (PHP remote file inclusion vulnerability in language/lang_english/lang_ ...) NOT-FOR-US: Amod CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote atta ...) NOT-FOR-US: Mini-Nuke CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security co ...) NOT-FOR-US: Mini-Nuke CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and e ...) NOT-FOR-US: Mini-Nuke CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...) NOT-FOR-US: Enigma Haber CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php i ...) NOT-FOR-US: Hot Open Tickets CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in Ph ...) NOT-FOR-US: Photoalbum CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in Ph ...) NOT-FOR-US: Photoalbum CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to cha ...) NOT-FOR-US: Eggblog CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d all ...) NOT-FOR-US: Fastpublish CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 al ...) NOT-FOR-US: Eggblog CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...) NOT-FOR-US: PunBB CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to caus ...) - firefox 45.0-1 (unimportant) - firefox-esr 45.0esr-1 (unimportant) - iceweasel (unimportant) - mozilla (unimportant) - mozilla-firefox (unimportant) - xulrunner (unimportant) NOTE: Non-issue CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...) NOT-FOR-US: SelectaPix CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allow ...) NOT-FOR-US: VARIOMAT CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote atta ...) NOT-FOR-US: VARIOMAT CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...) NOT-FOR-US: JIWA CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's usernam ...) NOT-FOR-US: JIWA CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and se ...) NOT-FOR-US: C5 EVM CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ha ...) NOT-FOR-US: C5 EVM CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...) NOT-FOR-US: C5 EVM CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...) NOT-FOR-US: C5 EVM CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...) NOT-FOR-US: C5 EVM CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8. ...) NOT-FOR-US: C5 EVM CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possib ...) NOT-FOR-US: C5 EVM CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same in ...) NOT-FOR-US: C5 EVM CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...) NOT-FOR-US: C5 EVM CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows re ...) NOT-FOR-US: C5 EVM CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...) NOT-FOR-US: C5 EVM CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows re ...) NOT-FOR-US: C5 EVM CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows re ...) NOT-FOR-US: C5 EVM CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8. ...) NOT-FOR-US: C5 EVM CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL certificat ...) NOT-FOR-US: RedCarpet CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...) - wordpress 2.0.3-1 (bug #369014; medium) CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows rem ...) NOT-FOR-US: Geeklog CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...) NOT-FOR-US: Geeklog CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1. ...) NOT-FOR-US: Geeklog CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ful ...) NOT-FOR-US: Geeklog CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allo ...) NOT-FOR-US: Easy-Content CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...) NOT-FOR-US: Easy-Content CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...) NOT-FOR-US: DGNews CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.1 ...) NOT-FOR-US: EzUpload CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in Niv ...) NOT-FOR-US: Nivisec CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1. ...) - amule 2.1.2-1 (medium) CVE-2006-2691 (Unspecified "information leakage" vulnerabilities in aMuleWeb for AMul ...) - amule 2.1.2-1 (medium) CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php ...) NOT-FOR-US: EVA-Web CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 a ...) NOT-FOR-US: EVA-Web CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...) NOT-FOR-US: Achievo CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Me ...) NOT-FOR-US: AGTC CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow re ...) NOT-FOR-US: ActionApps CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...) - acidbase 1.2.5-1 (bug #370576; low) CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS M ...) NOT-FOR-US: Mundo CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...) NOT-FOR-US: open-medium CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End C ...) NOT-FOR-US: Back-End CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2 ...) NOT-FOR-US: SocketMail CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Albu ...) NOT-FOR-US: AZ Photo Album CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...) NOT-FOR-US: Cisco CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manage ...) NOT-FOR-US: Pre News Manager CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc configurait ...) NOT-FOR-US: SiteScape Forum CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earl ...) NOT-FOR-US: SiteScape Forum CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...) NOT-FOR-US: UBBThreads CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earl ...) NOT-FOR-US: Tamber Forum CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin Bo ...) NOT-FOR-US: Elite-Board CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...) NOT-FOR-US: Realty Pro One CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...) NOT-FOR-US: ChatPat CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 all ...) NOT-FOR-US: ChatPat CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Ma ...) NOT-FOR-US: Pre Shopping Mall CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...) NOT-FOR-US: Docebo LMS CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and earl ...) - wordpress 2.0.3-1 (bug #369014; medium) CVE-2006-2666 (PHP remote file inclusion vulnerability in includes/mailaccess/pop3.ph ...) NOT-FOR-US: V-Webmail CVE-2006-2665 (PHP remote file inclusion vulnerability in includes/mailaccess/pop3/co ...) NOT-FOR-US: V-Webmail CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote a ...) NOT-FOR-US: iFdate CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 all ...) NOT-FOR-US: iFlance CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory a ...) NOT-FOR-US: VMware Server CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a den ...) {DSA-1095-1} - freetype 2.2.1-1 (medium) CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...) - php4 4:4.4.4-1 (unimportant) - php5 5.1.6-1 (unimportant) NOTE: using a long enough path (>MAXPATHLEN) allows you to have NOTE: tempnam create a file without the temp extension. sounds like NOTE: another shoot yourself in the foot issue, since the local user NOTE: could just as easily create the file manually, and if the NOTE: tempnam function is taking unsanitized input, it's an NOTE: application error CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...) - xsp 1.1.15-1 CVE-2006-2657 REJECTED CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally dis ...) NOT-FOR-US: build process for ypserv in FreeBSD CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...) NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE) CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Li ...) NOT-FOR-US: D-Link CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier a ...) NOT-FOR-US: WikiNi CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation Rent ...) NOT-FOR-US: Vacation Rental Script CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in CosmicShopping ...) NOT-FOR-US: CosmicShoppingCart CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...) NOT-FOR-US: CosmicShoppingCart CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ASP ...) NOT-FOR-US: ASPBB CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5 ...) NOT-FOR-US: IBM AIX CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows r ...) NOT-FOR-US: Alt-N MDaemon CVE-2006-2645 (PHP remote file inclusion vulnerability in manager/frontinc/prepend.ph ...) NOT-FOR-US: Plume CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...) {DSA-1075-1} - awstats 6.5-2 (bug #365910) CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb] - mkvtoolnix 1.7.0-2 (bug #370144; low) CVE-2006-XXXX ['Cache' shell injection vulnerability] - wordpress 2.0.3-1 (high; bug #369014) CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x bef ...) {DSA-1092-1} - mysql-dfsg (Vulnerable code was introduced in 4.1, see #369741) - mysql (Vulnerable code was introduced in 4.1, see #369754) - mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium) - mysql-dfsg-4.1 (bug #369754; medium) CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...) {DSA-1101} - courier 0.53.2-1 (bug #368834) CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...) {DSA-1091-1} - tiff 3.8.2-3 (bug #369819; low) - tiff3 (fixed prior to initial upload) CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top L ...) NOT-FOR-US: Monster Top List CVE-2006-2642 NOT-FOR-US: Php-residence CVE-2006-2641 NOT-FOR-US: John Frank Asset Manager CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (ak ...) NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in prattmi ...) NOT-FOR-US: PHPSimpleChoose CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote att ...) NOT-FOR-US: qjForum CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) M ...) NOT-FOR-US: TuttoPhp CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to b ...) NOT-FOR-US: Katy Whitton NewsCMSLite CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka T ...) - tikiwiki 1.9.4-1 (medium) CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ( ...) NOT-FOR-US: Neocrome Seditio CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...) NOT-FOR-US: Andrew Godwin ByteHoard CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2. ...) NOT-FOR-US: Andrew Godwin ByteHoard CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...) NOT-FOR-US: phpFoX CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Secu ...) NOT-FOR-US: Symantec CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP p ...) - linux-2.6 2.6.18-1 (low) CVE-2006-2628 RESERVED CVE-2006-2627 RESERVED CVE-2006-2626 RESERVED CVE-2006-2625 RESERVED CVE-2006-2624 RESERVED CVE-2006-2623 RESERVED CVE-2006-2622 RESERVED CVE-2006-2621 RESERVED CVE-2006-2620 RESERVED CVE-2006-2619 RESERVED CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Di ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Direc ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...) NOT-FOR-US: Russcom.Ping CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 record ...) NOT-FOR-US: Sun Solaris CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versi ...) NOTE: Installation path disclosure is uninteresting on Debian systems. NOTE: The profile path might be more sensitive, but exploit that NOTE: requires another, real security bug. CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...) NOT-FOR-US: Novell Client for Windows NOTE: The Windows clipboard is a public resource anyway. CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...) - mediawiki1.7 (Fixed in 1.7 prior to release) - mediawiki1.5 CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...) NOT-FOR-US: phpRaid CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when register_g ...) NOT-FOR-US: artmedic newsletter CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when register_glo ...) NOT-FOR-US: artmedic newsletter CVE-2006-XXXX [mono xsp file disclosure] - xsp 1.1.15-1 (medium) CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...) - cron 3.0pl1-64 (bug #85609; bug #86775; medium) CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...) NOT-FOR-US: Chatty CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier all ...) NOT-FOR-US: DSChat CVE-2006-2604 REJECTED CVE-2006-2603 REJECTED CVE-2006-2602 REJECTED CVE-2006-2601 REJECTED CVE-2006-2600 REJECTED CVE-2006-2599 REJECTED CVE-2006-2598 REJECTED CVE-2006-2597 REJECTED CVE-2006-2596 REJECTED CVE-2006-2595 REJECTED CVE-2006-2594 REJECTED CVE-2006-2593 REJECTED CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to exe ...) NOT-FOR-US: DSChat CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...) NOT-FOR-US: e107 CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote attacke ...) NOT-FOR-US: e107 CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...) NOT-FOR-US: Russcom PHPImages CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...) NOT-FOR-US: WebTool HTTP server CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier a ...) NOT-FOR-US: IpLogger CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows remo ...) NOT-FOR-US: Destiney Links Script CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Sky ...) NOT-FOR-US: SkyeBox CVE-2006-2583 (PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.ph ...) NOT-FOR-US: Nucleus CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attack ...) NOT-FOR-US: RWiki CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1. ...) NOT-FOR-US: RWiki CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node Manag ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 an ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is en ...) NOT-FOR-US: eSyndicat Directory CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) NOT-FOR-US: Docebo CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) NOT-FOR-US: Docebo CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earl ...) - netpanzer 0.8+svn20060319-2 (bug #370146; low) [sarge] - netpanzer (Minor DoS against a game) CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...) NOT-FOR-US: Software Distributor in HP-UX CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with magic_quo ...) NOT-FOR-US: DGBook CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 al ...) NOT-FOR-US: DGBook CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon Ope ...) NOT-FOR-US: Alkacon OpenCms CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 all ...) NOT-FOR-US: CaLogic Calendars CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ea ...) NOT-FOR-US: Linklist CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB. ...) NOT-FOR-US: UBB.threads CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in Alst ...) NOT-FOR-US: Alstrasoft Article Manager Pro CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain s ...) NOT-FOR-US: Alstrasoft Article Manager Pro CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allo ...) NOT-FOR-US: Alstrasoft Article Manager Pro CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Al ...) NOT-FOR-US: Alstrasoft Article Manager Pro CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...) - php4 4:4.4.4-1 (bug #370166; unimportant) - php5 5.1.6-1 (bug #370165; unimportant) NOTE: Safe mode violations are not supported CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access restrict ...) NOT-FOR-US: ZyXEL P-335WT router CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access restri ...) NOT-FOR-US: Edimax BR-6104K router CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...) NOT-FOR-US: Sitecom WL-153 router CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...) NOT-FOR-US: Linksys WRT54G router CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier a ...) NOT-FOR-US: IpLogger CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in Flo ...) NOT-FOR-US: Newsportal CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...) - newsportal (bug #149069) NOTE: RFP #149069 closed after no activity since too long time CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote at ...) NOT-FOR-US: Genecys CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys 0. ...) NOT-FOR-US: Genecys CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...) NOT-FOR-US: DownloadControl CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensi ...) NOT-FOR-US: DownloadControl CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...) NOT-FOR-US: HP-UX CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary cod ...) NOT-FOR-US: perlpodder CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool be ...) NOT-FOR-US: PDF Form Filling and Flattening Tool CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...) NOT-FOR-US: prodder/perlpodder CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix b ...) NOT-FOR-US: Sap CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server 8 ...) NOT-FOR-US: BEA CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...) NOT-FOR-US: Xtreme Topsites CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ma ...) NOT-FOR-US: Xtreme Topsites CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors an ...) NOT-FOR-US: Xtreme Topsites CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...) {DSA-1086-1} - xmcd 2.6-17.2 (bug #366816; medium) CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows re ...) NOT-FOR-US: Zixforum CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive in ...) NOT-FOR-US: Diesel CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...) NOT-FOR-US: Sybase CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-ass ...) NOT-FOR-US: Windows-only Firefox plugin CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earli ...) NOT-FOR-US: *BOR CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1. ...) NOT-FOR-US: Destiney CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ob ...) NOT-FOR-US: Destiney CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...) NOT-FOR-US: Destiney CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...) NOT-FOR-US: Destiney CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote attacker ...) NOT-FOR-US: Destiney CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity v ...) NOT-FOR-US: Ipswitch CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...) NOT-FOR-US: Snitz mod CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...) - knowledgeroot (fixed before first upload; see bug #381912) CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in php ...) NOT-FOR-US: phpBazar CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...) NOT-FOR-US: phpBazar CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy Galer ...) NOT-FOR-US: PHP Easy Galerie CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...) NOT-FOR-US: UseBB CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...) NOT-FOR-US: UseBB CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro 2. ...) NOT-FOR-US: phpListPro CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users ...) NOT-FOR-US: Dayfox CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...) NOT-FOR-US: phpMyDirectory CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...) NOT-FOR-US: BitZipper CVE-2006-2519 (Directory traversal vulnerability in include/inc_ext/spaw/spaw_control ...) NOT-FOR-US: phpwcms CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows r ...) NOT-FOR-US: phpwcms CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...) NOT-FOR-US: MyWeb CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is e ...) NOT-FOR-US: XOOPS CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestboo ...) NOT-FOR-US: Hiox CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with mod_mim ...) NOT-FOR-US: Coppermine CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java Syst ...) NOT-FOR-US: Sun CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR V ...) NOT-FOR-US: Hitachi CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated us ...) NOT-FOR-US: FrontRange CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...) NOT-FOR-US: YourFreeWorld.com CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short Ur ...) NOT-FOR-US: YourFreeWorld.com CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Te ...) NOT-FOR-US: YourFreeWorld.com CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foin ...) NOT-FOR-US: phpbb2 mod CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in S ...) NOT-FOR-US: Sphider CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute arb ...) NOT-FOR-US: Oracle CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...) NOT-FOR-US: AZBOARD CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...) NOT-FOR-US: DeluxeBB CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3. ...) - cyrus-imapd-2.2 (Vulnerable code not present) CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...) NOT-FOR-US: Sun CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalan ...) NOT-FOR-US: CodeAvalanche News CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News (CANe ...) NOT-FOR-US: CodeAvalanche News CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to exe ...) NOT-FOR-US: Invision CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 all ...) NOT-FOR-US: AspBB CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...) NOT-FOR-US: Novell CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager i ...) - serendipity 1.0-1 CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote attack ...) NOT-FOR-US: IntelliTampe CVE-2006-2493 REJECTED CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, O ...) NOT-FOR-US: Microsoft CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/ ...) NOT-FOR-US: BoastMachine CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Netw ...) NOT-FOR-US: Mobotix CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x bef ...) {DSA-1072-1} - nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high) - nagios2 2.3-1 (bug #366683; bug #368199; high) CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (W ...) NOT-FOR-US: Spymac CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 a ...) NOT-FOR-US: ScozNews CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...) NOT-FOR-US: YapBB CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...) NOT-FOR-US: Quezza CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebM ...) NOT-FOR-US: IceWarp CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in Squirre ...) NOT-FOR-US: Squirrelcart CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for De ...) NOT-FOR-US: ZipTV CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stor ...) NOT-FOR-US: VMware ESX CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted attackers ...) - dia 0.95.0-4 (bug #368202; low) [sarge] - dia (Hardly exploitable, would require obviously malformed file names) CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) NOT-FOR-US: Bitrix CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) NOT-FOR-US: Bitrix CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...) NOT-FOR-US: Bitrix CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ro ...) NOT-FOR-US: Bitrix CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) be ...) NOT-FOR-US: Cosmoshop CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ear ...) NOT-FOR-US: Cosmoshop CVE-2006-2473 NOT-FOR-US: OpenWiki CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 thro ...) NOT-FOR-US: BEA CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 t ...) NOT-FOR-US: BEA CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration Consol ...) NOT-FOR-US: BEA CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...) NOT-FOR-US: BEA CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...) NOT-FOR-US: BEA CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 di ...) NOT-FOR-US: BEA CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote atta ...) NOT-FOR-US: BEA CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) - mp3info 0.8.4-9.1 (bug #368207; low) [sarge] - mp3info (Hardly exploitable) CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7 ...) NOT-FOR-US: BEA CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) NOT-FOR-US: SelectaPix CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service P ...) NOT-FOR-US: BEA CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set th ...) NOT-FOR-US: BEA CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_glob ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...) NOT-FOR-US: PHP-Fusion CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlie ...) {DSA-1081-1} - libextractor 0.5.14-1 CVE-2006-2457 RESERVED CVE-2006-2456 RESERVED CVE-2006-2455 RESERVED CVE-2006-2454 RESERVED CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have unspeci ...) - dia 0.95.0-4 (bug #368202; medium) [sarge] - dia (Hardly exploitable, would require obviously malformed file names) CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature i ...) - gdm 2.16.1-1 (bug #375281; medium) [sarge] - gdm (Vulnerable code has only been introduced with 2.8) CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...) - linux-2.6 2.6.17-3 (high) CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authent ...) - libvncserver 0.8.2-1 (high; bug #376824) CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...) {DSA-1156} - kdebase 4:3.5.2-2 (bug #374002; medium) CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, doe ...) - linux-2.6 2.6.16-15 CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...) {DSA-1090-1} - spamassassin 3.1.3-1 (medium) CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.16-1 NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the NOTE: patch is included there CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.2 ...) - linux-2.6 2.6.16-15 CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.16-15 CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...) {DSA-1062-1} - kphone 1:4.2-3 (bug #337830; medium) CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assi ...) NOT-FOR-US: ZipCentral CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the docum ...) NOT-FOR-US: Caucho CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for Cauc ...) NOT-FOR-US: Caucho CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) sto ...) NOT-FOR-US: IBM CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 an ...) NOT-FOR-US: IBM CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulativ ...) NOT-FOR-US: IBM CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6 ...) NOT-FOR-US: IBM CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...) NOT-FOR-US: IBM CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server Er ...) NOT-FOR-US: IBM CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...) NOT-FOR-US: IBM CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6 ...) NOT-FOR-US: IBM CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbi ...) NOT-FOR-US: Duware CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h a ...) - clamav (clamav-freshclam doesn't ship freshclam setuid or setgid) CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 an ...) {DSA-1769-1} - sun-java5 1.5.0-10-1 (bug #384734) - sun-java6 6-13-1 (bug #521414) [lenny] - sun-java6 (Non-free not supported) - openjdk-6 6b14-1.5~pre1-3 (bug #566766) CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpR ...) NOT-FOR-US: phpRemoteView CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and earli ...) NOT-FOR-US: ezUserManager CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Conf ...) NOT-FOR-US: Confixx CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...) NOT-FOR-US: phpCOIN CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remo ...) NOT-FOR-US: Pragma CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows r ...) NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it." - bugzilla (unimportant) CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory Lis ...) NOT-FOR-US: Directory Listing Script CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of phpM ...) {DSA-1207-1} - phpmyadmin 4:2.8.1-1 (bug #368082; medium) CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...) - phpmyadmin 4:2.8.1-1 (bug #368082; medium) [sarge] - phpmyadmin (Vulnerable code not present) CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier al ...) NOT-FOR-US: e107 CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 an ...) NOT-FOR-US: FlexChat CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows r ...) {DSA-1080-1} - dovecot 1.0.beta8-1 (low) [sarge] - dovecot (vulnerability introduced in 1.0) CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a den ...) - gnunet 0.7.0e-1 (bug #368159; medium) [sarge] - gnunet (according to maintainer) CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...) NOT-FOR-US: Raydium CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in Raydi ...) NOT-FOR-US: Raydium CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN revi ...) NOT-FOR-US: Raydium CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c i ...) NOT-FOR-US: Raydium CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow rem ...) NOT-FOR-US: Raydium CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Compo ...) NOT-FOR-US: ActiveX component CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassifi ...) NOT-FOR-US: Unclassified NewsBoard CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassi ...) NOT-FOR-US: Unclassified NewsBoard CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...) NOT-FOR-US: RadScripts CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...) - filezilla (fixed before the first Debian upload) CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp fo ...) NOT-FOR-US: Outgun CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ear ...) NOT-FOR-US: Outgun CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ear ...) NOT-FOR-US: Outgun CVE-2006-2399 (Stack-based buffer overflow in the ServerNetworking::incoming_client_d ...) NOT-FOR-US: Outgun CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and earl ...) NOT-FOR-US: GPhotos web gallery CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...) NOT-FOR-US: GPhotos web gallery CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...) NOT-FOR-US: phpODP CVE-2006-2395 (PHP remote file inclusion vulnerability in resources/includes/popp.con ...) NOT-FOR-US: PopPhoto CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helpe ...) NOT-FOR-US: PHP Live Support CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote atta ...) NOT-FOR-US: Debian's 'empire' is a different game CVE-2006-2392 (PHP remote file inclusion vulnerability in public_includes/pub_popup/p ...) NOT-FOR-US: PHP Blue Dragon Platinum CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...) NOT-FOR-US: EMC Retrospect CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remo ...) NOT-FOR-US: OZJournals CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Microsoft CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted attacker ...) NOT-FOR-US: Microsoft CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...) NOT-FOR-US: Microsoft CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier a ...) NOT-FOR-US: Microsoft CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Microsoft CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remo ...) NOT-FOR-US: Microsoft CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Microsoft CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Microsoft CVE-2006-2381 REJECTED CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server du ...) NOT-FOR-US: Microsoft CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...) NOT-FOR-US: Microsoft CVE-2006-2377 REJECTED CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering Eng ...) NOT-FOR-US: Microsoft CVE-2006-2375 REJECTED CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service (RASMA ...) NOT-FOR-US: Microsoft CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in Mic ...) NOT-FOR-US: Microsoft CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink I ...) - vnc4 4.1.1+X4.3.0-10 (high) [sarge] - vnc4 (vuln not in 4.0) CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) NOT-FOR-US: Clansys CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) NOT-FOR-US: Clansys CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r op ...) - libopenobex 1.2-3 (bug #366484) CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allow ...) NOT-FOR-US: Vizra CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...) NOT-FOR-US: Macromedia CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) NOT-FOR-US: Limbo CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software Found ...) - binutils 2.17-1 (low; bug #368237) [sarge] - binutils (Very minor issue) CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in D ...) NOT-FOR-US: phpbb mod CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB a ...) NOT-FOR-US: phpbb mod CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart mo ...) NOT-FOR-US: phpbb mod CVE-2006-2192 RESERVED CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...) NOT-FOR-US: Web Labs CMS CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premi ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2 ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 an ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsU ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsU ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2350 REJECTED CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) NOT-FOR-US: E-Business Designer CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Busin ...) NOT-FOR-US: E-Business Designer CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) NOT-FOR-US: E-Business Designer CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows r ...) - vpopmail (vulnerability introduced in 5.4.14) NOTE: Unable to reach CVS to determine if prior versions are affected NOTE: Micah will return to this one CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAG ...) NOT-FOR-US: AliPAGER CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...) NOT-FOR-US: AliPAGER CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) NOT-FOR-US: ManageEngine OpManager CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...) NOT-FOR-US: Symantec Gateway Security CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMas ...) NOT-FOR-US: PassMasterFlex CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and evoTop ...) NOT-FOR-US: evoTopsites CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain adm ...) NOT-FOR-US: PlaNet CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wir ...) NOT-FOR-US: D-Link CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinB ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...) NOT-FOR-US: vBulletin CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsof ...) NOT-FOR-US: Windows CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of s ...) NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there - firefox 1.5.dfsg+1.5.0.3-2 CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 al ...) NOT-FOR-US: PHP-Fusion CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3. ...) NOT-FOR-US: PHP-Fusion CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensiti ...) NOT-FOR-US: AngelineCMS CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6 ...) NOT-FOR-US: AngelineCMS CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iP ...) NOT-FOR-US: Novell CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info Onli ...) NOT-FOR-US: OnlyScript.info CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.in ...) NOT-FOR-US: OnlyScript.info CVE-2006-2324 (180solutions Zango downloads "required Adware components" without chec ...) NOT-FOR-US: 180solutions CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpLi ...) NOT-FOR-US: SmartISoft CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...) NOT-FOR-US: Cisco CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science I ...) NOT-FOR-US: Ideal Science CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4 ...) NOT-FOR-US: Ideal Science CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...) NOT-FOR-US: Ideal Science CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a an ...) NOT-FOR-US: Ideal Science CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...) NOT-FOR-US: Ideal Science CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33 ...) NOT-FOR-US: Intel Windows software CVE-2006-2315 NOT-FOR-US: ISPConfig CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13 ...) {DSA-1087-1} - postgresql 7.5.4 (medium; bug #368645) - postgresql-7.4 1:7.4.13-1 (medium) - postgresql-8.1 8.1.4-1 (medium) - pygresql 3.8-1.1 (medium) [sarge] - pygresql (Already includes proper quoting) NOTE: Beginning with version 7.5.4, postgresql is a transition NOTE: package which does not contain actual code. That's why NOTE: it's marked as fixed here. (Previous versions are vulnerable.) NOTE: The following packages needed to adapted to cope with the new system: NOTE: psycopg 1.1.21-5 (bug #369230) NOTE: python-pgsql 2.4.0-8 (bug #369250) NOTE: pygresql 1:3.8-1.1 (bug #369239) NOTE: dovecot 1.0.beta8-3 (bug #369359) NOTE: postfix 2.2.10-2 (bug #369349) CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13 ...) {DSA-1087-1} - postgresql 7.5.4 (high; bug #368645) - postgresql-7.4 1:7.4.13-1 (high) - postgresql-8.1 8.1.4-1 (high) NOTE: Beginning with version 7.5.4, postgresql is a transition NOTE: package which does not contain actual code. That's why NOTE: it's marked as fixed here. (Previous versions are vulnerable.) CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...) NOT-FOR-US: Skype CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and Serv ...) NOT-FOR-US: BlueDragon Server and Server JX CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote at ...) NOT-FOR-US: BlueDragon Server and Server JX CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain sen ...) NOT-FOR-US: EServ CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...) NOT-FOR-US: EServ CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2 ...) NOT-FOR-US: Website Baker CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisher ...) NOT-FOR-US: EPublisherPro CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...) NOT-FOR-US: Jadu CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Nove ...) NOT-FOR-US: Novell software for Windows CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 bui ...) NOT-FOR-US: Windows ICQ client CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x allo ...) NOT-FOR-US: DUGallery CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri al ...) NOT-FOR-US: OzzyWork CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote attac ...) NOT-FOR-US: EImagePro CVE-2006-2299 RESERVED CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the libi ...) NOT-FOR-US: Solaris CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System Librar ...) NOT-FOR-US: Microsoft Infotech Storage System CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...) NOT-FOR-US: EDirectoryPro CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...) NOT-FOR-US: Dynamic Galerie CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...) NOT-FOR-US: Dynamic Galerie CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...) NOT-FOR-US: MultiCalendars CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote att ...) NOT-FOR-US: IA-Calendar CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Cal ...) NOT-FOR-US: IA-Calendar CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php i ...) NOT-FOR-US: 2005-Comments-Script CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local user ...) - avahi 0.6.10-1 (medium) CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service (m ...) - avahi 0.6.10-1 (low) CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0 ...) NOT-FOR-US: Vision Source CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in claro_init_globa ...) NOT-FOR-US: Dokeos CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6. ...) NOT-FOR-US: Dokeos CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) NOT-FOR-US: Claroline CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...) NOT-FOR-US: phpRaid CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...) NOT-FOR-US: X7 Chat CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbit ...) NOT-FOR-US: X-Scripts X-Poll CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 Bet ...) NOT-FOR-US: openEngine CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...) NOT-FOR-US: SaphpLesson CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows remo ...) NOT-FOR-US: SaphpLesson CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow context-dependen ...) NOT-FOR-US: Apple Mac OS X CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cau ...) {DSA-1059-1} - quagga 0.99.4-1 (bug #366980; low) CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...) - linux-2.6 2.6.16-13 CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav ...) NOT-FOR-US: Verisign CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows re ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in Jetb ...) NOT-FOR-US: Jetbox CMS CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...) NOT-FOR-US: myWebland MyBloggie CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows r ...) NOT-FOR-US: FlexCustomer CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...) NOT-FOR-US: Kerio WinRoute Firewall CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...) NOT-FOR-US: Chirpy! CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calend ...) NOT-FOR-US: Ocean12 Calendar Manager Pro CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...) NOT-FOR-US: Ocean12 Calendar Manager Pro CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...) NOT-FOR-US: VP-ASP CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9 ...) NOT-FOR-US: singapore CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allow ...) NOT-FOR-US: ACal CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module (projec ...) - drupal (bug #366947) CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows re ...) NOT-FOR-US: MaxxSchedule CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...) NOT-FOR-US: MaxxSchedule CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...) NOT-FOR-US: easyEvent CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...) NOT-FOR-US: EQdkp CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal 1. ...) NOT-FOR-US: Creative Community Portal CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attacke ...) NOT-FOR-US: FileCOPA CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in St ...) NOT-FOR-US: Statit CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allo ...) NOT-FOR-US: OpenFAQ CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in Invi ...) NOT-FOR-US: Invision Community Blog CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: CuteNews CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in C ...) NOT-FOR-US: CuteNews CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...) NOT-FOR-US: Xeneo Web Server CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages dependin ...) {DSA-1056-1} - webcalendar 1.0.2-2.2 (medium; bug #366927) CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition a ...) NOT-FOR-US: UBlog CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...) NOT-FOR-US: Auction mod 1.3m for phpBB CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...) NOT-FOR-US: Web4Future News Portal CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...) NOT-FOR-US: Web4Future News Portal CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service (applic ...) NOT-FOR-US: acFTP CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...) NOT-FOR-US: Fast Click SQL Lite CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in Fuj ...) NOT-FOR-US: Fujitsu NetShelter/FW CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...) NOT-FOR-US: Newsadmin CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) NOT-FOR-US: Apple CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...) {DSA-1058-1} - awstats 6.5-2 (bug #365909; bug #365910; medium) CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Ret ...) - tremulous 1.1.0-6 (bug #660827) [squeeze] - tremulous 1.1.0-7~squeeze1 - ioquake3 1.36+svn1788j-1 CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...) NOT-FOR-US: Simple Poll CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1. ...) NOT-FOR-US: TyroCMS CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51 ...) NOT-FOR-US: BankTown Client Control CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 2 ...) NOT-FOR-US: Scriptsez Cute Guestbook CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...) NOT-FOR-US: Big Webmaster Guestbook Script CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0 ...) {DSA-1093-1} - xine-ui 0.99.4-2 (medium; bug #363370; bug #372172) CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...) - openvpn (unimportant) NOTE: One needs to explicitly set the IP to something else than 127.0.0.1 NOTE: in order to be vulnerable. The man page recommends not to do it. CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4. ...) NOT-FOR-US: Web-Agora CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 a ...) NOT-FOR-US: PunBB CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows re ...) NOT-FOR-US: Easy Personal FTP Server CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...) NOT-FOR-US: Easy Personal FTP Server CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...) {DSA-1059-1} - quagga 0.99.3-2 (bug #365940; medium) CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly impleme ...) {DSA-1059-1} - quagga 0.99.3-2 (bug #365940; medium) CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, al ...) NOT-FOR-US: zawhttpd CVE-2006-2221 (A third-party installer generation tool, possibly BitRock InstallBuild ...) - ejabberd (only binary distribution is affected) CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables u ...) - phpbb2 (unimportant) NOTE: SQL query disclosure CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types befor ...) - phpbb2 (unimportant) NOTE: path disclosure CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Window ...) NOT-FOR-US: MS IE CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board allow ...) NOT-FOR-US: Invision Power Board CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain t ...) NOT-FOR-US: OpenBB CVE-2006-2215 REJECTED CVE-2006-XXXX [cyrus-imapd allows user probes] - cyrus-imapd-2.2 2.2.13-3 - kolab-cyrus-imapd 2.2.13-1 CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier al ...) NOT-FOR-US: 4images CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ( ...) {DSA-1065-1} - hostapd 1:0.5.0-1 (bug #365897; high) CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...) NOT-FOR-US: KarjaSoft Sami FTP Server CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft PhP-Gall ...) NOT-FOR-US: 321soft PhP-Gallery CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-G ...) NOT-FOR-US: 321soft PhP-Gallery CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena paChe ...) NOT-FOR-US: paCheckBook CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...) NOT-FOR-US: paCheckBook CVE-2006-2207 RESERVED CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 us ...) NOT-FOR-US: UltraVNC CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a d ...) NOT-FOR-US: NetBSD kernel CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality (post_ ...) NOT-FOR-US: Invision Power Board CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...) NOT-FOR-US: Kerio MailServer CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allo ...) NOT-FOR-US: Invision Gallery CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager (CAIRI ...) NOT-FOR-US: CA Resource Initialization Manager CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...) - libmms 0.2-7 (bug #374577; medium) - mimms 2.0.0-1 (bug #374577; medium) - xine-lib 1.1.2-2 (bug #374577; unimportant) NOTE: Not exploitable within xine, as alloced buffer are large enough CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...) {DSA-1104} - openoffice.org 2.0.3-1 CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0 ...) {DSA-1104} - openoffice.org 2.0.3-1 CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent att ...) {DSA-1100} - wv2 0.2.2-6 (medium) CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...) {DSA-1102} - pinball 0.3.1-6 CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3. ...) {DSA-1099-1 DSA-1098-1} - horde3 3.1.1-3 CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check th ...) {DSA-1106} - ppp 2.4.4rel-1 (medium) CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in li ...) {DSA-1091-1} - tiff 3.8.2-4 (bug #371064; bug #370355; medium) - tiff3 (fixed prior to initial upload) CVE-2006-2191 - mailman 1:2.1.9-1 (unimportant) NOTE: https://mail.python.org/pipermail/mailman-announce/2006-September/000087.html NOTE: not exploitable CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMai ...) NOT-FOR-US: OpenWebMail CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allow ...) NOT-FOR-US: Servous sBLOG CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 an ...) NOT-FOR-US: CMScout CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...) NOT-FOR-US: zenphoto CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensi ...) NOT-FOR-US: zenphoto CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...) NOT-FOR-US: Novell CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowle ...) NOT-FOR-US: PHPKB Knowledge Base CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running sui ...) NOT-FOR-US: Truecrypt CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2 ...) NOT-FOR-US: albinator CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...) NOT-FOR-US: albinator CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...) NOT-FOR-US: Golden FTP Server Pro CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote atta ...) NOT-FOR-US: CyberBuild CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allo ...) NOT-FOR-US: CyberBuild CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...) NOT-FOR-US: geoBlog CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in PH ...) NOT-FOR-US: PHP Linkliste CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...) NOT-FOR-US: Fast Click CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in admin/server_da ...) NOT-FOR-US: Virtual Hosting Control System (VHCS) CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authentic ...) NOT-FOR-US: FileZilla FTP Server CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...) NOT-FOR-US: Gene6 FTP Server CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execu ...) NOT-FOR-US: WarFTPD CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...) NOT-FOR-US: ArgoSoft FTP Server CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensiti ...) - request-tracker3.4 (file not included in 3.4) CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to by ...) NOT-FOR-US: FileProtection Express CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...) NOT-FOR-US: SloughFlash CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco Un ...) NOT-FOR-US: Cisco CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shoppin ...) NOT-FOR-US: Avactis CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...) NOT-FOR-US: Avactis CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) NOT-FOR-US: Pinnacle CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...) {DSA-1072-1} - nagios 2:1.4-1 (bug #366682; bug #366803; medium) - nagios2 2.3-1 (bug #366683; medium) CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9 ...) NOT-FOR-US: TZipBuilder/Abakt CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ( ...) NOT-FOR-US: Russcom CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp a ...) NOT-FOR-US: Russcom CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus Gue ...) NOT-FOR-US: Stadtaus CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ear ...) NOT-FOR-US: Plogger CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...) NOT-FOR-US: X7 Chat CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...) NOT-FOR-US: EMC Retrospect CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...) NOT-FOR-US: EMC Retrospect CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...) NOT-FOR-US: DirectAdmin CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...) NOT-FOR-US: phpBB Advanced Guestbook CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB TopLis ...) NOT-FOR-US: phpBB TopList CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB TopLi ...) NOT-FOR-US: phpBB TopList CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in Aardv ...) NOT-FOR-US: Aardvark Topsites CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not prop ...) {DSA-1047-1} - resmgr 1.0-4 (low) CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB ...) NOT-FOR-US: HB-NS CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 all ...) NOT-FOR-US: HB-NS CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2 ...) NOT-FOR-US: DMCounter CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0. ...) NOT-FOR-US: TextFileBB CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in L ...) NOT-FOR-US: Limbo CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in Collaborati ...) NOT-FOR-US: Collaborative Portal Server CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 a ...) NOT-FOR-US: OrbitHYIP CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...) NOT-FOR-US: PHP Newsfeed CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...) NOT-FOR-US: NeoMail CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke a ...) NOT-FOR-US: OpenPHPNuke CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote attack ...) NOT-FOR-US: AZNEWS CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...) NOT-FOR-US: Ruperts News CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...) NOT-FOR-US: phpbb2 mod CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...) {DSA-1052-1} - cgiirc 0.5.9-1 (bug #365680; medium) [sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium) CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and e ...) NOT-FOR-US: BoonEx Barracuda CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows remot ...) NOT-FOR-US: DUclassified CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDE ...) NOT-FOR-US: Advanced Poll CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...) NOT-FOR-US: Advanced Poll CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows r ...) NOT-FOR-US: Pro Publish CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...) NOT-FOR-US: Pro Publish CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x al ...) NOT-FOR-US: Blog Mod CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...) NOT-FOR-US: MaxTrade CVE-2006-2125 REJECTED CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...) NOT-FOR-US: SunShop CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in Netw ...) NOT-FOR-US: Network Administration Visualiazed CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allo ...) NOT-FOR-US: CoolMenus CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...) NOT-FOR-US: I-RATER Platinum CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...) {DSA-1078-1} - tiff 3.8.1 (bug #366588; medium) - tiff3 (fixed prior to initial upload) CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...) NOT-FOR-US: Artmedic CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...) NOT-FOR-US: JMK CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote at ...) NOT-FOR-US: Thyme CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...) NOT-FOR-US: planetGallery CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote atta ...) NOT-FOR-US: SWS CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to exe ...) NOT-FOR-US: SWS CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print e ...) NOT-FOR-US: Fuji Xerox Printing Systems CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products i ...) NOT-FOR-US: Fuji Xerox Printing Systems CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x bef ...) {DSA-1060-1} - kernel-patch-vserver 2:2.0.1-4 (low) - linux-2.6 2.6.16-11 (low) CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str functi ...) NOTE: #357204: request for removal - jsboard 2.0.10-2 (bug #368305; low) CVE-2006-2108 (parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers ...) NOT-FOR-US: OCE CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote att ...) NOT-FOR-US: BL4 CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9 ...) - trac 0.9.5-1 (medium) [sarge] - trac (medium) NOTE: http://trac.edgewall.org/changeset/3201 NOTE: http://trac.edgewall.org/changeset/3287 NOTE: the second reference fixes a regression in the first. i *believe* NOTE: that these correctly solve the problem, though we really ought NOTE: to run this by upstream or the reporter. CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 an ...) NOT-FOR-US: Jupiter CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...) NOT-FOR-US: Kamgaing CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows rem ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote attack ...) NOT-FOR-US: PowerISO CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote attacker ...) NOT-FOR-US: WinISO CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows r ...) NOT-FOR-US: Magic ISO CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...) NOT-FOR-US: UltraISO CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...) NOT-FOR-US: Thumbnail AutoIndex CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board (I ...) NOT-FOR-US: Invision CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote attack ...) NOT-FOR-US: LDU CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Phex CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and Windo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attack ...) - libnasl 2.2.8-1 (bug #365898; low) [sarge] - libnasl (Hardly exploitable, see #365898) CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4 ...) NOT-FOR-US: HP CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows rem ...) NOT-FOR-US: Virtual War CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...) NOT-FOR-US: MySmartBB CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MyS ...) NOT-FOR-US: OpenBB CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bul ...) NOT-FOR-US: OpenBB CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...) NOT-FOR-US: Hitachi Groupmax CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx b ...) NOT-FOR-US: juniper SSL-VPN CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in S ...) NOT-FOR-US: SpeedProject Squeez CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...) NOT-FOR-US: FarsiNews CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended attribu ...) - rsync 2.6.8-1 (bug #365614; high) [sarge] - rsync (xattr patch appeared in 2.6.7) [woody] - rsync (xattr patch appeared in 2.6.7) CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in produc ...) - ioquake3 1.36+svn1788j-1 - tremulous 1.1.0-6 (bug #660831) [squeeze] - tremulous 1.1.0-7~squeeze1 CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute arb ...) NOT-FOR-US: Oracle CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky Me ...) NOT-FOR-US: Verosky CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky M ...) NOT-FOR-US: Verosky CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, in ...) NOT-FOR-US: FITELnet CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...) - pdnsd 1.2.4par-0.1 (bug #368268; medium) CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attacker ...) - pdnsd 1.2.4par-0.1 (bug #368268; medium) CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ca ...) [sarge] - mydns 1.0.0-4sarge1 - mydns 1.1.0+pre-3 (medium; bug #348826) CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...) NOT-FOR-US: Juniper Networks JUNOSe CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...) - bind9 1:9.3.3-1 (low) NOTE: Only exploitable by trusted users after TSIG transaction NOTE: https://lists.isc.org/pipermail/bind-users/2011-October/085298.html CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...) NOT-FOR-US: DeleGate CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...) - linux-2.6 2.6.16-8 CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...) NOT-FOR-US: DevBB CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...) - pdns-recursor 3.0.1-1 (medium) CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote attacke ...) NOT-FOR-US: Hitachi JP1 CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...) NOT-FOR-US: MKPortal CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MK ...) NOT-FOR-US: MKPortal CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earli ...) NOT-FOR-US: PHPSurveyor CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 m ...) NOT-FOR-US: Sun CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...) NOT-FOR-US: Leadhound CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...) NOT-FOR-US: Leadhound CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision Po ...) NOT-FOR-US: Invision CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...) NOT-FOR-US: Invision CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...) NOT-FOR-US: Invision CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...) NOT-FOR-US: Avant CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user- ...) NOT-FOR-US: Only on Windows CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...) NOT-FOR-US: Microsoft CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...) NOT-FOR-US: Micrsoft Outlook CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...) NOT-FOR-US: 3Com CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...) NOT-FOR-US: QuickEStore CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant Phot ...) NOT-FOR-US: Verosky CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.p ...) NOT-FOR-US: NextAge CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3. ...) NOT-FOR-US: DCScripts CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts D ...) NOT-FOR-US: DCScripts CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ed ...) NOT-FOR-US: phpWebFTP CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...) NOT-FOR-US: ColdFusion CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics Cartwea ...) NOT-FOR-US: ColdFusion CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...) NOT-FOR-US: IP3 CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default us ...) NOT-FOR-US: IP3 CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local use ...) NOT-FOR-US: IP3 CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that al ...) NOT-FOR-US: Adobe CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitr ...) NOT-FOR-US: PhpWebGallery CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 all ...) NOT-FOR-US: photokorn CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...) NOT-FOR-US: Help Center Live CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier al ...) NOT-FOR-US: ampleShop CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...) NOT-FOR-US: Thwboard CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...) NOT-FOR-US: iOpus CVE-2006-2035 (Websense, when configured to permit access to the dynamic content cate ...) NOT-FOR-US: Websense CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB 0.5. ...) NOT-FOR-US: FlexBB CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ear ...) NOT-FOR-US: Core CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earl ...) NOT-FOR-US: Core CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2. ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2006-2/ NOTE: The first linked commit is the official one for linked in PMASA NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...) NOT-FOR-US: Allied Telesyn CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...) NOT-FOR-US: Simplog CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy As ...) NOT-FOR-US: Simplog CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...) NOT-FOR-US: Pablo Software CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...) {DSA-1054-1} [sarge] - tiff 3.7.2-3sarge1 [woody] - tiff 3.5.5-7woody1 - tiff 3.8.1 - tiff3 (fixed prior to initial upload) CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for li ...) {DSA-1054-1} [sarge] - tiff 3.7.2-3sarge1 [woody] - tiff 3.5.5-7woody1 - tiff 3.8.1 - tiff3 (fixed prior to initial upload) CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow context-depende ...) {DSA-1054-1} [sarge] - tiff 3.7.2-3sarge1 [woody] - tiff 3.5.5-7woody1 - tiff 3.8.1 - tiff3 (fixed prior to initial upload) CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c i ...) NOT-FOR-US: Fenice CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module (rtsp/par ...) NOT-FOR-US: Fenice CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...) NOT-FOR-US: Asterisk@Home CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores ...) NOT-FOR-US: Asterisk@Home CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...) NOT-FOR-US: Apple CVE-2006-XXXX [librsvg2 crash on certain svg files] - librsvg 2.14.3-2 (bug #361653; bug #361540; medium) CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...) NOT-FOR-US: vBulletin CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service (app ...) - dnsmasq 2.30-1 (medium) [sarge] - dnsmasq (Vulnerability was introduced in 2.28) CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0. ...) {DSA-1057-1} - phpldapadmin 0.9.8.3-1 (bug #365313; low) - egroupware 1.2-104.dfsg-1 (bug #365314; low) NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...) NOT-FOR-US: SL_site CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 allow ...) NOT-FOR-US: SL_site CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote a ...) NOT-FOR-US: SL_site CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows remot ...) NOT-FOR-US: Skulltag CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...) NOT-FOR-US: 4images CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...) NOT-FOR-US: Bloggage CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...) NOT-FOR-US: phpMyAgenda CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go P ...) NOT-FOR-US: Built2Go CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...) NOT-FOR-US: Winny CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 bet ...) NOT-FOR-US: IZArc Archiver CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...) NOT-FOR-US: ClanSys CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote att ...) NOT-FOR-US: RI Blog CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...) NOT-FOR-US: Community Architect Guestbook CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...) NOT-FOR-US: MyGamingLadder CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...) NOT-FOR-US: Scry Gallery CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...) NOT-FOR-US: logMethods CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...) NOT-FOR-US: OpenTTD CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of serv ...) NOT-FOR-US: OpenTTD CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware synchroni ...) NOT-FOR-US: Sybase Pylon Anywhere CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Scry Gallery CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 all ...) NOT-FOR-US: Scry Gallery CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier allo ...) NOT-FOR-US: dForum CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, all ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows context-de ...) - php4 (substr_compare does not exist in PHP 4.4.2) - php5 5.1.4-0.1 (bug #365312; medium) CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...) - php4 4:4.4.2-1.1 (bug #365311; unimportant) - php5 5.1.4-0.1 (bug #365312; unimportant) NOTE: This could only be exploited by a malicious, local user, which is an NOTE: unsupported use case CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in Fre ...) {DSA-1050-1} - clamav 0.88.2 [sarge] - clamav 0.84-2.sarge.9 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...) NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 31 ...) NOT-FOR-US: BOMArchiveHelper CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...) NOT-FOR-US: Mac OS X CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier al ...) NOT-FOR-US: Mac OS X CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...) NOT-FOR-US: Mac OS X CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...) NOT-FOR-US: Mac OS X CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...) NOT-FOR-US: W2B Online Banking CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web M ...) NOT-FOR-US: Manic Web MWGuest CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earli ...) NOT-FOR-US: FlexBB CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earl ...) NOT-FOR-US: FlexBB CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote att ...) {DSA-1055-1 DSA-1053-1} - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high) - mozilla (high) [sarge] - mozilla-thunderbird (Not directly exploitable in Thunderbird) CVE-2006-XXXX [typo3 mailforms can be abused to send spam] - typo3-src 4.0.2-1 (bug #364350) CVE-2006-XXXX [moinmoin XSS] - moin 1.5.3-1 CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer R ...) NOT-FOR-US: Prayer Request Board CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...) NOT-FOR-US: PHP-Gastebuch CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) bef ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router all ...) NOT-FOR-US: Linksys router CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...) NOT-FOR-US: EasyGallery CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM Con ...) NOT-FOR-US: KRANKIKOM ContentBoxX CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...) NOT-FOR-US: KCScripts Classifieds CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an un ...) NOT-FOR-US: KCScripts CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCSc ...) NOT-FOR-US: KCScripts CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KC ...) NOT-FOR-US: KCScripts CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote at ...) NOT-FOR-US: Fortinet CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net ...) NOT-FOR-US: Net Clubs Pro CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earli ...) NOT-FOR-US: ASPSitem CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and ...) NOT-FOR-US: PCPIN Chat CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows rem ...) NOT-FOR-US: PCPIN Chat CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express ...) NOT-FOR-US: Cisco CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user int ...) NOT-FOR-US: Cisco CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...) NOT-FOR-US: ActualScripts ActualAnalyzer Lite CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...) NOT-FOR-US: WWWThreads CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remot ...) - mambo 4.6.1-4 (bug #364769; medium) CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remot ...) - mambo 4.6.1-4 (bug #364769; medium) CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fis ...) NOT-FOR-US: RechnungsZentrale CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NF ...) NOT-FOR-US: RechnungsZentrale CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 fo ...) NOT-FOR-US: Caucho CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...) NOT-FOR-US: WinAgents TFTP Server for Windows CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ea ...) NOT-FOR-US: SolarWinds TFTP Server CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in ...) NOT-FOR-US: PerlCoders BannerFarm CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and ...) NOT-FOR-US: NicPlex PlexCart CVE-2006-1948 (The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss ...) NOT-FOR-US: Lotus Notes CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...) NOT-FOR-US: NicPlex PlexCart CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and ...) NOT-FOR-US: Visale CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...) {DSA-1075-1} - awstats 6.5-2 (bug #364443; medium) NOTE: this might be the same core issue as CVE-2005-2732 CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft Communi ...) NOT-FOR-US: SibSoft CommuniMail CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...) NOT-FOR-US: Smarter Scripts IntelliLink Pro CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ...) {DSA-1134-1 DSA-1120 DSA-1118} NOTE: MFSA-2006-39 - firefox 1.5.dfsg+1.5.0.4-1 (low) - thunderbird (Windows-specific) - mozilla 2:1.7.13-0.3 (low) - xulrunner (Windows-specific) CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...) NOT-FOR-US: Neon Responder CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remo ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 a ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 a ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attacker ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attacke ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remot ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...) {DSA-1049-1} - ethereal 0.99.0-1 (bug #364758; medium) [sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium) [woody] - ethereal 0.9.4-1woody15 (bug #364758; medium) CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, whi ...) {DSA-1157} NOTE: the redhat bugzilla entry says this is fixed in 1.8.3 - ruby1.8 1.8.3 (bug #365520) CVE-2006-1930 NOT-FOR-US: Green Minute CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in I-Rat ...) NOT-FOR-US: I-Rater Platinum CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS ...) NOT-FOR-US: Cisco CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS ...) NOT-FOR-US: Cisco CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 a ...) NOT-FOR-US: ThWboard CVE-2006-1925 (Directory traversal vulnerability in the editnews module (inc/editnews ...) NOT-FOR-US: CuteNews CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 al ...) NOT-FOR-US: LinPHA CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...) NOT-FOR-US: LinPHA CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) auth.p ...) NOT-FOR-US: TotalCalendar CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...) NOT-FOR-US: PHP Net Tools CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...) NOT-FOR-US: PMTool CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet Photo ...) NOT-FOR-US: Internet Photoshow CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 all ...) NOT-FOR-US: Papoo CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ClanMemberSk ...) NOT-FOR-US: Blackorpheus ClanMemberSkript CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) NOT-FOR-US: DbbS CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlie ...) NOT-FOR-US: DbbS CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: DbbS CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax G ...) NOT-FOR-US: Jax Guestbook CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL var ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to in ...) - serendipity 1.0-1 CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 all ...) NOT-FOR-US: Coppermine CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x allo ...) NOT-FOR-US: myEvent CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote att ...) NOT-FOR-US: myEvent CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpL ...) NOT-FOR-US: phpLister CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0 ...) - xine-ui 0.99.4-1 (bug #363370; unimportant) NOTE: This is a non-issue: An attacker would need to trick the user into opening NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...) NOT-FOR-US: AnimeGenesis Gallery CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...) NOT-FOR-US: UserLand Manila CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 impro ...) - gcc-4.1 4.1.0-2 (bug #356896; unimportant) NOTE: Turned out to be a non-issue CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a denia ...) NOT-FOR-US: Mozilla Camino CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4 ...) - amaya 9.51-1 (bug #362575; medium) CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...) NOT-FOR-US: Neuron Blog CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Ti ...) NOT-FOR-US: Tiny PHP Forum CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script ...) NOT-FOR-US: Webplus (aka talentsoft) Web+Shop CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users w ...) {DSA-1066-1} - phpbb2 2.0.18-3 (bug #365533; medium) CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...) - phpbb2 (bug #365535) CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...) NOT-FOR-US: RevoBoard / PunBB CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 a ...) NOT-FOR-US: ar-blog CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify permiss ...) NOT-FOR-US: avast! 4 Linux Home Edition CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...) NOT-FOR-US: betaboard CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland myEven ...) NOT-FOR-US: myWebland CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...) NOT-FOR-US: Boardsolution CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass authent ...) NOT-FOR-US: phpGraphy CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework compon ...) NOT-FOR-US: Oracle CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System co ...) NOT-FOR-US: Oracle CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...) NOT-FOR-US: Oracle CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...) NOT-FOR-US: Oracle CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopS ...) NOT-FOR-US: phpFaber TopSites CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Oracle CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0 ...) NOT-FOR-US: Oracle CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...) NOT-FOR-US: Oracle CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Oracle CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...) NOT-FOR-US: Oracle CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0. ...) NOT-FOR-US: Oracle CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1 ...) NOT-FOR-US: Oracle CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Oracle CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1. ...) NOT-FOR-US: Oracle CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknow ...) NOT-FOR-US: Oracle CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4 ...) NOT-FOR-US: Oracle CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows attacke ...) - beagle 0.2.6-2 (bug #365371; medium) CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-13 CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...) {DSA-1103} - linux-2.6 2.6.16-10 CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local u ...) - linux-2.6 (seems to be RedHat-specific) CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote attacke ...) {DSA-1095-1} - freetype 2.2.1-1 CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attac ...) - linux-2.6 2.6.16-14 CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16. ...) - linux-2.6 2.6.16-14 CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-14 CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-14 CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ad ...) {DSA-1184-2} - linux-2.6 2.6.16-12 CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain de ...) {DSA-1184-2} NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog - linux-2.6 2.6.12-1 CVE-2006-1854 NOT-FOR-US: BluePay Manager CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...) NOT-FOR-US: ModernBill CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro 1 ...) NOT-FOR-US: Article Publisher Pro CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ins ...) NOT-FOR-US: xFlow CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 a ...) NOT-FOR-US: xFlow CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in xF ...) NOT-FOR-US: xFlow CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...) NOT-FOR-US: LinPHA CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...) NOT-FOR-US: PHP-Nuke CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...) NOT-FOR-US: PHP-Nuke CVE-2006-1845 REJECTED CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.5 ...) [sarge] - shadow 1:4.0.3-31sarge8 [sarge] - base-config NOTE: The installer is fixed separately, but the postinst of the shadow update NOTE: corrects permissions of a faulty install NOTE: seems to be a duplicate of CVE-2006-1376 - shadow 1:4.0.14-9 (bug #358210; bug #356939) - base-config 2.68 (bug #254068; low) CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1. ...) NOT-FOR-US: ShoutBOOK CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1. ...) NOT-FOR-US: ShoutBOOK CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...) NOT-FOR-US: boastMachine CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 a ...) NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game) CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album 0 ...) NOT-FOR-US: PHP Album CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...) NOT-FOR-US: Fuju News CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows rem ...) NOT-FOR-US: Fuju News CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in Syman ...) NOT-FOR-US: Symantec LiveUpdate CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...) NOT-FOR-US: Calendarix CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...) NOT-FOR-US: Opera CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...) NOT-FOR-US: NetBSD CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the inst ...) NOT-FOR-US: sysinfo CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1 ...) NOT-FOR-US: sysinfo CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...) NOT-FOR-US: Sun Java Studio Enterprise CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenti ...) NOT-FOR-US: EAServer Manager in Sybase EAServer CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...) NOT-FOR-US: PHP121 CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlie ...) {DSA-1048-1} - asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium) [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium) [woody] - asterisk 0.1.11-3woody1 (bug #364195; medium) CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3 ...) NOT-FOR-US: Snipe Gallery CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1. ...) NOT-FOR-US: phpLinks CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.ph ...) NOT-FOR-US: PhpGuestbook CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier a ...) NOT-FOR-US: FarsiNews CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2. ...) NOT-FOR-US: FarsiNews CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows re ...) NOT-FOR-US: ModX CMS CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 al ...) NOT-FOR-US: ModX CMS CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in index. ...) NOT-FOR-US: phpWebSite CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1 ...) NOT-FOR-US: warforge.NEWS CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, wit ...) NOT-FOR-US: warforge.NEWS CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...) NOT-FOR-US: VBulletin CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Tritanium Bulletin Board CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of s ...) NOT-FOR-US: NetBSD kernel CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ea ...) NOT-FOR-US: phpWebFTP CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...) NOT-FOR-US: phpWebFTP CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remo ...) NOT-FOR-US: FlexBB CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BE ...) NOT-FOR-US: FlexBB CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Lifetype CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0. ...) NOT-FOR-US: Lifetype CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...) NOT-FOR-US: Musicbox CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3. ...) NOT-FOR-US: Musicbox CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows rem ...) NOT-FOR-US: PowerClan CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin NOTE: https://www.phpmyadmin.net/security/PMASA-2006-3/ NOTE: The first linked commit is the official commit from PMASA NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fde2f613ad402e442a3b54d628ad85444faaeabe NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bf717892f9207c6161dc7800eb63e940478ec47 CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7. ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin (CSRF code not present in Sarge, too intrusive to backport) NOTE: maintainer considers this not-affected. CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in TinyWebGaller ...) NOT-FOR-US: TinyWebGallery CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in pl ...) NOT-FOR-US: planetSearch+ CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 thro ...) NOT-FOR-US: SimpleBBS CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers t ...) NOT-FOR-US: Censtore CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...) NOT-FOR-US: RateIt CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local us ...) NOT-FOR-US: NetBSD kernel CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links functiona ...) - wordpress 2.0.1 (bug #328909) CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...) NOT-FOR-US: UPDI Network Enterprise CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earli ...) NOTE: only in experimental - mambo 4.5.3h-1 (bug #354468) CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows rem ...) NOT-FOR-US: runCMS CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Ed ...) NOT-FOR-US: MailEnable CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allow ...) NOT-FOR-US: QuickBlogger CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ...) {DSA-1051-1 DSA-1046-1} - firefox 1.5 - mozilla-firefox (problematic fix not backported into 1.0.4-2sarge5) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 - mozilla 2:1.7.13-0.1 CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in PAJA ...) NOT-FOR-US: pajax CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, provid ...) NOT-FOR-US: Adobe CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's sess ...) NOT-FOR-US: Adobe CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...) NOT-FOR-US: Adobe CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote authenti ...) NOT-FOR-US: Adobe CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in Sphi ...) NOT-FOR-US: Sphider CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...) NOT-FOR-US: PatroNet CMS CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to obt ...) NOT-FOR-US: Sun Solaris CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R M ...) NOT-FOR-US: Circle R Monster Top List CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ca ...) NOT-FOR-US: Sun Solaris CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcra ...) NOT-FOR-US: Simplog CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...) NOT-FOR-US: Simplog CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...) NOT-FOR-US: Simplog CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ash ...) NOT-FOR-US: Simplog CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 al ...) - phpbb2 (unimportant) NOTE: Only exploitable by authenticated admin users CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqH ...) NOT-FOR-US: HP System Management Homepage CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 a ...) NOT-FOR-US: PHPKIT CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogo ...) - mnogosearch 3.2.37-3.1 (bug #361775) [sarge] - mnogosearch (Minor issue) CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXo ...) NOT-FOR-US: SAXoPRESS CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Desig ...) NOT-FOR-US: AzDGVote CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...) NOT-FOR-US: UserLand Manila CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Tritanium Bulletin Board CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com IN ...) NOT-FOR-US: INDEXU CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...) NOT-FOR-US: Papoo CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 all ...) NOT-FOR-US: JBook CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web documen ...) NOT-FOR-US: Hosting Controller CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...) NOT-FOR-US: blur6ex CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 allo ...) NOT-FOR-US: blur6ex CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 all ...) NOT-FOR-US: blur6ex CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...) NOT-FOR-US: JetPhoto CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...) NOT-FOR-US: SWSoft Confixx CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...) NOT-FOR-US: Vegadns CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...) NOT-FOR-US: Vegadns CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a direc ...) NOT-FOR-US: MD News 1 CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote at ...) NOT-FOR-US: MD News 1 CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0. ...) NOT-FOR-US: SWSoft Confixx CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite arb ...) {DSA-1035-1} - fcheck 2.7.59-8 CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...) NOT-FOR-US: MvBlog CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remo ...) NOT-FOR-US: MvBlog CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Au ...) NOT-FOR-US: Autogallery CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro 2. ...) NOT-FOR-US: phpListPro CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows rem ...) NOT-FOR-US: XMB Forum CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 al ...) NOT-FOR-US: Virtual War CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...) - phplist (bug #612288) CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...) NOT-FOR-US: Bitweaver CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...) NOT-FOR-US: JBook CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) - xulrunner 1.8.0.1-9 NOTE: The Mozilla Foundation labels this as "critical", but it's not NOTE: clear if this bug is exploitable. CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla 2:1.7.13-0.1 (low) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low) - mozilla 2:1.7.13-0.1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) - xulrunner 1.8.0.1-9 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is NOTE: exploitable in the default configuration. - xulrunner 1.8.0.1-9 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Sui ...) {DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla 2:1.7.13-0.1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) - xulrunner 1.8.0.1-9 NOTE: Can likely be used to steal OpenSSH keys and the like. CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla (high) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) - xulrunner 1.8.0.1-9 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla 2:1.7.13-0.1 (medium) - thunderbird 1.5.0.2-1 (medium) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium) - xulrunner 1.8.0.1-9 NOTE: If print preview (and this bug) can be triggered from JavaScript, NOTE: the urgency should probably be raised. CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ...) - firefox 1.5.dfsg+1.5.0.2-1 (high) - thunderbird 1.5.0.2-1 (medium) - xulrunner 1.8.0.1-9 NOTE: New bug in Firefox 1.5. CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes c ...) - firefox 1.5.dfsg+1.5.0.2-1 (low) - xulrunner 1.8.0.1-9 NOTE: New bug in Firefox 1.5. CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla (medium) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) - xulrunner 1.8.0.1-9 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...) {DSA-1051-1 DSA-1046-1} - firefox 1.5.dfsg+1.5.0.2 (medium) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) - mozilla (medium) - thunderbird 1.5.0.2-1 (low) - xulrunner 1.8.0.1-9 NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 al ...) NOT-FOR-US: ShopXS CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...) {DSA-1042-1} - cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low) - cyrus-sasl2-mit (does not install digest-md5) CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...) NOT-FOR-US: SaphpLesson CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Internet Explorer CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information u ...) NOT-FOR-US: Clever Copy CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl TUGZ ...) NOT-FOR-US: TUGZip CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder phpMyFor ...) NOT-FOR-US: phpMyForum CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph Roe ...) NOT-FOR-US: phpMyForum CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...) NOT-FOR-US: DNGuestbook CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...) {DSA-1036-1} - bsdgames 2.17-7 (bug #360989) CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...) - mailman 0:2.1.7-2.1.8rc1-1 [sarge] - mailman (Only affects Mailman 2.1.7) CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...) {DSA-1032-1} - zope-cmfplone 2.1.2-2 CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in interakti ...) NOT-FOR-US: interaktiv.shop CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...) NOT-FOR-US: Clansys CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include arbitra ...) NOT-FOR-US: Shopweezle CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...) NOT-FOR-US: Shopweezle CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" p ...) NOT-FOR-US: Oracle CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files w ...) NOT-FOR-US: Sire 2.0 nws CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws al ...) NOT-FOR-US: Sire 2.0 nws CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8 ...) - spip 2.0.6-1 CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in Shadow ...) NOT-FOR-US: Shadowed Portal CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for authentica ...) NOT-FOR-US: Aweb Scripts Seller CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner G ...) NOT-FOR-US: Aweb Banner CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3. ...) NOT-FOR-US: Matt Wright Guestbook CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3. ...) NOT-FOR-US: Matt Wright Guestbook CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allow ...) - gallery 1.5.3-1 (bug #361758) CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environme ...) {DSA-1068-1} - fbi 2.05-1 (bug #361370) CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and e ...) NOT-FOR-US: XBrite Members CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1. ...) NOT-FOR-US: GlobalSCAPE Secure FTP Server CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow re ...) NOT-FOR-US: MWNewsletter CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attac ...) NOT-FOR-US: MWNewsletter CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewslet ...) NOT-FOR-US: MWNewsletter CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LD ...) NOT-FOR-US: HP-UX CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and e ...) NOT-FOR-US: SQuery / Autonomous LAN party CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO ...) NOT-FOR-US: APT-webshop-system CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO ...) NOT-FOR-US: APT-webshop-system CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in APT-webshop-s ...) NOT-FOR-US: APT-webshop-system CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier all ...) NOT-FOR-US: ecotwo Shopsystem CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook a ...) NOT-FOR-US: Chipmunk Guestbook CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...) NOT-FOR-US: TalentSoft Web+Shop CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ear ...) - cherokee 0.5.1-1 CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attac ...) NOT-FOR-US: Jupiter CMS CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in Jupi ...) NOT-FOR-US: Jupiter CMS CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1207-1} - phpmyadmin 4:2.8.0.3-1 (bug #362567) NOTE: https://www.phpmyadmin.net/security/PMASA-2006-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.0 ...) NOT-FOR-US: MAXdev MD-Pro CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics modu ...) NOT-FOR-US: MAXdev