CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...) NOT-FOR-US: SAS Drug Development (SDD) CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/2a2f11c227bdf292b3a2900ad04139d301b56ac4 CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6. ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6) CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...) NOT-FOR-US: Dataprobe iBootBar CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...) NOT-FOR-US: Dataprobe iBootBar CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in ...) NOT-FOR-US: feed-proxy.php CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...) NOT-FOR-US: GE Healthcare Centricity DMS CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...) NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ...) - openssl (unimportant) NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2 CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for F ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft Window ...) NOT-FOR-US: Microsoft Windows CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drup ...) - drupal7 (unimportant) CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...) NOT-FOR-US: MailForm plugin for Movable Type CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ...) - apache2 2.2.15-3 (medium; bug #533661) - apache (medium; bug #533662) [lenny] - apache2 (Minor issue) CVE-2007-6749 REJECTED CVE-2007-6748 REJECTED CVE-2007-6747 REJECTED CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...) - telepathy-idle 0.1.15-1 (low; bug #706094) [wheezy] - telepathy-idle (Minor issue) [squeeze] - telepathy-idle (Minor issue) CVE-2007-6745 (clamav 0.91.2 suffers from a floating point exception when using ScanO ...) - clamav 0.91.2-1~volatile1 [etch] - clamav (Vulnerable code not present) [sarge] - clamav (Vulnerable code not present) CVE-2007-6744 (Flexera Macrovision InstallShield before 2008 sends a digital-signatur ...) NOT-FOR-US: Flexera Macrovision InstallShield CVE-2007-6743 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 bef ...) NOT-FOR-US: Tivoli CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 ...) NOT-FOR-US: Tivoli CVE-2007-6741 (The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does n ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2007-6740 (The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does n ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2007-6739 (FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to caus ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2007-6738 (pyftpdlib before 0.1.1 does not choose a random value for the port ass ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2007-6737 (FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempte ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2007-6736 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: Novell NetWare CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...) NOT-FOR-US: Novell NetWare CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...) - linux-2.6 2.6.10-1 CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in loaders/dtt_load ...) - xmp 2.6.1-1 (low; bug #546730) [etch] - xmp (Minor issue, fringe app/formats) [lenny] - xmp (Minor issue, fringe app/formats) CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers ...) - xmp 2.6.1-1 (low; bug #546730) [etch] - xmp (Minor issue, fringe app/formats) [lenny] - xmp (Minor issue, fringe app/formats) CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: ZyXEL P-330W CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: ZyXEL P-330W CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote atta ...) NOT-FOR-US: XMB CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...) NOT-FOR-US: KerviNet Forum CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...) NOT-FOR-US: Dojo CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly o ...) {DSA-2080-1} - ghostscript 8.63.dfsg.1-1 (medium; bug #524803) - gs-gpl (medium; bug #561717) CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs Priv ...) NOT-FOR-US: Vidalia CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs Privo ...) - tork (Affects only Windows and MacOS) CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...) NOT-FOR-US: Vidalia CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before release 1 ...) - bouncycastle 1.38-1 CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possi ...) - libmikmod 3.1.11-6.1 (low; bug #461519) [etch] - libmikmod (Minor issue) [lenny] - libmikmod (Minor issue) - sdl-mixer1.2 1.2.8-1 (low; bug #422021) [etch] - sdl-mixer1.2 (Minor issue) CVE-2007-XXXX [tdiary XSS] - tdiary 2.2.0-1 (bug #464778) [etch] - tdiary 2.0.2+20060303-5 NOTE: fixed in r6 point update NOTE: http://www.tdiary.org/20071215.html CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to e ...) NOT-FOR-US: Wiz-Ad CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...) - mplayer 1.0~rc3+svn20100502-1 (low; bug #407010) [lenny] - mplayer (Some have been fixed in Lenny/libavcodec, some crashers left) NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3 ...) NOT-FOR-US: IBM AIX CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...) {DSA-1653-1} - linux-2.6 2.6.23-1 - linux-2.6.24 (Vulnerable code not present) NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ( ...) - iceweasel (unimportant) NOTE: browser dos not treated as security issues NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed? CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...) NOT-FOR-US: Flip4Mac CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supp ...) - dbmail 2.2.9 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...) {DSA-1588-1} - linux-2.6 2.6.26-1 - linux-2.6.24 NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x, NOTE: but fixed in git, so marking as fixed in 2.6.26-1 CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2. ...) NOT-FOR-US: FreeWebShop.org CVE-2007-6710 RESERVED CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ear ...) NOT-FOR-US: Cisco Linksys CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisc ...) NOT-FOR-US: Cisco Linksys CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Links ...) NOT-FOR-US: Cisco Linksys CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client fo ...) NOT-FOR-US: WebSphere CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 410 ...) NOT-FOR-US: F5 FirePass CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...) - vdccm CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka r ...) NOT-FOR-US: FS4104-AW firmware CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...) NOT-FOR-US: Novell Client CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web i ...) NOT-FOR-US: openbsd CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...) NOT-FOR-US: AIM PicEditor CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote auth ...) {DSA-1541-1} - openldap2.3 2.3.38-1 - openldap2.2 - openldap2 (slapd not built) CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1 ...) - webcalendar 1.1.6-7 (bug #466935) [lenny] - webcalendar (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37) CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4 ...) NOT-FOR-US: Drake CMS CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 t ...) {DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.24-1 - linux-2.6.24 (Fixed before initial upload, upstream in 2.6.24) NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24 CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image ...) {DSA-1493-2 DSA-1493-1} - sdl-image1.2 1.2.6-2 (medium) CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery befo ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows rem ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 h ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not che ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious fil ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto G ...) - gallery (Vulnerable code not present) - gallery2 2.2.4-1 (bug #457644) CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows attacker ...) - gallery2 2.2.4-1 (bug #457644) - gallery (Vulnerable code not present) CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery bef ...) - gallery (Vulnerable code not present) - gallery2 2.2.4-1 (bug #457644) CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...) NOT-FOR-US: IBM AIX CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM WebSphe ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-6678 REJECTED CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam I ...) NOT-FOR-US: Peter's Random Anti-Spam Image CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...) NOT-FOR-US: Uber Uploader CVE-2007-6675 (The b_system_comments_show function in htdocs/modules/system/blocks/sy ...) NOT-FOR-US: XOOPS CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...) NOT-FOR-US: RapidShare Database CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows remo ...) NOT-FOR-US: Makale Scripti CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protec ...) - jetty 6.1.18-1 (medium; bug #462793; bug #559765) CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...) NOT-FOR-US: Instant Softwares Dating Site CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...) NOT-FOR-US: PHCDownload CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...) NOT-FOR-US: PHCDownload CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not requi ...) NOT-FOR-US: MySpace Content Zone CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 a ...) NOT-FOR-US: Zenphoto CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL ...) NOT-FOR-US: Netchemia CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ea ...) NOT-FOR-US: WebPortal CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html. ...) NOT-FOR-US: Pragmatic Utopia PU Arcade CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows r ...) NOT-FOR-US: CuteNews CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without sup ...) NOT-FOR-US: 2z project CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: 2z project CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9. ...) NOT-FOR-US: 2z project CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) ...) NOT-FOR-US: CCMS CVE-2007-6657 (PHP remote file inclusion vulnerability in source/includes/load_forum. ...) NOT-FOR-US: Mihalism CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module f ...) NOT-FOR-US: CMS Made Simple CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in Ko ...) NOT-FOR-US: Kontakt Formular CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision InstallShi ...) NOT-FOR-US: Macrovision InstallShield Update Service Web Agent CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi Ho ...) NOT-FOR-US: Mihalism CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser ...) NOT-FOR-US: XCMS CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...) NOT-FOR-US: Bitweaver CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in Bitwea ...) NOT-FOR-US: Bitweaver CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in Ma ...) NOT-FOR-US: MatPo Bilder Gallery CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery 0.1. ...) NOT-FOR-US: SanyBee Gallery CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier ...) NOT-FOR-US: w-Agora CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...) NOT-FOR-US: LiveCart CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote auth ...) NOT-FOR-US: Joomla! CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to p ...) NOT-FOR-US: Joomla! CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...) NOT-FOR-US: Joomla! CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...) NOT-FOR-US: Joomla! CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Re ...) NOT-FOR-US: milliscripts CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not pro ...) NOT-FOR-US: Creammonkey and GreaseKit CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier al ...) NOT-FOR-US: IPTBB CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web roo ...) NOT-FOR-US: March Networks CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...) - flashplugin-nonfree 1:1.4 (bug #459071) [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu befor ...) NOT-FOR-US: Bitflu CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in ...) NOT-FOR-US: FAQMasterFlexPlus CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly ...) NOT-FOR-US: FAQMasterFlexPlus CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPl ...) NOT-FOR-US: FAQMasterFlexPlus CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbit ...) NOT-FOR-US: xml2owl CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier al ...) NOT-FOR-US: LScube libnemesi CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by ...) NOT-FOR-US: Netembryo CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows remot ...) NOT-FOR-US: LScube Feng CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a deni ...) NOT-FOR-US: LScube Feng CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...) NOT-FOR-US: LScube Feng CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in R ...) NOT-FOR-US: LScube Feng CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform Serv ...) NOT-FOR-US: Platform Service Process (asampsp) CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i an ...) NOT-FOR-US: PNphpBB2 CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...) NOT-FOR-US: ZeusCMS CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...) NOT-FOR-US: ZeusCMS CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili 3.0 ...) NOT-FOR-US: Joovili CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...) NOT-FOR-US: Joovili CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 do ...) NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to delet ...) NOT-FOR-US: JIRA Enterprise Edition CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterp ...) NOT-FOR-US: JIRA Enterprise Edition CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleF ...) NOT-FOR-US: SimpleForum CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares Medi ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in i ...) - libcdio 0.78.2+dfsg1-2 (low; bug #459129) [sarge] - libcdio (Packages prior to 0.78.2 didn't build the tools into binary package) [etch] - libcdio (Packages prior to 0.78.2 didn't build the tools into binary package) NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...) - unp 1.0.13 (bug #448437; low) [etch] - unp (Only used as archiver in third-party software) CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...) NOT-FOR-US: CoolPlayer CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5. ...) NOT-FOR-US: OpenBiblio CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain se ...) NOT-FOR-US: OpenBiblio CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain co ...) NOT-FOR-US: OpenBiblio CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2 ...) NOT-FOR-US: SkyFex Client CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...) NOT-FOR-US: XCMS CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and rea ...) NOT-FOR-US: Hot or Not Clone CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub 0.5. ...) NOT-FOR-US: NoseRub CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8 ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 [sarge] - postgresql CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...) NOT-FOR-US: IPortalX CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...) {DSA-1458-1} - openafs 1.4.6.dfsg1-1 (medium) NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a syml ...) {DSA-1497-1} - clamav 0.92.1~dfsg-1 (low; bug #458532) [etch] - clamav (Minor issue, first issue doesn't apply) [sarge] - clamav (Security Support has stopped) CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...) - clamav 0.92.1~dfsg-1 (unimportant; bug #458532) [etch] - clamav (Minor issue) [sarge] - clamav (Security Support has stopped) NOTE: this is more a feature request than a bug CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak per ...) NOT-FOR-US: Lotus Notes CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy (forme ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the b ...) NOT-FOR-US: Safari CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server cer ...) - kdebase 4:4.0.3-1 (low; bug #458968) [etch] - kdebase (Minor issue) [lenny] - kdebase (Minor issue) NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921 NOTE: No longer occurs in KDE 4.0.3 according to upstream bug CVE-2007-6590 REJECTED CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...) {DSA-1534-1} - iceape 1.1.7-1 (medium) - iceweasel 2.0.0.10-1 (medium) CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows re ...) NOT-FOR-US: PHCDownload CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 al ...) NOT-FOR-US: Plogger CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows r ...) NOT-FOR-US: nicLOR-CMS CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php i ...) NOT-FOR-US: NmnNewsletter CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow r ...) NOT-FOR-US: 1024 CMS CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in 102 ...) NOT-FOR-US: 1024 CMS CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows rem ...) NOT-FOR-US: mBlog CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 allo ...) NOT-FOR-US: Social Engine CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow ...) NOT-FOR-US: Wallpaper Site CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote atta ...) NOT-FOR-US: Ip Reg CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote a ...) NOT-FOR-US: PHP ZLink CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...) NOT-FOR-US: zBlog CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earli ...) NOT-FOR-US: Adult Script CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote at ...) NOT-FOR-US: MMSLamp CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 an ...) NOT-FOR-US: Dokeos CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: QK SMTP CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy ...) NOT-FOR-US: Sun Java System Web Proxy CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database func ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log functio ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero Com ...) NOT-FOR-US: XZero Community Classifieds CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community Clas ...) NOT-FOR-US: XZero Community Classifieds CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...) NOT-FOR-US: XZero Community Classifieds CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta an ...) NOT-FOR-US: Blakord Portal CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...) {DSA-1467-1} - mantis 1.0.8-4 (low; bug #458377) CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to o ...) {DSA-1543-1 DTSA-132-1} - vlc 0.8.6.c-4.1 (medium; bug #458318) - mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370) NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: see https://trac.videolan.org/vlc/ticket/1371 CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function (networ ...) {DSA-1543-1} - vlc 0.8.6.c-4.1 (medium; bug #458318) [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VL ...) {DSA-1543-1} - vlc 0.8.6.c-4.1 (low; bug #458318) [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to caus ...) - vlc 0.8.6.c-4.1 (bug #458318) [lenny] - vlc 0.8.6.c-4.1~lenny1 NOTE: That's hardly a security problem, just a bug CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including us ...) {DSA-1457-1} - dovecot 1:1.0.10-1 (low; bug #458315) [sarge] - dovecot (Vulnerable code not present) [etch] - dovecot (very minor issue) NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html NOTE: low, because issue is only with quite rare configurations CVE-2007-6612 (Directory traversal vulnerability in DirHandler (lib/mongrel/handlers. ...) - mongrel 1.1.3-1 (medium) CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0 ...) NOT-FOR-US: Limbo CMS CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ot ...) NOT-FOR-US: WinAce CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...) {DSA-1443-1} - tcpreen 1.4.3-0.3 (medium; bug #457781) CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted re ...) NOT