MD-Pro CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1 ...) NOT-FOR-US: PHPWebGallery CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in PHPWebGaller ...) NOT-FOR-US: PHPWebGallery CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard v ...) NOT-FOR-US: Dark_Wizard vBug Tracker CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...) NOT-FOR-US: Cisco CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series n ...) NOT-FOR-US: Cisco CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series n ...) NOT-FOR-US: Cisco CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team P ...) NOT-FOR-US: PHPMyChat CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PH ...) NOT-FOR-US: Crafty Syntax Image Gallery CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...) NOT-FOR-US: Crafty Syntax Image Gallery CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable a ...) NOT-FOR-US: Arab Portal CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...) NOT-FOR-US: Arab Portal CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and earlie ...) - xine-lib (Not reproducible with Debian version, see bug #363127) - vlc (affected part of xine-lib code copy not present) CVE-2006-1663 REJECTED CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote at ...) NOT-FOR-US: Limbo CMS CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...) NOT-FOR-US: SKForum CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz ...) NOT-FOR-US: Softbiz Image Gallery CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow ...) NOT-FOR-US: Softbiz Image Gallery CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky ...) NOT-FOR-US: Chucky A. Ivey N.T. CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ive ...) NOT-FOR-US: Chucky A. Ivey N.T. CVE-2006-XXXX [linphone insecure password leakage] - linphone 1.3.5-1 (bug #361913) CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the s ...) - util-vserver 0.30.210-1 (bug #360438; unimportant) CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted attacker ...) {DSA-1074-1} - mpg123 0.59r-22 (bug #361863) - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain (Minor issue) CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbo ...) NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in AngelineC ...) NOT-FOR-US: AngelineCMS CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ear ...) NOT-FOR-US: UltraVNC CVE-2006-1651 NOT-FOR-US: MS ISA CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and p ...) NOTE: other reports indicate that Firefox is not vulnerable CVE-2006-1649 (The "restore to" selection in the "quarantine a file" capability of ES ...) NOT-FOR-US: Eset Software NOD32 Antivirus 2.5 CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versi ...) NOT-FOR-US: SMART SynchronEyes CVE-2006-1647 (An unspecified "logical programming mistake" in SMART SynchronEyes Stu ...) NOT-FOR-US: SMART SynchronEyes CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg ...) NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732 CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...) NOT-FOR-US: ReloadCMS CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...) NOT-FOR-US: Interact CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows remo ...) NOT-FOR-US: Interact CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remo ...) NOT-FOR-US: Interact CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote a ...) NOT-FOR-US: CzarNews CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...) NOT-FOR-US: CzarNews CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote a ...) NOT-FOR-US: wpBlog CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote atta ...) NOT-FOR-US: aWebBB CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allo ...) NOT-FOR-US: aWebBB CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar 1.5. ...) NOT-FOR-US: VWar CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: LucidCMS CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0. ...) NOT-FOR-US: LucidCMS CVE-2006-1633 RESERVED CVE-2006-1632 RESERVED CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in Cis ...) NOT-FOR-US: Cisco CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute a ...) {DSA-1045-1} - openvpn 2.0.6-1 (bug #360559; medium) CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...) NOT-FOR-US: Adobe LiveCycle CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide prope ...) NOT-FOR-US: Adobe Document Server CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote attac ...) NOT-FOR-US: Internet Explorer CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package doe ...) - sysklogd (unimportant) NOTE: No sane person will open a network socket for syslog without apropriate NOTE: firewall rules. The default is not to listen to the network. CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified "file created ...) NOT-FOR-US: FleXiBle Development CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allow ...) NOT-FOR-US: PHPSelect CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...) NOT-FOR-US: Hosting Controller CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allo ...) NOT-FOR-US: Hosting Controller CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote att ...) NOT-FOR-US: WebSphere CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf f ...) NOT-FOR-US: Doomsday/deng CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2 ...) NOT-FOR-US: Advanced Poll CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow rem ...) NOT-FOR-US: Advanced Poll CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote at ...) NOT-FOR-US: aWebNews CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in ...) NOT-FOR-US: aWebNews CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allo ...) NOT-FOR-US: KGB Archiver CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...) NOT-FOR-US: SQuery / Autonomous LAN party CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, a ...) NOT-FOR-US: Hitachi XFIT CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...) - php4 4:4.4.4-1 (bug #361856; unimportant) - php5 5.1.4-0.1 (bug #361915; unimportant) NOTE: Safe mode violations not supported CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...) NOT-FOR-US: Exponent CMS CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before 0 ...) NOT-FOR-US: Exponent CMS CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before 0 ...) NOT-FOR-US: Exponent CMS CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unkno ...) NOT-FOR-US: Exponent CMS CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.1 ...) - phpbb2 (According to Jeroen a non-issue, see notes) NOTE: jmm: unable to everify, the variable in question is only printed NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests NOTE: and, shock, the password isn't saved unhashed in the DB, so having NOTE: javascript in your password can't be exposed otherwise NOTE: I'd forget about it unless someone comes with a proof of concept CVE-2006-1602 (PHP remote file inclusion vulnerability in includes/functions_common.p ...) NOT-FOR-US: PHPNuke Clan CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 a ...) NOT-FOR-US: Sun Cluster CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 all ...) NOT-FOR-US: PhpWebGallery CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3 ...) NOT-FOR-US: v-creator CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remot ...) NOT-FOR-US: AN HTTPD CVE-2006-1597 RESERVED CVE-2006-1596 (PHP remote file inclusion vulnerability in learnPath/include/scormExpo ...) NOT-FOR-US: Claroline CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in C ...) NOT-FOR-US: Claroline CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php ...) NOT-FOR-US: Claroline CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLeve ...) NOT-FOR-US: X-Doom, ZDaemon NOTE: vulnerable functions don't exist in lxdoom, prboom CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) ...) NOT-FOR-US: X-Doom, ZDaemon NOTE: vulnerable functions don't exist in lxdoom, prboom CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allo ...) NOT-FOR-US: Microsoft Windows Help CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage functio ...) - acidbase 1.2.5-1 (bug #363548; unimportant) [sarge] - acidbase (Hardly exploitable) - acidlab (bug #363549; unimportant) [sarge] - acidlab (Hardly exploitable) NOTE: Not exploitable with the default configuration anyway. CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local user ...) NOT-FOR-US: NetBSD kernel CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not c ...) NOT-FOR-US: NetBSD kernel CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the ...) NOT-FOR-US: NetBSD CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser (l ...) {DSA-1024-1} - clamav 0.88.1-1 CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (C ...) {DSA-1024-1} - clamav 0.88.1-1 CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam Ant ...) {DSA-1024-1} - clamav 0.88.1-1 CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...) NOT-FOR-US: Egypt SiteMan CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...) NOT-FOR-US: MonAlbum CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser f ...) NOT-FOR-US: Warcraft III Replay CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...) NOT-FOR-US: Warcraft III Replay CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg ...) NOT-FOR-US: Blank'N'Berg CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 all ...) NOT-FOR-US: Blank'N'Berg CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 a ...) NOT-FOR-US: Bugzero CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board Sy ...) NOT-FOR-US: Dynamic Bulletin Board System CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library Sui ...) NOT-FOR-US: Keystone Digital Library Suite CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.ph ...) {DSA-1133-1} [woody] - mantis (Vulnerable code not present) - mantis 0.19.4-3.1 (bug #361138) CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...) NOT-FOR-US: QLnews CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLn ...) NOT-FOR-US: QLnews CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, W ...) NOT-FOR-US: Groupmax World Wide Web et. al. CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash Gal ...) NOT-FOR-US: MediaSlash Gallery CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote ...) NOT-FOR-US: Oxygen CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in qliteNew ...) NOT-FOR-US: qliteNews CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 a ...) NOT-FOR-US: Esqlanelapse CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote atta ...) NOT-FOR-US: RedCMS CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: RedCMS CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteS ...) NOT-FOR-US: SiteSearch Indexer CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Deb ...) - libtunepimp 0.4.2-3 (bug #359241; low) [sarge] - libtunepimp (rpath not set to /tmp in Sarge) CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...) - gpib 3.2.06-3 (bug #359239; low) [sarge] - gpib (rpath not set to /tmp in Sarge) CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subv ...) - subversion 1.3.0-5 (bug #359234; low) [sarge] - subversion (No rpaths set in Sarge) CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ( ...) NOT-FOR-US: VBook CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in vs ...) NOT-FOR-US: VBook CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiew ...) NOT-FOR-US: VBook CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...) NOT-FOR-US: SkinTech phpNewsManager CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote attacker ...) NOT-FOR-US: PHP Script Index CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script I ...) NOT-FOR-US: PHP Script Index CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote a ...) NOT-FOR-US: X-Changer CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier ...) NOT-FOR-US: AL-Caricatier CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...) NOT-FOR-US: VSNS Lemon CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows re ...) NOT-FOR-US: VSNS Lemon CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS L ...) NOT-FOR-US: VSNS Lemon CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...) NOT-FOR-US: Apple CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5 ...) NOT-FOR-US: PAJAX CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...) - php4 (bug #361854; unimportant) - php5 5.1.4-0.1 (bug #361917; unimportant) [sarge] - php4 (there are easier ways to segfault your own program) CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction a ...) - libstruts1.2-java 1.2.9-1 (bug #360551) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 wit ...) - libstruts1.2-java 1.2.9-1 (bug #360551) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote att ...) - libstruts1.2-java 1.2.9-1 (bug #360551) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in vscr ...) NOT-FOR-US: VNews CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in vsc ...) NOT-FOR-US: VNews CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewic ...) NOT-FOR-US: VNews CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on Li ...) NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow NOTE: Should be rejected CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ea ...) NOT-FOR-US: EzASPSite CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 al ...) NOT-FOR-US: Microsoft CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in t ...) - bsdgames 2.17-6 (bug #361160) [sarge] - bsdgames (Minor impact) CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...) NOT-FOR-US: Enova X-Wall ASIC CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...) - webcalendar (unimportant) CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93 ...) NOT-FOR-US: Phoetux.net PhxContacts CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net P ...) NOT-FOR-US: Phoetux.net PhxContacts CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote attac ...) NOT-FOR-US: Null news CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop newsle ...) NOT-FOR-US: Sourceworkshop newsletter CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP Classifi ...) NOT-FOR-US: PHP Classifieds CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...) {DSA-1046-1} - firefox 1.5.0.2 (medium) - mozilla-firefox (pre-1.5 version not vulnerable) - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird (pre-1.5 version not vulnerable) - xulrunner 1.8.0.1-9 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...) {DSA-1046-1} - firefox 1.5.0.2 (medium) - mozilla-firefox (pre-1.5 version not vulnerable) - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird (pre-1.5 version not vulnerable) - xulrunner 1.8.0.1-9 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...) {DSA-1046-1} - firefox 1.5.0.2-1 (medium) - mozilla-firefox (pre-1.5 version not vulnerable) - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird (pre-1.5 version not vulnerable) - xulrunner 1.8.0.1-9 NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the NOTE: default configuration. CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ser ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 2.6.13-1 CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...) - linux-2.6 2.6.16-12 (low) CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...) - xorg-server 1:1.0.2-8 (bug #378464) [sarge] - xfree86 (Vulnerable code not present) CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-9 CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow f ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-8 CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling (signa ...) {DSA-1103} - linux-2.6 2.6.16-7 CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...) - linux-2.6 2.6.16-7 CVE-2006-1521 REJECTED CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...) NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag) - libspf (bug #368780; low) CVE-2006-1519 REJECTED CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0 ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium) - mysql-dfsg-4.1 (bug #365939; medium) - mysql-dfsg (bug #365939; bug #356751; medium) - mysql (bug #365939; medium) CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0. ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; low) - mysql-dfsg-4.1 (bug #365939; low) - mysql-dfsg (bug #365939; bug #356751; low) - mysql (bug #365939; low) CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0 ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low) - mysql-dfsg-4.1 (bug #365939; bug #366043; low) - mysql-dfsg (bug #365939; bug #356751; low) - mysql (bug #365939; low) CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and earl ...) {DSA-1084-1} - typespeed 0.4.4-10 CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20 ...) {DSA-1043-1} - abcmidi 20060422-1 CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted a ...) {DSA-1041-1} - abc2ps (bug #373685; low) CVE-2006-1512 REJECTED CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1 ...) NOT-FOR-US: Microsoft CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...) NOT-FOR-US: Microsoft CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "d ...) NOT-FOR-US: HP-UX CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software Con ...) NOT-FOR-US: MH Software Connect Daily Web Calendar CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remot ...) NOT-FOR-US: PHPKIT CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5 ...) NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3 CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) befo ...) - acidbase 1.2.4-1 (bug #361139) CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...) NOT-FOR-US: Arab Portal CVE-2006-1503 (PHP remote file inclusion vulnerability in includes/functions_install. ...) NOT-FOR-US: Virtual Wa CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attacke ...) NOT-FOR-US: MPlayer NOTE: I can't find the vulnerable code in xine-lib CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows r ...) NOT-FOR-US: OneOrZero CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remot ...) NOT-FOR-US: Tilde CMS 3.0 CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows rem ...) NOT-FOR-US: vCounter CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows ...) NOT-FOR-US: ViHor Design CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...) NOT-FOR-US: ViHor Design CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) PHPColl ...) NOT-FOR-US: PHPCollab / NetOffice CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 all ...) - php4 4:4.4.4-1 (bug #361855; unimportant) - php5 5.1.4-0.1 (bug #361916; unimportant) NOTE: open_basedir violations are not supported CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP all ...) NOT-FOR-US: Explorer XP CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows rem ...) NOT-FOR-US: Explorer XP CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local. ...) NOT-FOR-US: FusionZONE CouponZONE CVE-2006-XXXX [unixodbc rpath set to /home] - unixodbc 2.2.11-11 (bug #358142; low) [sarge] - unixodbc (rpath not set to /home in Sarge) CVE-2006-XXXX [fftw rpath set to user home] - fftw 2.1.3-17 (bug #358157; low) [sarge] - fftw (No rpath set in Sarge) CVE-2006-XXXX [gauche-config rpath set to user home] - gauche 0.8.7-1 (bug #358139; low) [sarge] - gauche (gauche-config is a shell script in Sarge) CVE-2006-XXXX [tcpquota rpath set to user home] - tcpquota 1.6.15-11 (bug #358369; low) [sarge] - tcpquota (Only exploitable with strange AFS cell name) CVE-2006-XXXX [hamlib3-perl rpath set to user home] - hamlib 1.2.5-3 (bug #358166; low) [sarge] - hamlib (Only exploitable with strange user name) CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in D ...) {DSA-1025-1} - dia 0.94.0-18 (bug #360566) CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...) - mediawiki 1.4.15-1 - mediawiki1.5 1.5.8-1 CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions 3 ...) {DSA-1034-1 DSA-1033-1} - horde3 3.1.1-1 (bug #361967) CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions o ...) - php5 5.1.4-0.1 (bug #359907; low) - php4 4:4.4.2-1.1 (bug #359904; low) [sarge] - php4 (Application's responsibility to sanitize input) CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the f ...) NOT-FOR-US: ActiveCampaign SupportTrio CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...) NOT-FOR-US: ActiveCampaign SupportTrio CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in re ...) NOT-FOR-US: realestateZONE CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users wi ...) NOT-FOR-US: Greymatter CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files, ...) NOT-FOR-US: Genius VideoCAM NB Driver CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...) NOT-FOR-US: Blazix Web Server CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...) NOT-FOR-US: ConfTool CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows re ...) NOT-FOR-US: PHP Ticket CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...) NOT-FOR-US: WebAlbum CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-p ...) NOT-FOR-US: Serge Rey gtd-php CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...) NOT-FOR-US: Turnkey Web Tools PHP Live Helper CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...) NOT-FOR-US: Turnkey Web Tools PHP Live Helper CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect applic ...) NOT-FOR-US: Windows Firewall CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce applicat ...) NOT-FOR-US: Windows Firewall CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the "failed" functionality ...) NOT-FOR-US: Raindance Web Conferencing Pro CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 al ...) NOT-FOR-US: Apple CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allow ...) NOT-FOR-US: Apple CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...) NOT-FOR-US: Apple CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers t ...) - openldap2 (Vulnerable code not present) - openldap2.2 (medium) CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10 ...) NOT-FOR-US: Apple CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...) NOT-FOR-US: Apple CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before 6 ...) NOT-FOR-US: Apple iTunes CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...) NOT-FOR-US: Apple CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) NOT-FOR-US: Apple CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) NOT-FOR-US: Apple CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) NOT-FOR-US: Apple CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...) NOT-FOR-US: Apple CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote a ...) NOT-FOR-US: Apple CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote a ...) NOT-FOR-US: Apple CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...) NOT-FOR-US: Apple CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote at ...) NOT-FOR-US: Apple CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloa ...) NOT-FOR-US: Apple CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Apple CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) NOT-FOR-US: Apple CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...) NOT-FOR-US: Apple CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows remot ...) NOT-FOR-US: Apple CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4 ...) NOT-FOR-US: Apple CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a n ...) NOT-FOR-US: MySQL Manager CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ex ...) NOT-FOR-US: Apple CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows re ...) NOT-FOR-US: Apple CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attack ...) NOT-FOR-US: Apple CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cau ...) NOT-FOR-US: Apple CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an applicatio ...) NOT-FOR-US: Apple CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Apple CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assisti ...) NOT-FOR-US: Apple CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4. ...) NOT-FOR-US: Apple CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 l ...) NOT-FOR-US: Apple CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote a ...) NOT-FOR-US: Apple CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...) NOT-FOR-US: Apple CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enabl ...) NOT-FOR-US: Apple CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Know ...) NOT-FOR-US: aphpkb CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web d ...) NOT-FOR-US: UPOINT CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...) NOT-FOR-US: UPOINT CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in Accounti ...) NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in Annuair ...) NOT-FOR-US: Annuaire (Directory) CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: Annuaire (Directory) CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full p ...) NOT-FOR-US: fusionZONE couponZONE CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE co ...) NOT-FOR-US: fusionZONE couponZONE CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ( ...) NOT-FOR-US: CONTROLzx HMS CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classi ...) NOT-FOR-US: classifiedZONE CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 a ...) NOT-FOR-US: phpCOIN CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3. ...) NOT-FOR-US: WebAPP CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remo ...) NOT-FOR-US: Blog Pixel Motion CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1 ...) NOT-FOR-US: phpmyfamily CVE-2006-1424 REJECTED CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...) NOT-FOR-US: UBB.threads CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calenda ...) NOT-FOR-US: PHP Booking Calendar CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...) NOT-FOR-US: AkoComment CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows rem ...) NOT-FOR-US: SaphpLesson CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...) NOT-FOR-US: nuked-klan CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris Pla ...) NOT-FOR-US: Caloris Planitia E-School Management CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planiti ...) NOT-FOR-US: Caloris Planitia Online Quiz System CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...) NOT-FOR-US: Absolute FAQ Manager .NET CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2 ...) NOT-FOR-US: dotNetBB CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in To ...) NOT-FOR-US: Toast Forums CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1 ...) NOT-FOR-US: EZHomepagePro CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...) NOT-FOR-US: TFT Gallery CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) NOT-FOR-US: Absolute Image Gallery CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...) NOT-FOR-US: XIGLA Absolute Live Support CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers t ...) NOT-FOR-US: Vavoom NOTE: code in prboom and lxdoom looks completely different CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Vavoom NOTE: code in prboom and lxdoom looks completely different CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hostin ...) NOT-FOR-US: Helm Web Hosting Control Panel CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx i ...) NOT-FOR-US: uniForum CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite. ...) NOT-FOR-US: SweetSuite.NET Content Management System CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in Blan ...) NOT-FOR-US: BlankOL CVE-2006-1403 (Format string vulnerability in the PrintString function in c_console.c ...) NOT-FOR-US: csDoom NOTE: prboom, lxdoom not affected CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...) NOT-FOR-US: csDoom NOTE: prboom, lxdoom not affected CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in C ...) NOT-FOR-US: Calendar Express CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.a ...) NOT-FOR-US: Metisware Instructor CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in Meetin ...) NOT-FOR-US: Meeting Reserve CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1. ...) NOT-FOR-US: G-Book CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew a ...) NOT-FOR-US: phpAdsNew CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Ba ...) NOT-FOR-US: Cholod CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Bo ...) NOT-FOR-US: Cholod CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft I ...) NOT-FOR-US: Pubcookie CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcook ...) NOT-FOR-US: Pubcookie CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in th ...) NOT-FOR-US: Pubcookie CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Ser ...) NOT-FOR-US: Quick 'n Easy/Baby Web Server CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...) NOT-FOR-US: Shortcoming of Gentoo-specific games packaging CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B ...) NOT-FOR-US: HP-UX CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows re ...) NOT-FOR-US: Internet Explorer CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenti ...) - twiki 1:4.0.4-3 (bug #367973) CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ac ...) - twiki (only affects 4.0.0 - 4.1.0, version in Debian too young) CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in WavePac ...) NOT-FOR-US: Cisco CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the w ...) NOT-FOR-US: IBM Tivoli Business Systems Manager CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 al ...) NOT-FOR-US: Baby FTP Server CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in vBul ...) NOT-FOR-US: vBulletin CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, us ...) NOT-FOR-US: Trend Micro CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ( ...) NOT-FOR-US: Trend Micro CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.10 ...) NOT-FOR-US: Trend Micro CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak ...) NOT-FOR-US: PasswordSafe CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...) NOT-FOR-US: EasyMoblog CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...) [sarge] - shadow 1:4.0.3-31sarge8 [sarge] - base-config NOTE: The installer is fixed separately, but the postinst of the shadow update NOTE: corrects permissions of a faulty install - shadow 1:4.0.14-9 (bug #358210; bug #356939) - base-config 2.68 (bug #254068; low) CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the f ...) NOT-FOR-US: AdMan CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...) NOT-FOR-US: AdMan CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP Li ...) NOT-FOR-US: PHP Live! CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...) NOT-FOR-US: 1WebCalendar CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...) NOT-FOR-US: Laurentiu Matei eXpandable Home Page CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6. ...) NOT-FOR-US: Real Player, according to Real Helix not affected CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) NOT-FOR-US: Invision Power Board CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ke ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-1 CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Mo ...) NOT-FOR-US: Motorola hardware CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...) NOT-FOR-US: Motorola hardware CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E39 ...) NOT-FOR-US: Motorola hardware CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCom ...) NOT-FOR-US: Microsoft CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System (FreeW ...) NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 a ...) NOT-FOR-US: Mini-Nuke CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...) NOT-FOR-US: OSWiki CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow re ...) NOT-FOR-US: MusicBox CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...) NOT-FOR-US: BEA WebLogic CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Fire ...) NOT-FOR-US: F5 Firepass 4100 SSL VPN CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, a ...) - libvc 003-4 CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissio ...) NOT-FOR-US: avast AV CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remot ...) {DSA-1089-1} - freeradius 1.1.0-1.2 (bug #359042; high) CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...) NOT-FOR-US: ASPPortal CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) NOT-FOR-US: BEA WebLogic CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to rea ...) NOT-FOR-US: BEA WebLogic CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ( ...) NOT-FOR-US: 99Articles.com CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Be ...) NOT-FOR-US: MusicBox CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaet ...) NOT-FOR-US: Greg Neustaetter gCards CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter g ...) NOT-FOR-US: Greg Neustaetter gCards CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg Neustaett ...) NOT-FOR-US: Greg Neustaetter gCards CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers t ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as use ...) NOT-FOR-US: VeriSign haydn.exe CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, an ...) {DSA-1184-2 DSA-1097-1} - linux-2.6 2.6.16-15 CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_ ...) - linux-2.6 (Only affects 2.4 kernels) CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows r ...) NOT-FOR-US: Maian Events CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...) NOT-FOR-US: CuteNews CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...) NOT-FOR-US: CuteNews CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...) NOT-FOR-US: MailEnable CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edi ...) NOT-FOR-US: MailEnable CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...) NOT-FOR-US: ExtCalendar CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with AllowD ...) - gnome-screensaver 2.14.1-1 (bug #357885) CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remot ...) NOT-FOR-US: Maian Weblog CVE-2006-1333 (Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and ea ...) NOT-FOR-US: BetaParticle Blog CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain s ...) NOT-FOR-US: Noah's Classifieds CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in No ...) NOT-FOR-US: Noah's Classifieds CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...) NOT-FOR-US: phpWebsite CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows rem ...) - jabberd2 2.0s11-1 (bug #357874) CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP Downloa ...) NOT-FOR-US: Skull-Splitter PHP CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote att ...) NOT-FOR-US: SoftBB CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...) NOT-FOR-US: Invision Power Board CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remot ...) NOT-FOR-US: Streber CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows use ...) NOT-FOR-US: WinHKI CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denia ...) NOT-FOR-US: Netware CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Off ...) NOT-FOR-US: Microsoft Office CVE-2006-1317 REJECTED CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Microsoft CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in M ...) NOT-FOR-US: Microsoft CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Wi ...) NOT-FOR-US: Microsoft JScript CVE-2006-1312 REJECTED CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 ...) NOT-FOR-US: Microsoft CVE-2006-1310 REJECTED CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...) NOT-FOR-US: Microsoft CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) NOT-FOR-US: Microsoft CVE-2006-1307 REJECTED CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...) NOT-FOR-US: Microsoft CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote att ...) NOT-FOR-US: Microsoft CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assis ...) NOT-FOR-US: Microsoft CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5. ...) NOT-FOR-US: Microsoft CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assis ...) NOT-FOR-US: Microsoft CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...) NOT-FOR-US: Microsoft CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft CVE-2006-1299 REJECTED CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...) NOT-FOR-US: Veritas Backup CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server Re ...) NOT-FOR-US: Veritas Backup CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow loca ...) - beagle 0.2.3-1 (bug #357392; low) CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8 ...) - spip 2.0.6-1 CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in Knowled ...) NOT-FOR-US: KnowledgebasePublisher CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...) NOT-FOR-US: Contrexx CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalen ...) NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earl ...) NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Capti ...) NOT-FOR-US: Milkeyway Captive Portal CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...) NOT-FOR-US: Milkeyway Captive Portal CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2 ...) NOT-FOR-US: Invision Power Board CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) NOT-FOR-US: Invision Power Board CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...) NOT-FOR-US: Symantec Ghost CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost S ...) NOT-FOR-US: Symantec Ghost CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...) NOT-FOR-US: Symantec Ghost CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10- ...) - libpam-opie (FreeBSD specific vulnerability) CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard (M ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBo ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...) - libcgi-session-perl 4.07-1 (low; bug #356555) [sarge] - libcgi-session-perl (Minor issues) CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files vi ...) - libcgi-session-perl 4.11-1 (low; bug #356555) [sarge] - libcgi-session-perl (Minor issues) CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...) NOT-FOR-US: @1 File Store CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File Stor ...) NOT-FOR-US: @1 File Store CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows re ...) NOT-FOR-US: PHP SimpleNEWS CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of se ...) NOT-FOR-US: GGZ Gaming Zone CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop priv ...) NOT-FOR-US: Antivir CVE-2006-1273 NOT-FOR-US: Reportedly problem with a firefox addon CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in M ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote atta ...) NOT-FOR-US: OxyNews CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in In ...) NOT-FOR-US: Inprotect CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might all ...) - zoo 2.10-18 (bug #367858; low) [sarge] - zoo (Attack vector very far-fetched, hardly exploitable) CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allow ...) NOT-FOR-US: Funkwerk X2300 CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...) NOT-FOR-US: Invision Power Board CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VP ...) NOT-FOR-US: VPMi Enterprise CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net discu ...) NOT-FOR-US: xhawk.net discussion CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 b ...) NOT-FOR-US: xhawk.net discussion CVE-2006-1263 (Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ...) - wordpress 2.0.2-1 CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown ...) NOT-FOR-US: ASPPortal CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 ...) NOT-FOR-US: ASPPortal CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read arbi ...) {DSA-1034-1 DSA-1033-1} - horde3 3.1-1 (bug #358812) CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remo ...) NOT-FOR-US: Maian Support CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...) - phpmyadmin 4:2.8.0.2-2 (bug #382228) [sarge] - phpmyadmin (Vulnerable code not present) CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce Serv ...) NOT-FOR-US: Microsoft CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boy ...) NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging 5. ...) NOT-FOR-US: Mercur Messaging CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows rem ...) NOT-FOR-US: BorderWare MXtreme CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote atta ...) NOT-FOR-US: glFTPd CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...) NOT-FOR-US: Light Weight Calendar CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 ...) - sa-exim 4.2.1-1 (bug #345071; bug #356301) CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...) NOT-FOR-US: Winmail CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...) NOT-FOR-US: Apple Quicktime CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B. ...) NOT-FOR-US: HP-UX CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows l ...) NOT-FOR-US: AIX CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 al ...) NOT-FOR-US: AIX CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900. ...) NOT-FOR-US: Microsoft CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as u ...) {DSA-1019-1 DSA-982-1} - xpdf (All issues previously fixed) NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities - gpdf 2.10.0-3 - koffice 2.3.3-1 NOTE: xpdf (and therewith the questionable code) is not part of koffice for some time now CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...) NOT-FOR-US: Simple PHP Blog CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2. ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-4 CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb ...) - firebird2 (Not setuid in Debian) CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbser ...) - firebird2 (Not setuid in Debian) CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...) NOT-FOR-US: Gemini CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disa ...) NOT-FOR-US: DSLogin CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic ...) NOT-FOR-US: DSNewsletter CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...) {DSA-1009-1} - crossfire 1.9.0-2 (medium) CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost 1 ...) NOT-FOR-US: HitHost CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with magic_ ...) NOT-FOR-US: DSCounter CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow re ...) NOT-FOR-US: WMNews CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_q ...) NOT-FOR-US: DSDownload CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, al ...) - capi4hylafax (Affected DEFINE not defined) CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in v ...) NOT-FOR-US: vCard CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 (H ...) NOT-FOR-US: Hosting Controller CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...) {DSA-1007-1} - drupal 4.5.8-1 CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...) {DSA-1007-1} - drupal 4.5.8-1 CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...) {DSA-1007-1} - drupal 4.5.8-1 CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x be ...) {DSA-1007-1} - drupal 4.5.8-1 CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...) NOT-FOR-US: GuppY CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1. ...) NOT-FOR-US: Jupiter Content Manager CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 p ...) NOT-FOR-US: zeroboard CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service (VSMON.e ...) NOT-FOR-US: TrueVector CVE-2006-XXXX [Insufficient filename sanitising in darcsweb] - darcsweb 0.15-1 CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac O ...) NOT-FOR-US: MacOS X CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2. ...) - gallery2 2.0.4-1 CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3. ...) NOT-FOR-US: Novell BorderManager CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to e ...) NOT-FOR-US: DSPoll CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...) NOT-FOR-US: Runcms CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burnin ...) NOT-FOR-US: Woltlab BB CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denia ...) NOT-FOR-US: UnrealIRCd CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier allow ...) NOT-FOR-US: JiRo's Banner System Experience and Professional CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows r ...) NOT-FOR-US: CoreNews CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL data ...) NOT-FOR-US: Tivoli CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 i ...) NOT-FOR-US: Tivoli CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive infor ...) NOT-FOR-US: PHP Advanced Transfer Manager CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute a ...) NOT-FOR-US: Sergey Korostel PHP Upload Center CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with insuf ...) NOT-FOR-US: PHP Upload Center CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedde ...) - dropbear 0.48-1 CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBlo ...) NOT-FOR-US: myBloggie CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4- ...) NOT-FOR-US: txtForum CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum 1.0.4- ...) NOT-FOR-US: txtForum CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...) NOT-FOR-US: textfileBB CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net phpBann ...) NOT-FOR-US: phpBannerExchange CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...) NOT-FOR-US: daverave Link Bank CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave Lin ...) NOT-FOR-US: daverave Link Bank CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a pa ...) NOT-FOR-US: Comvigo IM Lock CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with in ...) NOT-FOR-US: SafeDisc CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 a ...) NOT-FOR-US: QwikiWiki CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...) NOT-FOR-US: Enet lib (Cube, Sauerbraten) CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...) NOT-FOR-US: Enet lib (Cube, Sauerbraten) CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft Exchange Server CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly i ...) NOT-FOR-US: Microsoft CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...) NOT-FOR-US: Microsoft CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 thro ...) NOT-FOR-US: Microsoft CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1187 REJECTED CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) NOT-FOR-US: Microsoft CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4 ...) NOT-FOR-US: Microsoft CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the i ...) - base-config (UBuntu specific) - shadow (UBuntu specific) CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Docum ...) NOT-FOR-US: Adobe Graphics Server CVE-2006-1181 RESERVED CVE-2006-1180 RESERVED CVE-2006-1179 RESERVED CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial o ...) NOT-FOR-US: Tamarack MMSd CVE-2006-1177 RESERVED CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...) NOT-FOR-US: eBay Enhanced Picture Services CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scr ...) NOT-FOR-US: WeOnlyDo! SFTP CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions befo ...) - shadow 1:4.0.15-10 (low) [sarge] - shadow (Vulnerable code was introduced later) CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of se ...) {DSA-1155} - sendmail 8.13.7-1 (low; bug #373801) CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in Cryptomath ...) NOT-FOR-US: ActiveX control CVE-2006-1171 REJECTED CVE-2006-1170 REJECTED CVE-2006-1169 REJECTED CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...) {DSA-1149-1} - ncompress 4.2.4-16 CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the las ...) NOT-FOR-US: SGI CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...) - dokuwiki 0.0.20060309-3 (bug #357436) CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...) NOT-FOR-US: Nodez CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remot ...) NOT-FOR-US: Nodez CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows ...) NOT-FOR-US: Nodez CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web S ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) We ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...) NOT-FOR-US: Kerio MailServer CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...) NOT-FOR-US: Vz Scripts ADP Forum CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script be ...) NOT-FOR-US: manas tungare Site Membership Script CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site Members ...) NOT-FOR-US: manas tungare Site Membership Script CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic Ne ...) NOT-FOR-US: Fantastic News CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...) NOT-FOR-US: D2-Shoutbox CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 a ...) NOT-FOR-US: M-Phorum CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...) NOT-FOR-US: M-Phorum CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automaticall ...) - teg 0.11.1-3 (bug #357645; low) [sarge] - teg (Only DoS against exotic, mostly single player game) CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intr ...) NOT-FOR-US: OWL Intranet Engine CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...) - peercast 0.1217.toots.20060314-1 CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Editio ...) NOT-FOR-US: Alien Arena Gold CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in A ...) NOT-FOR-US: Alien Arena Gold CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in acebot_cmd ...) NOT-FOR-US: Alien Arena Gold CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remot ...) NOT-FOR-US: Hit Host CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 all ...) NOT-FOR-US: FTPoed Blog Engine CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows r ...) NOT-FOR-US: Ravenous Web Server CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows rem ...) - qmailadmin (bug #357896; medium) CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote at ...) NOT-FOR-US: RedBLoG CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox Copy ...) NOT-FOR-US: Xerox CopyCentre CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre a ...) NOT-FOR-US: Xerox CopyCentre CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox Wor ...) NOT-FOR-US: Xerox CopyCentre CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox Copy ...) NOT-FOR-US: Xerox CopyCentre CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 all ...) NOT-FOR-US: sBlog CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quot ...) NOT-FOR-US: CyBoards CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 all ...) NOT-FOR-US: vbzoom CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote at ...) NOT-FOR-US: vbzoom CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS ...) NOT-FOR-US: bitweaver CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows rem ...) NOT-FOR-US: EKINboard CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows re ...) NOT-FOR-US: EKINboard CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory c ...) - monotone 0.26pre1-0.1 (low) [sarge] - monotone (Only exploitable in very far-fetched situation) NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client NOTE: and massive social engineering CVE-2006-1128 (Directory traversal vulnerability in the session handling class (Galle ...) - gallery2 2.0.3 CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allo ...) - gallery2 2.0.3 CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP addres ...) - gallery2 2.0.3 CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Every ...) NOT-FOR-US: Grisoft AVG CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote at ...) NOT-FOR-US: RevilloC MailServer and Proxy CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...) NOT-FOR-US: D2KBlog CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0 ...) NOT-FOR-US: D2KBlog CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remo ...) NOT-FOR-US: CuteNews CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1. ...) NOT-FOR-US: DCP-Portal CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...) NOT-FOR-US: Cpanel (PHP) CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows remo ...) NOT-FOR-US: Aardvark CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) n ...) NOT-FOR-US: nCipher CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 t ...) NOT-FOR-US: nCipher CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/pri ...) NOT-FOR-US: nCipher CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 a ...) NOT-FOR-US: Loudblog CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 all ...) NOT-FOR-US: Loudblog CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Aztek Forum CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Aztek Forum CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows rem ...) NOT-FOR-US: Aztek Forum CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...) NOT-FOR-US: Total Ecommerce CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allow ...) NOT-FOR-US: NMDeluxe CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe befor ...) NOT-FOR-US: NMDeluxe CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and e ...) NOT-FOR-US: Pixelpost CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain con ...) NOT-FOR-US: Pixelpost CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ear ...) NOT-FOR-US: Pixelpost CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...) NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...) NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...) NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in Sauerbrate ...) NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remo ...) NOT-FOR-US: logIT CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...) NOT-FOR-US: NZ Ecommerce CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2 ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-1096 NOT-FOR-US: NZ Ecommerce CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in Mod_pyt ...) NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltl ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 a ...) NOT-FOR-US: IBM WebSphere CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process fil ...) NOT-FOR-US: Solaris CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...) NOT-FOR-US: Kaspersky Antivirus CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an unspe ...) NOT-FOR-US: PunBB CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...) NOT-FOR-US: PunBB CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potent ...) NOT-FOR-US: PHP-Stats CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...) NOT-FOR-US: PHP-Stats CVE-2006-1086 REJECTED CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...) NOT-FOR-US: PHP-Stats CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlie ...) NOT-FOR-US: PHP-Stats CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...) NOT-FOR-US: PHP-Stats CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...) NOT-FOR-US: phpArcadeScript CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan Beck ...) NOT-FOR-US: PluggedOut Nexus CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2. ...) NOT-FOR-US: Game-Panel CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products suc ...) - thttpd 2.23beta1-2.4 (bug #253816; low) NOTE: apache's htpasswd not vulnerable, but source contains note about NOTE: not being safe for sudo NOTE: filed whishlist bug to add this to manpage CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, a ...) - thttpd 2.23beta1-2.4 (bug #253816; low) NOTE: apache's htpasswd not vulnerable CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...) NOT-FOR-US: Evo-Dev evoBlog CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...) NOT-FOR-US: checkInvision Power Board CVE-2006-1075 (Format string vulnerability in the visualization function in Jason Boe ...) NOT-FOR-US: Liero Xtreme CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...) NOT-FOR-US: Liero Xtreme CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog 1.0 ...) NOT-FOR-US: Daverave Simplog CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...) NOT-FOR-US: Daverave Simplog CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1 ...) NOT-FOR-US: DVguestbook CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestboo ...) NOT-FOR-US: DVguestbook CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x be ...) NOT-FOR-US: Geeklog CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote at ...) NOT-FOR-US: VXWorks CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote attack ...) NOT-FOR-US: VXWorks CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems wi ...) {DSA-1017-1} - linux-2.6 2.6.16-1 CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1. ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...) {DSA-999-1} - lurker 2.1-1 CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote atta ...) {DSA-999-1} - lurker 2.1-1 CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier all ...) {DSA-999-1} - lurker 2.1-1 CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 a ...) - curl 7.15.3-1 [woody] - curl (Vulnerable code not present) [sarge] - curl (Vulnerable code not present) CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...) {DSA-1038-1 DSA-1037-1} - xzgv 0.8-5.1 (bug #362288; medium) - zgv 5.9-2 CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trus ...) - samba 3.0.22-1 [woody] - samba [sarge] - samba CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which mak ...) - busybox 1:1.1.3-1 (low; bug #360578) [woody] - busybox [sarge] - busybox CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local use ...) {DSA-1040-1} - gdm 2.14.4-1 CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-9 - kfreebsd-5 5.4-17 - xen-3.0 3.0.2+hg9656-1 CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...) - linux-2.6 2.6.16-6 CVE-2006-1054 REJECTED CVE-2006-1053 RESERVED CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...) {DSA-1184-2} - linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low) CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...) NOT-FOR-US: Akurru Social BookMarking Engine CVE-2006-1050 NOT-FOR-US: Kwik-Pay Payroll CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little e ...) - runit 1.4.1-1 (bug #356016; medium) [sarge] - runit CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in J ...) NOT-FOR-US: Joomla! CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access r ...) NOT-FOR-US: Joomla! CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login functionality" in ...) NOT-FOR-US: Joomla! CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial o ...) - monopd 0.9.3-2 (bug #355797; low) [sarge] - monopd (Very minor security ramifications) CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ...) {DSA-1051-1 DSA-1046-1} - thunderbird 1.5.0.2-1 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - firefox 1.5.dfsg+1.5.0.2-1 - xulrunner 1.8.0.1-9 CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSER ...) NOT-FOR-US: LISTSERV CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microso ...) NOT-FOR-US: Microsoft CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...) NOT-FOR-US: Gregarius CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...) NOT-FOR-US: Gregarius CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...) NOT-FOR-US: vBulletin CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote att ...) NOT-FOR-US: SAP CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...) NOT-FOR-US: SecureCRT CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and e ...) NOT-FOR-US: Oracle CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...) NOT-FOR-US: Oracle CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ear ...) NOT-FOR-US: Oracle CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS b ...) NOT-FOR-US: Dragonfly CMS CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...) NOT-FOR-US: phpRPC CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...) NOT-FOR-US: iGENUS Webmail CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allo ...) NOT-FOR-US: Joomla! CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in class.inputfilter.ph ...) NOT-FOR-US: Joomla! CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...) NOT-FOR-US: Joomla! CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...) NOT-FOR-US: Joomla! CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any a ...) NOT-FOR-US: JFacets CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft Stor ...) NOT-FOR-US: Addsoft StoreBot CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 P ...) NOT-FOR-US: Addsoft StoreBot CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage (SM ...) NOT-FOR-US: HP System Management CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...) NOT-FOR-US: PeHePe Uyelik Sistemi CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uye ...) NOT-FOR-US: PeHePe Uyelik Sistemi CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Foru ...) NOT-FOR-US: Johnny_Vegas Vegas Forum CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...) NOT-FOR-US: UkiBoard CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...) NOT-FOR-US: DCI-Design Dawaween CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...) NOT-FOR-US: c-client CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet Explore ...) NOT-FOR-US: Windows CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x appl ...) - php5 5.1.4-0.1 (bug #368595; unimportant) - php4 (bug #368592; unimportant) NOTE: It's the application's job to sanitize input passed to a function CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x applicatio ...) - php5 5.1.4-0.1 (bug #368595; unimportant) - php4 (bug #368592; unimportant) NOTE: It's the application's job to sanitize input passed to a function CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka S ...) NOT-FOR-US: SMartBlog CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ver ...) - wordpress 2.0.1-1 CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...) NOT-FOR-US: LetterMerger CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ol ...) {DSA-1001-1} - crossfire 1.9.0-1 CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...) NOT-FOR-US: M4 Project enigma-suite CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1 ...) NOT-FOR-US: N8cms CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remo ...) NOT-FOR-US: N8cms CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard bef ...) NOT-FOR-US: sendcard CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote attack ...) NOT-FOR-US: Parodia CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parod ...) NOT-FOR-US: Parodia CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall Ro ...) NOT-FOR-US: NETGEAR hardware issue CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of super_user ...) NOT-FOR-US: NETGEAR hardware issue CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty I ...) NOT-FOR-US: LanSuite LanParty Intranet System CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 an ...) NOT-FOR-US: Pentacle In-Out Board CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...) NOT-FOR-US: Novell CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...) NOT-FOR-US: Novell CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...) NOT-FOR-US: Novell CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5. ...) - php4 4:4.4.4-1 (bug #361853; unimportant) - php5 5.1.4-0.1 (bug #361914; unimportant) NOTE: Non-issue, explicit debug feature CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions befor ...) NOT-FOR-US: EMC Dantz Retrospect CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...) NOT-FOR-US: Sophos CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before 2. ...) NOT-FOR-US: 3Com CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 P ...) NOT-FOR-US: Novell GroupWise CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon (bp ...) NOT-FOR-US: Veritas NetBackup CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...) NOT-FOR-US: Veritas NetBackup CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in Veri ...) NOT-FOR-US: Veritas NetBackup CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) NOT-FOR-US: MS Windows issue CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when configured ...) - bind (bug #355787; unimportant) - bind9 1:9.4.0-1 (bug #356266; unimportant) NOTE: This is within the responsibilities of a local admin, especially when NOTE: operating a DNS server, affected sites can configure AllowRecursion CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain sensitiv ...) - wordpress 2.0.2-1 (bug #355055; unimportant) CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post comme ...) - wordpress 2.0.2-1 (bug #355055; medium) CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...) NOT-FOR-US: EJ3 TOPo not in debian CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...) NOT-FOR-US: QWikiWiki not in debian CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circ ...) NOT-FOR-US: McAfee Virex 7.7 for Macintosh CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier al ...) NOT-FOR-US: WinAce CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...) NOT-FOR-US: Jay Eckles CGI Calendar CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...) NOT-FOR-US: Nidelven IT Issue Dealer CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View Header ...) NOT-FOR-US: ArGoSoft Mail Server CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts a ...) NOT-FOR-US: MTS Pro CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris Her ...) NOT-FOR-US: SPiD CVE-2006-0975 REJECTED CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe b ...) NOT-FOR-US: bttlxeForum 2.0 CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State Univers ...) NOT-FOR-US: phpWebSite CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News 2 ...) NOT-FOR-US: Tony Baird Fantastic News CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...) NOT-FOR-US: DirectContact CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more Ac ...) NOT-FOR-US: ActiveCampaign products CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de P ...) NOT-FOR-US: PixelArtKingdom TopSites CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 B ...) NOT-FOR-US: NCP Network Communication Secure Client CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...) NOT-FOR-US: NCP Network Communication Secure Client CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...) NOT-FOR-US: NCP Network Communication Secure Client CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...) NOT-FOR-US: NCP Network Communication Secure Client CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...) NOT-FOR-US: NCP Network Communication Secure Client CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...) - stlport5 5.0.2-1 (bug #358471; medium) CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to exe ...) NOT-FOR-US: VuBB CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows re ...) NOT-FOR-US: Cilem Hiber CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote attacke ...) NOT-FOR-US: Compex NetPassage WPE54G router CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...) NOT-FOR-US: ZoneO-Soft freeForum CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ZoneO-So ...) NOT-FOR-US: ZoneO-Soft freeForum CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS soc ...) - nufw 1.0.23-1 (bug #358475; low) CVE-2006-0955 RESERVED CVE-2006-0954 RESERVED CVE-2006-0953 RESERVED CVE-2006-0952 RESERVED CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...) NOT-FOR-US: NOD32 CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary files ...) - unalz 0.55-1 (bug #356832; low) [sarge] - unalz (Minor issue) CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of sc ...) NOT-FOR-US: RaidenHTTPD CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other versio ...) NOT-FOR-US: AOL CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote atta ...) NOT-FOR-US: Thomson modem firmware CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...) NOT-FOR-US: Thomson modem firmware CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...) NOT-FOR-US: Archangel Weblog CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass authenticat ...) NOT-FOR-US: Archangel Weblog CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in Pws ...) NOT-FOR-US: PwsPHP CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibl ...) NOT-FOR-US: PwsPHP CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Sho ...) NOT-FOR-US: ShoutLIVE CVE-2006-0940 (Multiple direct static code injection vulnerabilities in savesettings. ...) NOT-FOR-US: ShoutLIVE CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attacker ...) NOT-FOR-US: DCI-Taskeen CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earli ...) - ezpublish CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...) {DSA-1109} - rssh 2.3.0-1.1 (bug #346322; bug #363978; low) CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allo ...) - webcheck 1.9.6 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: U.N.U. Mailgust CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...) NOT-FOR-US: Free Host Shop Website Generator CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Microsoft CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 all ...) NOT-FOR-US: webinsta Limbo CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote a ...) NOT-FOR-US: PHPX CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archiv ...) NOT-FOR-US: zip.lib.php CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...) - php5 (bug #368545; unimportant) - php4 (bug #368545; unimportant) NOTE: is this really a vulnerability in pear? it seems it should be a bug NOTE: in any application not checking for such archives. NOTE: Lack of a security feature is not a vulnerability CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server P ...) NOT-FOR-US: ArgoSoft Mail Server CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...) NOT-FOR-US: ArgoSoft Mail Server CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attacker ...) NOT-FOR-US: ArgoSoft Mail Server CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS- ...) NOT-FOR-US: Woltlab Burning Board CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt Standar ...) NOT-FOR-US: StuffIt CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8 ...) NOT-FOR-US: Alt-N MDaemon CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allow ...) NOT-FOR-US: iCal CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...) NOT-FOR-US: MyPHPNuke CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...) NOT-FOR-US: CubeCart CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in FCKed ...) - knowledgeroot (fixed before first upload; see bug #381912) CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP pas ...) NOT-FOR-US: Oi! Email Marketing System CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! E ...) NOT-FOR-US: Oi! Email Marketing System CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...) NOT-FOR-US: The Bat! CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, aut ...) NOT-FOR-US: Melange Chat Server CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences i ...) - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the (1 ...) - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly hand ...) - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...) - bugzilla 2.20.1-1 (bug #354457; high) [woody] - bugzilla (Only 2.17 and above are affected) [sarge] - bugzilla (Only 2.17 and above are affected) CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Oreka CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote atta ...) NOT-FOR-US: WhatsUp Professional CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers t ...) NOT-FOR-US: Invision Power Board CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers t ...) NOT-FOR-US: Invision Power Board CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injecti ...) NOT-FOR-US: PHP-Nuke CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...) NOT-FOR-US: PHP-Nuke CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...) NOT-FOR-US: D3Jeeb Pro CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1 ...) - kfreebsd-5 5.4-16 CVE-2006-0904 REJECTED CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging mechanis ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163) CVE-2006-0902 RESERVED CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...) NOT-FOR-US: Solaris CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial o ...) - kfreebsd-5 5.4-15 CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ea ...) NOT-FOR-US: 4Images CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode ...) {DSA-996-1} - libcrypt-cbc-perl 2.17-1 CVE-2006-0897 NOT-FOR-US: VCS Virtual Program Management Intranet CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in Si ...) NOT-FOR-US: Simple Machine Forum CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation pa ...) NOT-FOR-US: NOCC Webmail CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1. ...) NOT-FOR-US: NOCC Webmail CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: NOCC Webmail CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with pre ...) NOT-FOR-US: NOCC Webmail CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...) NOT-FOR-US: NOCC Webmail CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...) NOT-FOR-US: SpeedProject Squeez CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remo ...) NOT-FOR-US: Calcium CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...) NOT-FOR-US: Invision Power Board CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library (PHPL ...) NOT-FOR-US: PHPLIB CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ma ...) NOT-FOR-US: DEV web management system CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...) NOT-FOR-US: CuteNews CVE-2006-0884 (The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ...) {DSA-1051-1 DSA-1046-1} [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 - firefox 1.5.dfsg+1.5.0.2-1 - xulrunner 1.8.0.1-9 - mozilla 2:1.7.13-0.1 CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not prope ...) - openssh 1:3.8.1p1-4 [woody] - openssh CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...) NOT-FOR-US: Noah's Classifieds CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...) NOT-FOR-US: Noah's Classifieds CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in No ...) NOT-FOR-US: Noah's Classifieds CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds 1 ...) NOT-FOR-US: Noah's Classifieds CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the installat ...) NOT-FOR-US: Noah's Classifieds CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote att ...) NOT-FOR-US: Easy Forum CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ser ...) {DSA-1061-1} - popfile 0.22.4-1 (bug #354464; medium) CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 all ...) NOT-FOR-US: runCMS CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerc ...) NOT-FOR-US: Intensive Point iUser Ecommerce CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in Coppermi ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in Mamb ...) - mambo 4.5.3h-1 (bug #354468) NOTE: only in experimental CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...) NOT-FOR-US: Mini-Nuke CMS CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in live ...) NOT-FOR-US: PHP PEAR LiveUser CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth Con ...) - php-auth 1.2.4-0.1 (bug #354474) CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...) NOT-FOR-US: WebDrive CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute forc ...) NOT-FOR-US: PunBB CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: PunBB CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cook ...) NOT-FOR-US: Global Hauri ViRobot CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attacker ...) NOT-FOR-US: InfoVista PortalSE CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Sol ...) NOT-FOR-US: InfoVista PortalSE CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows rem ...) NOT-FOR-US: Michael Salzer Guestbox CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...) NOT-FOR-US: Michael Salzer Guestbox CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows rem ...) NOT-FOR-US: Michael Salzer Guestbox CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...) NOT-FOR-US: StarForce Safe'n'Sec Personal CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...) NOT-FOR-US: e107 CMS Chatbox plugin CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...) NOT-FOR-US: SmE GB Host CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...) {DSA-991-1} - zoo 2.10-17 (bug #354461) CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive Poi ...) NOT-FOR-US: Intensive Point iUser Ecommerce CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA ...) NOT-FOR-US: TrueNorth Internet Anywhere CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook 1.2 ...) NOT-FOR-US: Admbook CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and ...) NOT-FOR-US: ilchClan CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ilch ...) NOT-FOR-US: ilchClan CVE-2006-0849 RESERVED CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple Ma ...) NOT-FOR-US: Apple Safari CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in Che ...) - cherrypy2.1 2.1.1-1 (bug #353542) - python-cherrypy 2.1.1-1 (bug #354479) CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright' ...) NOT-FOR-US: Leif M. Wright's Blog CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with admin ...) NOT-FOR-US: Leif M. Wright's Blog CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when aut ...) NOT-FOR-US: Leif M. Wright's Blog CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files u ...) NOT-FOR-US: Leif M. Wright's Blog CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) NOT-FOR-US: Calacode @Mail CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...) {DSA-1133-1} - mantis 0.19.4-3.1 (bug #378353) CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly h ...) {DSA-944-1} - mantis 1.0 NOTE: This was actually fixed upstream in Mantis 1.0.0rc5, NOTE: which was never uploaded. CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly rea ...) - snort (frag3 is only in 2.4, currently there is 2.3.3 in sid) CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwo ...) NOT-FOR-US: Tivoli CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable perm ...) NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an uns ...) NOTE: Denial of service by tricking someone into importing a manipulated LDIF file NOTE: That's a bug, but calling it a security problem is very far-fetched CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar P ...) NOT-FOR-US: MitriDAT Web Calendar CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ad ...) NOT-FOR-US: Uniden UIP1868P VoIP Telephone CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Direc ...) NOT-FOR-US: Barracuda Directory CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...) NOT-FOR-US: WPC.easy CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) NOT-FOR-US: Tasarim Rehberi CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to c ...) NOT-FOR-US: Microsoft CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remot ...) NOT-FOR-US: E-Blah Platinum CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer W ...) NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and Micr ...) NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer W ...) NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and Mi ...) NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4. ...) NOT-FOR-US: Geeklog CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr ...) NOT-FOR-US: Geeklog CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...) NOT-FOR-US: EmuLinker Kaillera Server CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote a ...) NOT-FOR-US: BXCP CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 al ...) NOT-FOR-US: Dwarf HTTP Server CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source c ...) NOT-FOR-US: Dwarf HTTP Server CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Serv ...) NOT-FOR-US: MERAK Mail Server and VisNetic MailServer CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail Serv ...) NOT-FOR-US: MERAK Mail Server and VisNetic MailServer CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...) NOT-FOR-US: Orion Application Server CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...) NOT-FOR-US: NetworkActiv Web Server CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...) NOT-FOR-US: Lighttpd under windows CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted attacke ...) NOT-FOR-US: WinACE CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4 ...) NOT-FOR-US: WinACE VisNetic AntiVirus CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...) NOT-FOR-US: Skate Board CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows remo ...) NOT-FOR-US: Skate Board CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...) NOT-FOR-US: Skate Board CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service (message ...) NOT-FOR-US: MUTE CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word Proces ...) NOT-FOR-US: NJStar CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...) {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (bug #358872; medium) - moodle 1.6.1+20060825-1 (bug #360396; medium) - cacti 0.8.6d-1 (medium) NOTE: according to maintainer, "Moodle neither uses nor plans to use NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for NOTE: it anyway, just in case somebody decides to use it out of the blue CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed chall ...) NOT-FOR-US: php-Nuke CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to exe ...) - tin 1:1.8.2-1 [sarge] - tin (Vulnerable code not present) CVE-2006-0803 (The signature verification functionality in the YaST Online Update (YO ...) NOT-FOR-US: YaSt Online Update CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module fo ...) NOT-FOR-US: PostNuke CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke 0. ...) NOT-FOR-US: PostNuke CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote at ...) NOT-FOR-US: PostNuke CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a legitim ...) NOT-FOR-US: Microsoft CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in Ma ...) NOT-FOR-US: Macallan Mail Solution CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Nokia cell phone CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...) NOT-FOR-US: Clever Copy CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 a ...) NOT-FOR-US: Quirex CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the inst ...) NOT-FOR-US: V-webmail CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phi ...) NOT-FOR-US: V-webmail CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php i ...) NOT-FOR-US: V-webmail CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost Host ...) NOT-FOR-US: DreamCost HostAdmin CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Rockliffe MailSite CVE-2006-0789 (Certain unspecified Kyocera printers have a default "admin" account wi ...) NOT-FOR-US: Kyocera printers CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows remo ...) NOT-FOR-US: Kyocera printers CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earl ...) NOT-FOR-US: Plaino Wimpy CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Rele ...) NOT-FOR-US: PHPKIT CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 R ...) NOT-FOR-US: PHPKIT CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...) NOT-FOR-US: D-Link hardware CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe B ...) NOT-FOR-US: Siteframe Beaumont CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier a ...) NOT-FOR-US: PerlBlog CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and e ...) NOT-FOR-US: PerlBlog CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in Pe ...) NOT-FOR-US: PerlBlog CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9. ...) NOT-FOR-US: XMB Forums CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...) NOT-FOR-US: XMB Forums CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 al ...) NOT-FOR-US: Teca Scripts Guestex CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...) NOT-FOR-US: Teca Scripts Guestex CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 all ...) NOT-FOR-US: BirthSys CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...) NOT-FOR-US: DB_eSession CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - C ...) NOT-FOR-US: Hitachi Business Logic CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container 02-0 ...) NOT-FOR-US: Hitachi Business Logic CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used b ...) NOT-FOR-US: PunkBuster CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletin ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local user ...) NOT-FOR-US: Solaris CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service (appli ...) NOT-FOR-US: Kadu CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive inform ...) - cgiwrap 3.9-3.1 [sarge] - cgiwrap (Only leaks information about the existance of users on a system) CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, an ...) NOT-FOR-US: ICQ CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...) NOT-FOR-US: ICQ CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...) NOT-FOR-US: Cisco CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cP ...) NOT-FOR-US: cPanel (not the same as in the cpanel package) CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized a ...) NOT-FOR-US: WinAbility Folder Guard CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...) NOT-FOR-US: BlackBerry CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...) NOT-FOR-US: LightTPD on windows CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier all ...) NOT-FOR-US: HiveMail CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 an ...) NOT-FOR-US: HiveMail CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier al ...) NOT-FOR-US: HiveMail CVE-2006-0756 (** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and ...) NOT-FOR-US: dotProject CVE-2006-0755 (** DISPUTED ** Multiple PHP remote file include vulnerabilities in dot ...) NOT-FOR-US: dotProject CVE-2006-0754 (** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to ...) NOT-FOR-US: dotProject CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pa ...) NOT-FOR-US: Microsoft CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fr ...) - honeyd 1.5a-1 (bug #353064; low) [sarge] - honeyd (Too insignificant) CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in USErspac ...) NOT-FOR-US: Network Object Oriented File System (NOOFS) CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) Ar ...) NOT-FOR-US: supersmashbrothers CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2 (low) - mozilla-firefox 1.5.dfsg+1.5.0.2 (low) - mozilla 2:1.7.13-0.1 (low) - thunderbird 1.5.0.2-1 (low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla 2:1.7.13-0.1 (high) - thunderbird 1.5.0.2-1 (high) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high) - xulrunner 1.8.0.1-9 CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ca ...) {DSA-1095-1} - freetype 2.2.1-1 (medium) CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...) {DSA-1008-1} - kdegraphics 4:3.5.0-3 NOTE: Only affected the 3.3.2 KDE backport CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ina ...) - xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium) - xorg-server 1:1.0.2-1 (bug #378465; medium) - xfree86 CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical retu ...) {DSA-1103} - linux-2.6 2.6.16-7 CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net 1 ...) NOT-FOR-US: Log4Net CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ke ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.15-8 CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.15-8 CVE-2006-0740 RESERVED CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of serv ...) NOT-FOR-US: eStara SIP softphone CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow r ...) NOT-FOR-US: eStara SIP softphone CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of serv ...) NOT-FOR-US: eStara SIP softphone CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication modul ...) NOT-FOR-US: pam_micasa / Novell CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick 6 ...) {DSA-1168-1} - imagemagick 6:6.2.4.5-0.6 (bug #345595) CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML: ...) NOT-FOR-US: My Blog CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...) NOT-FOR-US: Half-Life CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2 ...) - wordpress (unimportant) CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 a ...) NOT-FOR-US: SAP Business Connector CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earl ...) NOT-FOR-US: SAP Business Connector CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...) - dovecot 1.0.beta3-1 (bug #353341; medium) [sarge] - dovecot (Vulnerable code was introduced in 1.0beta1) CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allo ...) NOT-FOR-US: Teca Diary CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and earl ...) NOT-FOR-US: webSPELL CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFM ...) NOT-FOR-US: MusOX DF CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dr ...) NOT-FOR-US: CPG-Nuke CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1. ...) NOT-FOR-US: Plume CMS CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registe ...) NOT-FOR-US: Reamday Enterprises Magic News Lite CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday Ente ...) NOT-FOR-US: Reamday Enterprises Magic News Lite CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when regist ...) NOT-FOR-US: Reamday Enterprises Magic News Lite CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allow ...) NOT-FOR-US: RunCMS CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows us ...) NOT-FOR-US: Winamp CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds 6.1 ...) NOT-FOR-US: PHP Classifieds CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VS ...) NOT-FOR-US: Avaya VSU CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a den ...) NOT-FOR-US: Tivoli CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote at ...) NOT-FOR-US: sNews CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote at ...) NOT-FOR-US: sNews CVE-2006-0714 (Directory traversal vulnerability in the installation file (sql/instal ...) - flyspray (Vulnerable code not included in Debian) CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote attacker ...) NOT-FOR-US: LinPHA CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly va ...) NOT-FOR-US: Squishdot CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl i ...) NOT-FOR-US: NeoMail CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 a ...) NOT-FOR-US: Isode M-Vault CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...) {DSA-995-1} - metamail 2.7-51 (bug #352482; bug #353539) CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow re ...) NOT-FOR-US: Winamp CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows rem ...) - pyblosxom 1.3.2-1 (high) [sarge] - pyblosxom (Vulnerable path handling code not present) CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch (G ...) NOT-FOR-US: Gaestebuch CVE-2006-0705 (Format string vulnerability in a logging function as used by various S ...) NOT-FOR-US: Proprietary SFTP servers CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error pag ...) NOT-FOR-US: iE Integrator CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown im ...) NOT-FOR-US: imageVue CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ar ...) NOT-FOR-US: imageVue CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list direct ...) NOT-FOR-US: imageVue CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission sett ...) NOT-FOR-US: imageVue CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1. ...) NOT-FOR-US: QWikiWiki CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote atta ...) NOT-FOR-US: Zen Cart CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, w ...) NOT-FOR-US: Zen Cart CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote att ...) NOT-FOR-US: Zen Cart CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which a ...) NOT-FOR-US: Ansilove CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove befo ...) NOT-FOR-US: Ansilove CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...) NOT-FOR-US: Roberto Butti CALimba CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Times ...) NOT-FOR-US: Carey Briggs Timesheet CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that th ...) NOT-FOR-US: TTS Time Tracking Software CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3 ...) NOT-FOR-US: TTS Time Tracking Software CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in T ...) NOT-FOR-US: TTS Time Tracking Software CVE-2006-0688 (PHP remote file include vulnerability in application.php in nicecoder. ...) NOT-FOR-US: nicecoder.com indexu CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo vari ...) NOT-FOR-US: DocMGR CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earl ...) NOT-FOR-US: Virtual Hosting Control System CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control Syste ...) NOT-FOR-US: Virtual Hosting Control System CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 a ...) NOT-FOR-US: Virtual Hosting Control System CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control Sy ...) NOT-FOR-US: Virtual Hosting Control System CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...) NOT-FOR-US: e107 CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...) NOT-FOR-US: powerd NOTE: powerd supposedly normally comes with sysvinit, but not in debian CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote a ...) NOT-FOR-US: WebGUI CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...) NOT-FOR-US: PHP-Nuke CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0. ...) NOTE: Only vulnerable when compiled with asserts - postgresql (unimportant) - postgresql-8.0 8.0.7-1 (unimportant) - postgresql-8.1 8.1.3-1 (unimportant) CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows re ...) {DSA-977-1} - heimdal 0.7.2-1 CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...) NOT-FOR-US: PHP-Nuke CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5. ...) NOT-FOR-US: SiteFrame CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L ...) NOT-FOR-US: IBM AIX CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic Calen ...) NOT-FOR-US: Magic Calendar Lite CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0 ...) NOT-FOR-US: HP PSC 1210 All-in-One printer CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ph ...) NOT-FOR-US: Sony Ericsson CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...) {DSA-990-1} - bluez-hcidump 1.30-1 (bug #351881; medium) CVE-2006-0669 NOT-FOR-US: Forum Light CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...) NOT-FOR-US: PwsPHP CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary fi ...) NOT-FOR-US: AIX CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels i ...) NOT-FOR-US: AIX CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) manage_proj_c ...) {DSA-1133-1} - mantis 0.19.4-3 [woody] - mantis (Complete rewrite in 0.19) CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...) {DSA-1133-1} - mantis 0.19.4-3 [woody] - mantis (Complete rewrite in 0.19) CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iN ...) NOT-FOR-US: Lotus Domino CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...) NOT-FOR-US: Lotus Domino CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...) NOT-FOR-US: SmE GB Host CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earl ...) NOT-FOR-US: FarsiNews CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ear ...) NOT-FOR-US: Runcms CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 a ...) - knowledgeroot (fixed before first upload; see bug #381912) - moin 1.5.8-4.1 [etch] - moin (Vulnerable php code not present) - karrigell (Vulnerable php code not present) CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Cale ...) NOT-FOR-US: Softcomplex CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 th ...) NOT-FOR-US: HP CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited ...) NOT-FOR-US: Hinton Design phpht Topsites CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate passwo ...) NOT-FOR-US: Hinton Design phpht Topsites CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...) NOT-FOR-US: Hinton Design phpht Topsites CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions t ...) NOT-FOR-US: WHMCompleteSolution CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote attack ...) NOT-FOR-US: vwdev CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPA ...) NOT-FOR-US: CPAINT CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...) NOT-FOR-US: DataparkSearch CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2 ...) NOT-FOR-US: PHP iCalendar CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...) NOT-FOR-US: Sun Java System Directory Server CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstance ...) - binutils (SuSE specific vulnerability) CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2 ...) {DSA-986-1 DSA-985-1} - libtasn1-2 (bug #352182; bug #365234) NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change - libtasn1-3 0.3.4-1 - gnutls13 1.3.5-1 - gnutls12 1.2.11-1 - gnutls11 CVE-2006-XXXX [dpkg-sig: insecure temp file bug] - dpkg-sig 0.13 (bug #352723; low) [sarge] - dpkg-sig (Only affected in debug mode) CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ins ...) - pioneers 0.9.55-1 (bug #351986; medium) [sarge] - gnocatan (Not exploitable in Sarge per maintainer) CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in CPG-Nuk ...) NOT-FOR-US: CPG-Nuke Dragonfly CMS CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Confere ...) NOT-FOR-US: WiredRed e/pop Web Conferencing CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Secur ...) NOT-FOR-US: Trend Micro CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...) NOT-FOR-US: Orbicule Undercover CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to d ...) NOT-FOR-US: Orbicule Undercover CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka My ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinB ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows re ...) NOT-FOR-US: QUALCOMM Eudora WorldMail CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...) NOT-FOR-US: eyeOS CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(i ...) - tcc 0.9.24~cvs20070502-1 (bug #352202; low) [sarge] - tcc (Only incorrect code gen, hardly any production use) [etch] - tcc (Documented as insecure; only incorrect code gen, hardly any production use) CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent ...) NOT-FOR-US: Borland C++Builder CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board (IP ...) NOT-FOR-US: Invision Power Board CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently rando ...) - phpbb2 2.0.20 (low) [sarge] - phpbb2 (Minor issue) NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against NOTE: brute-force password guessing and as password seeding is based on milliseconds NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts NOTE: instead of a million NOTE: Fixed in 2.0.20 CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailbac ...) NOT-FOR-US: Erik C. Thauvin mailback CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers fr ...) NOT-FOR-US: The Bat! CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allo ...) NOT-FOR-US: AIM CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute a ...) NOT-FOR-US: Dale Ray MyQuiz CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...) NOT-FOR-US: Clever Copy CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...) NOT-FOR-US: Whomp Real Estate Manager CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable p ...) NOT-FOR-US: QNX CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of servic ...) NOT-FOR-US: QNX CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...) NOT-FOR-US: QNX CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...) NOT-FOR-US: QNX CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...) NOT-FOR-US: QNX CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 a ...) NOT-FOR-US: QNX CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Updat ...) NOT-FOR-US: Sun Java CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ear ...) NOT-FOR-US: Sun Java CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Updat ...) NOT-FOR-US: Sun Java CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ear ...) NOT-FOR-US: Sun Java CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...) NOT-FOR-US: Sun Java CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain privilege ...) - powersave 0.11.2-1 CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and earli ...) NOT-FOR-US: @Mail CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...) NOT-FOR-US: 2200net Calender system CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design p ...) NOT-FOR-US: Hinton Design phphd CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allo ...) NOT-FOR-US: Hinton Design phphd CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when cer ...) NOT-FOR-US: Hinton Design phphd CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allo ...) NOT-FOR-US: Unknown Domain Shoutbox CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...) NOT-FOR-US: Unknown Domain Shoutbox CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...) NOT-FOR-US: Hinton Design phphd CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...) NOT-FOR-US: Hinton Design phphd CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg Guestboo ...) NOT-FOR-US: Hinton Design phphd CVE-2006-0601 RESERVED CVE-2006-0596 RESERVED CVE-2006-0595 RESERVED CVE-2006-0594 RESERVED CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attacke ...) {DSA-967-1} - elog 2.6.1+r1642-1 CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...) {DSA-967-1} - elog 2.6.1+r1642-1 CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...) {DSA-967-1} - elog 2.6.1+r1642-1 CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...) {DSA-967-1} - elog 2.6.1+r1642-1 CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...) NOT-FOR-US: PHP-Fusion CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...) NOT-FOR-US: Lexmark Printer CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and Free ...) NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...) NOT-FOR-US: MyTopix CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...) NOT-FOR-US: MyTopix CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remo ...) NOT-FOR-US: MyTopix CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allo ...) - gallery 1.5.2-pl2-1 CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before ...) NOT-FOR-US: Oracle CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows ...) NOT-FOR-US: Microsoft CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 wit ...) NOT-FOR-US: PeopleSoft People Tools CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...) NOT-FOR-US: Clever Copy CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0. ...) {DSA-977-1} - heimdal 0.7.2-1 CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allow ...) NOT-FOR-US: Hosting Controller CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Lotus Domino CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in dem ...) - mplayer (fixed before first upload; 1.0pre7try3) NOTE: code not in ffmpeg and xine-lib CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CO ...) NOT-FOR-US: Blue Coat Proxy Security Gateway OS CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...) NOT-FOR-US: Lexmark printer CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...) - oprofile 0.9.1-9 (bug #352910; low) [sarge] - oprofile (requires sudo access to be vulnerable) CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to c ...) - fcron (Not included in Debian package) CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...) NOT-FOR-US: cPanel CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ear ...) NOT-FOR-US: cPanel CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to identif ...) NOT-FOR-US: phpstatus CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 a ...) NOT-FOR-US: phpstatus CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magi ...) NOT-FOR-US: phpstatus CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2. ...) NOT-FOR-US: Papoo CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze all ...) NOT-FOR-US: Outblaze CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...) NOT-FOR-US: Xaraya CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...) NOT-FOR-US: Communigate Pro CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in L ...) NOT-FOR-US: LoudBlog CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702. ...) NOT-FOR-US: Microsoft CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allo ...) NOT-FOR-US: PluggedOut Blog CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...) NOT-FOR-US: PluggedOut Blog CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ad ...) NOT-FOR-US: Cisco CVE-2006-0560 REJECTED CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield 4. ...) NOT-FOR-US: McAfee WebShield CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...) {DSA-1103} - linux-2.6 2.6.16-1 (bug #365375; low) CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not s ...) {DSA-1103} - linux-2.6 2.6.15-8 CVE-2006-0556 REJECTED CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...) {DSA-1103} - linux-2.6 2.6.15-8 CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitiv ...) {DSA-1103} - linux-2.6 2.6.15-8 CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...) - postgresql-8.1 8.1.3-1 CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle Data ...) NOT-FOR-US: Oracle CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle Da ...) NOT-FOR-US: Oracle CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow re ...) NOT-FOR-US: Oracle CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in O ...) NOT-FOR-US: Oracle CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ex ...) NOT-FOR-US: Oracle CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application availa ...) NOT-FOR-US: Strange app at www.egeinternet.com CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...) NOT-FOR-US: UBB.threads CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...) NOT-FOR-US: Microsoft CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...) NOT-FOR-US: Cerulean Trillian CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb Guest ...) NOT-FOR-US: NukedWeb CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...) NOT-FOR-US: Tachyon Vanilla Guestbook CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1. ...) NOT-FOR-US: Tachyon Vanilla Guestbook CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...) - fcron (Vulnerable app in the Debian package, not setuid anyway) CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ena ...) NOT-FOR-US: IronMail CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange ...) NOT-FOR-US: eXchange POP3 CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...) NOT-FOR-US: NeoMail CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community Serve ...) NOT-FOR-US: Community Server CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: CyberShop Ultimate E-commerce CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...) NOT-FOR-US: cPanel NOTE: Not Debian's cpanel CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...) NOT-FOR-US: SoftMaker Shop CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...) NOT-FOR-US: Sun Java System Access Manager CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Buil ...) NOT-FOR-US: CA Message Queuing NOTE: CA Message Queuing is embeded in a lot of products, but they all seem NOTE: to be commercial products (see list in referenced URL) CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Buil ...) NOT-FOR-US: CA Message Queuing NOTE: CA Message Queuing is embeded in a lot of products, but they all seem NOTE: to be commercial products (see list in referenced URL) CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...) - evolution 2.2.3-4 (low) [sarge] - evolution (Vulnerability was apparantly introduced in 2.3.1) [woody] - evolution (Vulnerability was apparantly introduced in 2.3.1) CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allo ...) - bind 1:8.4.7-1 (low) [sarge] - bind (Architectual limitatiom, upgrade to BIND 9 as a a fix) NOTE: BIND 8 is unsuitable for forwarder use because of its NOTE: architecture. Upgrade to BIND 9 as a fix. NOTE: This was fixed in sid by documenting it as an unfixable design limitation CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...) NOT-FOR-US: AOL CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...) NOT-FOR-US: Windows issue CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashau ...) NOT-FOR-US: Derek Ashauer ashnews CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows r ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...) NOT-FOR-US: Symantec Sygate Management Server CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...) NOT-FOR-US: Browser CRM CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 fo ...) NOT-FOR-US: Invision Power Board CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows rem ...) - spip 2.0.6-1 (medium; bug #351336) CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...) - spip 2.0.6-1 (medium; bug #351335) CVE-2006-0517 (Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_f ...) - spip 2.0.6-1 (medium; bug #351334) CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ...) - spip 2.0.6-1 (medium; bug #352076) NOTE: http://www.securityfocus.com/bid/16556 CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...) - spip 2.0.6-1 (medium; bug #352077) NOTE: http://www.securityfocus.com/bid/16551 CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 bi ...) NOT-FOR-US: Solaris CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x b ...) NOT-FOR-US: Cisco CVE-2006-0514 RESERVED CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server P ...) NOT-FOR-US: Tivoli CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which allow ...) {DSA-1187-1} - migrationtools 46-2.1 (bug #338920; medium) CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not prop ...) NOT-FOR-US: Blackboard Academic Suite CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allow ...) NOT-FOR-US: Daffodil CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...) NOT-FOR-US: Cerberus Helpdesk CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...) NOT-FOR-US: Easy CMS CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...) NOT-FOR-US: Easy CMS CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1. ...) NOT-FOR-US: Nuked-klaN CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to c ...) NOT-FOR-US: Zbattle CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...) NOT-FOR-US: MailEnable Enterprise Edition CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows rem ...) NOT-FOR-US: MailEnable Professional Edition CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2 ...) NOT-FOR-US: FarsiNews CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...) NOT-FOR-US: MyCo Guestbook CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document r ...) NOT-FOR-US: MyCo Guestbook CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 m ...) NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package) CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) NOT-FOR-US: PHP GEN CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow rem ...) NOT-FOR-US: PHP GEN CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibl ...) - iceweasel 3.0-1 (unimportant; bug #349339) - mozilla-firefox (unimportant; bug #349339) - iceape (unimportant) - xulrunner (unimportant) NOTE: This is not a direct vulnerability, but rather the lack of protection NOTE: for shooting into own's own foot, so we should treat it as a security NOTE: enhancement bug and not as a vulnerability. CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to Favorite ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 a ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Min ...) NOT-FOR-US: MG2 CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote atta ...) NOT-FOR-US: Calendarix CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...) NOT-FOR-US: SZUserMgnt CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...) NOT-FOR-US: ASPThai Forums CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6 ...) NOT-FOR-US: mIRC CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS applica ...) NOT-FOR-US: Microsoft CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email Fire ...) NOT-FOR-US: Tumbleweed MailGate Email Firewall CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance rele ...) NOT-FOR-US: IOS CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S bef ...) NOT-FOR-US: IOS CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE CONTR ...) NOT-FOR-US: FACE CONTROL product CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7 ...) NOT-FOR-US: Cisco CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures ...) {DSA-1017-1} - linux-2.6 2.6.15-4 CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng 1.2 ...) - libpng 1.2.8rel-3 (bug #352902; bug #352918) [sarge] - libpng (Only 1.2.7 affected) [woody] - libpng (Only 1.2.7 affected) [sarge] - libpng3 1.2.8rel-1 CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in sPa ...) NOT-FOR-US: sPaiz-Nuke CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allow ...) NOT-FOR-US: PmWiki CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...) NOT-FOR-US: CRE Loaded CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remot ...) - git-core 1.1.5-1 (bug #350274) CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to exe ...) NOT-FOR-US: Winamp CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows remo ...) NOT-FOR-US: PHP-Ping CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...) NOT-FOR-US: Shareaza CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in web ...) NOT-FOR-US: My little homepage CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...) NOT-FOR-US: My little homepage CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in fun ...) NOT-FOR-US: My little homepage CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBo ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possib ...) NOT-FOR-US: uebimiau NOTE: this had an ITP back in 2002, but it never was done (bug #164116) CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ca ...) NOT-FOR-US: CommuniGate Pro CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.4 ...) {DSA-964-1} [woody] - gnocatan 0.6.1-5woody3 [sarge] - gnocatan 0.8.1.59-1sarge1 - pioneers 0.9.49-1 (bug #350237; medium) CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Con ...) NOT-FOR-US: Goldstag Content Management System CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in a ...) NOT-FOR-US: active121 Site Manager CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent Man ...) NOT-FOR-US: IdeoContent Manager CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...) NOT-FOR-US: IdeoContent Manager CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09 ...) NOT-FOR-US: AndoNET Blog CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in Expressi ...) NOT-FOR-US: ExpressionEngine CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...) {DSA-997-1} - bomberclone 0.11.6.2-1 CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generat ...) {DSA-1020-1} - flex 2.5.33-1 CVE-2006-0458 (The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu ...) - irssi-text (Only 0.8.10rc versions are affected) CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl fun ...) - linux-2.6 2.6.15-6 CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 c ...) {DSA-1103} - linux-2.6 2.6.16-1 CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature verifica ...) {DSA-978-1} - gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium) - gnupg2 (Vulnerable code not activated) CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICM ...) - linux-2.6 2.6.15-5 [sarge] - kernel-source-2.6.8 [sarge] - kernel-source-2.4.27 CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote attacke ...) NOT-FOR-US: Fedora Directory Server CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allow ...) NOT-FOR-US: Fedora Directory Server CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...) NOT-FOR-US: Fedora Directory Server CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...) - phpbb2 (unimportant) NOTE: As discussed with the phpbb maintainers; this is only a lack of feature NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for NOTE: a certain time frame), but not a directly fixable security problem CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail 4.0 ...) NOT-FOR-US: E-Post Mail / SPA-PRO Mail CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...) NOT-FOR-US: E-Post Mail / SPA-PRO Mail CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...) NOT-FOR-US: E-Post Mail / SPA-PRO Mail CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...) NOT-FOR-US: WeBWorK CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users t ...) NOT-FOR-US: Phpclanwebsite CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1 ...) NOT-FOR-US: Phpclanwebsite CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...) NOT-FOR-US: CheesyBlog CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in M ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote att ...) NOT-FOR-US: Sami FTP Server CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload fi ...) NOT-FOR-US: Text Rider CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the w ...) NOT-FOR-US: Text Rider CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...) - phpbb2 (unimportant) NOTE: No real world risk according to maintainer CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...) - phpbb2 (unimportant) NOTE: Intended behaviour according to maintainer CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 al ...) NOT-FOR-US: HP-UX CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Databas ...) NOT-FOR-US: Oracle CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows r ...) NOT-FOR-US: phpXplorer CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not prope ...) - kfreebsd-5 5.4-13 CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: BEA WebLogic CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: BEA WebLogic CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express 9.0 ...) NOT-FOR-US: BEA WebLogic CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security provi ...) NOT-FOR-US: BEA WebLogic CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, ...) NOT-FOR-US: BEA WebLogic CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: BEA WebLogic CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configu ...) NOT-FOR-US: BEA WebLogic CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain ...) NOT-FOR-US: BEA WebLogic CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) NOT-FOR-US: BEA WebLogic CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS ...) NOT-FOR-US: BEA WebLogic CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLog ...) NOT-FOR-US: BEA WebLogic CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when ...) NOT-FOR-US: BEA WebLogic CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 throu ...) NOT-FOR-US: BEA WebLogic CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allo ...) NOT-FOR-US: 123 Flash Chat Server CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and earlie ...) NOT-FOR-US: miniBloggie CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass authent ...) NOT-FOR-US: SleeperChat CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0 ...) NOT-FOR-US: SleeperChat CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden service ...) - tor 0.1.1.11-alpha-1 (bug #349283) CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow r ...) NOT-FOR-US: NewsPHP CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ex ...) NOT-FOR-US: CyberShop CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session coo ...) NOT-FOR-US: Claroline CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQ ...) {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (bug #349985; medium) - moodle 1.6-1 (bug #360395; medium) - cacti 0.8.6d-1 (medium) CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Pho ...) NOT-FOR-US: Pixelpost Photoblog CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...) NOT-FOR-US: Sun Grid Engine CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Bo ...) NOT-FOR-US: AZ Bulletin Board CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allo ...) - tiff 3.8.0-2 (bug #350715) - tiff3 (fixed prior to initial upload) [sarge] - tiff (Vulnerability was introduced later) [woody] - tiff (Vulnerability was introduced later) CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document roo ...) NOT-FOR-US: Note-A-Day Weblog CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote at ...) NOT-FOR-US: e-moBLOG CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote attac ...) {DSA-989-1} - zoph 0.5-1 (bug #350717) CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on a ...) NOT-FOR-US: Apple CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...) NOT-FOR-US: Apple CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) NOT-FOR-US: Apple CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) NOT-FOR-US: Apple CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...) NOT-FOR-US: Apple CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patc ...) NOT-FOR-US: Apple CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly rec ...) NOT-FOR-US: Apple CVE-2006-0394 REJECTED CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a de ...) NOT-FOR-US: Apple CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attacker ...) NOT-FOR-US: Apple CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X 10. ...) NOT-FOR-US: Apple CVE-2006-0390 REJECTED CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) i ...) NOT-FOR-US: Apple CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows re ...) NOT-FOR-US: Apple CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...) NOT-FOR-US: Apple CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...) NOT-FOR-US: Apple CVE-2006-0385 RESERVED CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...) NOT-FOR-US: Apple CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allo ...) NOT-FOR-US: Apple CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of serv ...) NOT-FOR-US: Apple CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...) - kfreebsd-5 5.4-14 CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel t ...) NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5 CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buf ...) NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allo ...) NOT-FOR-US: Netrix X-Site Manager CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows rem ...) {DSA-988-1} - squirrelmail 2:1.4.6-1 (bug #354063; bug #355424) CVE-2006-0376 (The 802.11 wireless client in certain operating systems including Wind ...) NOT-FOR-US: Windows CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 runni ...) NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 runni ...) NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran Fo ...) NOT-FOR-US: Douran FollowWeb CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...) NOT-FOR-US: Insane Visions BlogPHP CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...) NOT-FOR-US: Noah Medling RCBlog CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...) NOT-FOR-US: Noah Medling RCBlog CVE-2006-0369 - mysql-dfsg-4.1 (unimportant) NOTE: This isn't a security hole, it's expected behaviour CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4. ...) NOT-FOR-US: Cisco CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 be ...) NOT-FOR-US: Cisco CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) a ...) NOT-FOR-US: Phpclanwebsite CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message b ...) NOT-FOR-US: XMB CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) all ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores passwor ...) NOT-FOR-US: MSN Messenger CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...) NOT-FOR-US: TippingPoint IPS CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Bl ...) NOT-FOR-US: Bit 5 Blog CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...) NOT-FOR-US: MPM SIP IP Phone CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote att ...) NOT-FOR-US: eyeBeam SIP Softphone CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 be ...) NOT-FOR-US: PowerPortal CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...) NOT-FOR-US: Grant Averett Cerberus FTP Server CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause a ...) NOT-FOR-US: Ari Pikivirta Home Ftp Server CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...) NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) al ...) NOT-FOR-US: Cisco CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs users.0.da ...) NOT-FOR-US: Fluffington FLog CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) {DSA-963-1} [sarge] - mydns 1.0.0-4sarge1 - mydns 1.1.0+pre-3 (medium; bug #348826) CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote a ...) NOT-FOR-US: eggblog CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...) NOT-FOR-US: eggblog CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG befo ...) {DSA-967-1} - elog 2.6.1+r1642-1 (bug #349528; medium) CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote a ...) {DSA-967-1} - elog 2.6.1+r1642-1 (bug #349528; medium) CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remot ...) NOT-FOR-US: SaralBlog CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote a ...) NOT-FOR-US: SaralBlog CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...) NOT-FOR-US: FileCOPA FTP Server CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...) NOT-FOR-US: Hitachi JP1/NetInsight II CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...) NOT-FOR-US: RockLiffe MailSite CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...) NOT-FOR-US: RockLiffe MailSite CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) suppo ...) NOT-FOR-US: Cisco CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to exe ...) NOT-FOR-US: BitComet CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and Lin ...) NOT-FOR-US: F-Secure CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...) NOT-FOR-US: F-Secure CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...) NOT-FOR-US: Kerio Firewall CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...) NOT-FOR-US: Kerio Firewall CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon St ...) NOT-FOR-US: My Amazon Store Manager CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...) NOT-FOR-US: ar-blog CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...) - ecartis 1.0.0+cvs.20030911-11 (low; bug #348824) [sarge] - ecartis (No real fix available, only rare setups affected, minor exploit potential) CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin al ...) NOT-FOR-US: Squirrelmail plugin CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allow ...) {DSA-1148-1} - gallery 1.5.2-1 CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS ...) NOT-FOR-US: HITSENSER Data Mart Server BS CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...) NOT-FOR-US: Tftpd32, different from the tftpd in Debian CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information vi ...) - typo3-src 4.0.2-1 (bug #364351; unimportant) NOTE: Only path disclosure CVE-2006-0326 RESERVED CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...) NOT-FOR-US: Etomite CMS CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote attac ...) NOT-FOR-US: WebspotBlogging CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...) NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...) - mediawiki 1.4.15-1 (low) CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...) {DSA-956-1} - lsh-utils 2.0.1cdbs-4 (low; bug #349303) NOTE: woody seems to be vulnerable as well (looking at the source code). CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Applic ...) NOT-FOR-US: Oracle CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote attacker ...) - fetchmail 6.3.2-1 (bug #348747; low) [sarge] - fetchmail (regression in fetchmail 6.3.0 and 6.3.1) [woody] - fetchmail (regression in fetchmail 6.3.0 and 6.3.1) CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8. ...) NOT-FOR-US: Bit 5 Blog CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) i ...) NOT-FOR-US: Farmers WIFE CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_qu ...) NOT-FOR-US: BlogPHP CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKerne ...) NOT-FOR-US: RedKernel Referrer Tracker CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) P ...) NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p p ...) NOT-FOR-US: EZDatabase CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which allo ...) NOT-FOR-US: PDFdirectory CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allo ...) NOT-FOR-US: PDFdirectory CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass authenti ...) NOT-FOR-US: aoblogger CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows remot ...) NOT-FOR-US: aoblogger CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remot ...) NOT-FOR-US: aoblogger CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote att ...) NOT-FOR-US: Linksys hardware issue CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the htmlt ...) NOT-FOR-US: HTMLtoNuke CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer Associ ...) NOT-FOR-US: CA BrightStor products CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...) NOT-FOR-US: CA BrightStor products CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...) NOT-FOR-US: Clipcomm hardware CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...) NOT-FOR-US: dual dns server CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...) NOT-FOR-US: Joomla! CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 all ...) NOT-FOR-US: ZyXel hardware CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other prod ...) {DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1} - poppler 0.4.5-1 (medium) - tetex-bin 3.0-12 (medium) [sarge] - tetex-bin (tetex2 uses an older version, which is not affected) - kdegraphics 4:3.5.1-2 (medium) - gpdf 2.10.0-3 (medium) - xpdf 3.01-6 (bug #350785; bug #350783; medium) - koffice 1.5.0-1 (medium) - libextractor 0.5.10-1 (medium) - pdfkit.framework 0.8-4 (medium) - swftools (splash/ is not included, therefore no vulnerable code) CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...) {DSA-987-1} - tar 1.15.1-3 (bug #354091; high) - dpkg (has completely different tar implementation) [woody] - tar CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - mozilla (E4X not implemented in Mozilla 1.7) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - mozilla (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - mozilla (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 - xulrunner 1.8.0.1-9 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla 2:1.7.13-0.1 - thunderbird 1.5.0.2-1 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox [sarge] - mozilla-thunderbird (Only 1.5 is affected) - thunderbird 1.5.0.2-1 CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) [sarge] - mozilla-thunderbird (Only 1.5 is affected) - mozilla-thunderbird - thunderbird 1.5.0.2-1 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox 1. ...) {DSA-1051-1 DSA-1046-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - mozilla 2:1.7.13-0.1 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox 1.0.4-2sarge6 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 - mozilla 2:1.7.13-0.1 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0. ...) NOT-FOR-US: Oracle CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, Applicati ...) NOT-FOR-US: Oracle CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server 6.0. ...) NOT-FOR-US: Oracle CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer c ...) NOT-FOR-US: Oracle CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of Oracl ...) NOT-FOR-US: Oracle CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of Oracl ...) NOT-FOR-US: Oracle CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...) NOT-FOR-US: Oracle CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) NOT-FOR-US: Oracle CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP2 ...) NOT-FOR-US: Oracle CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 B ...) NOT-FOR-US: Oracle CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite Rel ...) NOT-FOR-US: Oracle CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...) NOT-FOR-US: Oracle CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...) NOT-FOR-US: Oracle CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle Applicatio ...) NOT-FOR-US: Oracle CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle Data ...) NOT-FOR-US: Oracle CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...) NOT-FOR-US: Oracle CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) Wal ...) NOT-FOR-US: Oracle CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle D ...) NOT-FOR-US: Oracle CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle D ...) NOT-FOR-US: Oracle CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle D ...) NOT-FOR-US: Oracle CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...) NOT-FOR-US: Oracle CVE-2006-0264 REJECTED CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...) NOT-FOR-US: Oracle CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of Ora ...) NOT-FOR-US: Oracle CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...) NOT-FOR-US: Oracle CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...) NOT-FOR-US: Oracle CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server 10.1.0. ...) NOT-FOR-US: Oracle CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of Oracl ...) NOT-FOR-US: Oracle CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of Orac ...) NOT-FOR-US: Oracle CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...) NOT-FOR-US: Oracle CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 Secure ...) NOT-FOR-US: Check Point VPN CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...) - geronimo (bug #481869) CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Nei ...) NOT-FOR-US: AmbiCom Blue Neighbors CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote atta ...) NOT-FOR-US: Benders Calendar CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.7 ...) - faqomatic 2.712-3 CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...) NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP NOTE: This bug is present in a fork, not in the mainline NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions. CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1 ...) NOT-FOR-US: geoBlog CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 an ...) NOT-FOR-US: Virata-EmWeb web server CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula An ...) NOT-FOR-US: Anyboard CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...) NOT-FOR-US: Widexl Download Tracker CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7- ...) NOT-FOR-US: CubeCart CVE-2006-0244 (** DISPUTED ** Directory traversal vulnerability in workspaces.php in ...) NOT-FOR-US: phpXplorer CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote a ...) NOT-FOR-US: SMBCMS CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 a ...) NOT-FOR-US: PHP Fusebox CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...) NOT-FOR-US: WBNews CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...) NOT-FOR-US: Simple Blog CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...) NOT-FOR-US: Simple Blog CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 all ...) NOT-FOR-US: GaMerZ WP-Stats CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...) NOT-FOR-US: GTP iCommerce CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0 ...) [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...) NOT-FOR-US: WhiteAlbum CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...) NOT-FOR-US: microBlog CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...) NOT-FOR-US: microBlog CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...) NOT-FOR-US: Symantec Scan Engine CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...) NOT-FOR-US: Symantec Scan Engine CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...) NOT-FOR-US: Symantec Scan Engine CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow lo ...) NOT-FOR-US: Wehntrust CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ha ...) - kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium) - kernel-patch-2.4-grsecurity (bug #349247; medium) CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, a ...) NOT-FOR-US: lpsched in Sun Solaris CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...) NOT-FOR-US: freebsd kernel CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ...) - openssh 1:4.3p2-1 (low; bug #349645; bug #352254) [sarge] - openssh (Protocol flaws inherited from rcp) - dropbear 0.48-1 (unimportant) NOTE: dropbear doesn't include scp in binary package CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 an ...) {DSA-976-1} - libast 0.7-1 CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Se ...) NOT-FOR-US: TopCMM CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...) NOT-FOR-US: AlstraSoft Template Seller Pro CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...) NOT-FOR-US: Dragon Design Services Network (DDSN) CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...) NOT-FOR-US: DCP-Portal CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from old ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auctio ...) NOT-FOR-US: Ultimate Auction CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remo ...) NOT-FOR-US: QualityEBiz Quality PPC CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Q ...) NOT-FOR-US: QualityEBiz Quality PPC CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows remo ...) NOT-FOR-US: ezDatabase CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 an ...) NOT-FOR-US: Kolab Server NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba Blu ...) NOT-FOR-US: Toshiba Bluetooth Stack CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...) NOT-FOR-US: Helm Hosting Control Panel CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire Tr ...) NOT-FOR-US: Interspire TrackPoint NX CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...) NOT-FOR-US: TankLogger CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5 ...) - php5 5.1.2-1 - php4 4:4.4.2-1 (bug #354682; low) [sarge] - php4 (html_errors shouldn't be used) CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow re ...) {DSA-1331-1} - php5 5.1.2-1 (bug #347894) - php4 4:4.4.2-1 (bug #354683) CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040 ...) NOT-FOR-US: Light Weight Calendar CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...) NOT-FOR-US: Wordcircle CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...) NOT-FOR-US: Wordcircle CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not veri ...) NOT-FOR-US: Mini-Nuke CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Tool ...) NOT-FOR-US: PayPal Web Services CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Tool ...) NOT-FOR-US: PayPal Web Services CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the mysq ...) - php5 5.1.2-1 (bug #347894; unimportant) - php4 (vulnerable code was introduced in PHP5) NOTE: Not built into the binary packages CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...) NOT-FOR-US: Mini-Nuke CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...) NOT-FOR-US: XOOPS CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org 6.8 ...) NOTE: Historic X11 bug #349251 CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 al ...) NOT-FOR-US: slsnif CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...) {DSA-988-1} - squirrelmail 2:1.4.6-1 (bug #354062) CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.0 ...) NOT-FOR-US: FogBugz CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...) NOT-FOR-US: Positive Software H-Sphere CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 al ...) NOT-FOR-US: ASPSurvey CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to caus ...) NOT-FOR-US: Sun Solaris CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...) NOT-FOR-US: Sun Solaris CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows r ...) NOT-FOR-US: eStara Softphone CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...) {DSA-988-1} - squirrelmail 2:1.4.6-1 (bug #354064) CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...) - knowledgetree 2.0.7-2 (bug #348306; medium) CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...) NOT-FOR-US: Microsoft CVE-2006-0186 REJECTED CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) N ...) NOT-FOR-US: PHP-Nuke CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote att ...) NOT-FOR-US: AspTopSites CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal Calenda ...) NOT-FOR-US: ACal Calendar Project CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to by ...) NOT-FOR-US: ACal Calendar Project CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) befo ...) NOT-FOR-US: Cisco CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 al ...) NOT-FOR-US: CaLogic Calendars CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Cisco CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...) NOT-FOR-US: Cray UNICOS CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local use ...) NOT-FOR-US: Cray UNICOS CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and src/unix/file ...) - xmame 0.104-1 (medium; bug #349653) NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf NOTE: question, that makes it very clear that setuid root is only for single-user NOTE: systems and xmame-sdl and xmess aren't setuid at all [sarge] - xmame (XMame is non-free software) CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...) NOT-FOR-US: Web Wiz Forums CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5 ...) NOT-FOR-US: Hummingbird Collaboration CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5 ...) NOT-FOR-US: Hummingbird Collaboration CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility i ...) NOT-FOR-US: Hummingbird Collaboration CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb E-comme ...) NOT-FOR-US: OrjinWeb E-commerce CVE-2006-0170 REJECTED CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, whic ...) NOT-FOR-US: MyPhPim CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remot ...) NOT-FOR-US: MyPhPim CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers t ...) NOT-FOR-US: MyPhPim CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stor ...) NOT-FOR-US: Symantec SystemWorks CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries funct ...) NOT-FOR-US: WebGUI CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is enab ...) NOT-FOR-US: phgstats CVE-2006-0163 (SQL injection vulnerability in the search module (modules/Search/index ...) NOT-FOR-US: PHP-Nuke CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown i ...) NOT-FOR-US: Solaris CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allow ...) NOT-FOR-US: Venom Board CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...) NOT-FOR-US: Foro Domus CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS all ...) NOT-FOR-US: CyberDoc SiteSuite CMS CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remot ...) NOT-FOR-US: Reamday Enterprises Magic News Plus CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remot ...) NOT-FOR-US: Foxforum CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...) NOT-FOR-US: 427BB CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 a ...) NOT-FOR-US: 427BB CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the u ...) NOT-FOR-US: 427BB CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...) NOT-FOR-US: phpChamber CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environ ...) {DSA-946-2} - sudo 1.6.8p12-1 (medium) NOTE: The whole black list approach is flawed, for the DSA we'll switch to NOTE: a white list approach of known to be safe env vars. CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason fun ...) {DSA-952-1} - libapache-auth-ldap (bug #347416) CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_en ...) NOT-FOR-US: SimpBook CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: NetSarang Xlpd CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...) {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (medium; bug #349985) - cacti 0.8.6d-1 (medium) - moodle 1.6.3-2 (medium) NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2 CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in mu ...) {DSA-1031-1 DSA-1030-1 DSA-1029-1} - libphp-adodb 4.72-0.1 (medium; bug #349985) - cacti 0.8.6d-1 (medium) - moodle 1.6.3-2 (medium) NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2 CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and Ope ...) NOT-FOR-US: NetBSD CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...) NOT-FOR-US: Neither php-pear nor php4-pear ship this file CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote attack ...) NOT-FOR-US: Windows CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...) NOT-FOR-US: Andromeda CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...) NOT-FOR-US: Eudora CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 S ...) NOT-FOR-US: Navboard CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in P ...) NOT-FOR-US: PD9 Software MegaBBS CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamA ...) {DSA-947-1} - clamav 0.88-1 CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denia ...) - amsn 0.98.9-1 (low; bug #557754) [squeeze] - amsn (minor issue) [etch] - amsn (minor issue) [lenny] - amsn (minor issue) CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...) NOT-FOR-US: Phanatic Softwares Chimera Web Portal System CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook m ...) NOT-FOR-US: Phanatic Softwares Chimera Web Portal System CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 al ...) NOT-FOR-US: TheWebForum CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in TheWebForu ...) NOT-FOR-US: TheWebForum CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow loc ...) NOT-FOR-US: AIX CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...) NOT-FOR-US: SysCP WebFTP CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: boastMachine CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in Rocklif ...) NOT-FOR-US: Mail Management Agent CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in Rocklif ...) NOT-FOR-US: Mail Management Agent CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.2 ...) NOT-FOR-US: Rockliffe MailSite CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe Mai ...) NOT-FOR-US: Rockliffe MailSite CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and non ...) - rxvt-unicode 6.3-1 [sarge] - rxvt-unicode (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes) [woody] - rxvt-unicode (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes) CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...) NOT-FOR-US: AppServ CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0 ...) NOT-FOR-US: ADN Forum CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...) NOT-FOR-US: ADN Forum CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquife ...) NOT-FOR-US: Aquifer CMS CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5. ...) NOT-FOR-US: Notes/Domino CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Ser ...) NOT-FOR-US: Notes/Domino CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Ser ...) NOT-FOR-US: Notes/Domino CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...) NOT-FOR-US: Notes/Domino CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allo ...) NOT-FOR-US: Notes/Domino CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore Ebusi ...) NOT-FOR-US: iNETstore Ebusiness Software CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CM ...) NOT-FOR-US: OnePlug Solutions OnePlug CMS CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs fo ...) NOT-FOR-US: Joomla! CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...) NOT-FOR-US: Enhanced Simple PHP Gallery CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simp ...) NOT-FOR-US: Enhanced Simple PHP Gallery CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media Shoppi ...) NOT-FOR-US: Boxcar Media Shopping Cart CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...) NOT-FOR-US: Foro Domus CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...) NOT-FOR-US: Modular Merchant Shopping Cart CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows rem ...) NOT-FOR-US: Timecan CMS CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...) NOT-FOR-US: Timecan CMS CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...) NOT-FOR-US: PostgreSQL on Windows CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allo ...) NOT-FOR-US: TinyPHPForum CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...) NOT-FOR-US: TinyPHPForum CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...) NOT-FOR-US: TinyPHPForum CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Bet ...) NOT-FOR-US: sBLOG CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local user ...) NOT-FOR-US: NicoFTP CVE-2006-0099 (PHP remote file include vulnerability in (1) include/templates/categor ...) NOT-FOR-US: Valdersoft Shopping Cart CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3 ...) NOT-FOR-US: OpenBSD CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in libmy ...) - php4 (Windows specific) - php5 (Windows specific) CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...) {DSA-1017-1} - linux-2.6 (Fixed before upload into archive; 2.6.11) - kernel-source-2.4.27 2.4.27-8 CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...) {DSA-1017-1} - linux-2.6 2.6.16-1 - kernel-source-2.4.27 (2.4 doesn't have dm-crypt) CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 allo ...) NOT-FOR-US: oaBoard CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...) NOT-FOR-US: @Card ME PHP CVE-2006-0092 REJECTED CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0. ...) NOT-FOR-US: Open-Xchange CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...) NOT-FOR-US: IDV Directory Viewer CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ca ...) NOT-FOR-US: ESRI ArcPad CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...) NOT-FOR-US: inTouch CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in Liz ...) NOT-FOR-US: Lizard Cart CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation Ima ...) NOT-FOR-US: Next Generation Image Gallery CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attacker ...) NOT-FOR-US: Nkads CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ear ...) NOT-FOR-US: raSMP CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools (s ...) {DSA-930-2 DSA-930-1} - smstools 1.16-1.1 (bug #347221; medium) CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...) {DSA-954-1 CVE-2005-4560} - wine 0.9.2-1 (bug #346197; medium) CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c fo ...) {DSA-1213} - imagemagick 6:6.2.4.5-0.6 (bug #345876) CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerat ...) NOT-FOR-US: Intel CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possi ...) NOT-FOR-US: vBulletin CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 a ...) NOT-FOR-US: ScozNet CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...) NOT-FOR-US: B-Net Software CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...) NOT-FOR-US: File::ExtAttr CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 allo ...) NOT-FOR-US: oaBoard CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and earlie ...) NOT-FOR-US: phpBook CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...) NOT-FOR-US: PHPenpals CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...) NOT-FOR-US: DiscusWare Discus CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attack ...) NOT-FOR-US: SCO Openserver CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bi ...) - pinentry (Gentoo-specific packaging flaw) CVE-2006-0070 - drupal (According to upstream advisory is junk, behaviour intentional) NOTE: This will probably be REJECTED anyway CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk G ...) NOT-FOR-US: Chipmunk Guestbook CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows remot ...) NOT-FOR-US: Primo Cart CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 an ...) NOT-FOR-US: VEGO Links Builder CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows re ...) NOT-FOR-US: PHPjournaler CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) functions_update ...) NOT-FOR-US: VEGO Web Forum CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...) NOT-FOR-US: CubeCart CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowe ...) - phpbb2 2.0.21-1 (unimportant) [sarge] - phpbb2 (Affects only an inherently unsafe option only suitable for trusted users) NOTE: According to the maintainer only affects a config option that is strongly NOTE: discouraged due to potential security problems NOTE: (Upstream fix was in 2.0.20.) CVE-2006-0062 (xlockmore 5.13 allows potential xlock bypass when FVWM switches to the ...) - xlockmore 1:5.13-2.1 (bug #309760) CVE-2006-0061 (xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns ...) - xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low) [sarge] - xlockmore (Minor issue) CVE-2006-0060 RESERVED CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...) NOT-FOR-US: LiveData CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...) {DSA-1015-1} - sendmail 8.13.6-1 (bug #358440; high) CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...) NOT-FOR-US: Windows CVE-2006-0056 (Double free vulnerability in the authentication and authentication tok ...) - pam-mysql 0.6.2-1 (bug #353589; medium) [sarge] - pam-mysql (Vulnerable code not present) CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable f ...) - ee 1:1.4.2-5 (bug #348322) CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ca ...) NOT-FOR-US: FreeBSD CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to ...) {DSA-1028-1} - libimager-perl 0.50-1 (bug #359661) CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, wh ...) {DSA-1027-1} - mailman 2.1.6-1 (bug #358892) CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...) {DSA-1023-1} - kaffeine 0.8-1 CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary fi ...) {DSA-1013-1} - snmptrapfmt 1.10 CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached sign ...) {DSA-993-2} - gnupg 1.4.2.2-1 (bug #356125; medium) - gnupg2 (Vulnerable code not activated) CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a deni ...) - tcpick 0.2.1-3 (bug #360571; low) [sarge] - tcpick (Minor issue) CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...) {DSA-994-1} - freeciv 2.0.8-1 (medium; bug #355211) CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote atta ...) {DSA-966-1} - adzapper 20060115-1 CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and loa ...) {DSA-949-1} - crawl 1:4.0.0beta26-7 (medium) CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application t ...) {DSA-942-1} - albatross 1.33-1 CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...) {DSA-975-1} - nfs-user-server 2.2beta47-22 (high; bug #350020) NOTE: nfs-utils (kernel NFS server) is not affected NOTE: (it uses PATH_MAX for the buffer passed to realpath). CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_par ...) {DSA-1000-2} - libapreq2 2.07-1 CVE-2006-0041 REJECTED CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...) - evolution 2.10.1 (bug #398064; low) [etch] - evolution (Minor issue) [sarge] - evolution (Not reproducable on Sarge) CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-14 CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux bef ...) {DSA-1103 DSA-1097-1} - linux-2.6 2.6.16-1 CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...) - linux-2.6 2.6.15-3 [sarge] - kernel-source-2.6.8 (Vulnerable code not present) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...) - linux-2.6 2.6.15-3 [sarge] - kernel-source-2.6.8 (Vulnerable code not present) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 an ...) - linux-2.6 2.6.15-3 CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...) {DSA-948-1} - kdelibs 4:3.5.1-1 (medium) CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext fu ...) NOT-FOR-US: Microsoft CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Microsoft CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in Mi ...) NOT-FOR-US: Microsoft CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, i ...) NOT-FOR-US: Microsoft CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Microsoft CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Microsoft CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Microsoft CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...) NOT-FOR-US: Microsoft CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 an ...) - flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105) [sarge] - flashplugin-nonfree (Only affects proprietary Flash plugin) CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly othe ...) NOT-FOR-US: Microsoft CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office ...) NOT-FOR-US: Microsoft PowerPoint CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows re ...) NOT-FOR-US: Microsoft CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...) NOT-FOR-US: Microsoft CVE-2006-0018 REJECTED CVE-2006-0017 RESERVED CVE-2006-0016 RESERVED CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll ...) NOT-FOR-US: Microsoft CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote a ...) NOT-FOR-US: Microsoft CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...) NOT-FOR-US: Microsoft CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft CVE-2006-0011 REJECTED CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP ...) NOT-FOR-US: Microsoft CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versio ...) NOT-FOR-US: Microsoft CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...) NOT-FOR-US: Microsoft CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 ...) NOT-FOR-US: Microsoft CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in Microso ...) NOT-FOR-US: Microsoft CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP ...) NOT-FOR-US: Microsoft CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with I ...) NOT-FOR-US: Microsoft CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...) NOT-FOR-US: RDS.Dataspace CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exch ...) NOT-FOR-US: Microsoft CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 a ...) NOT-FOR-US: Microsoft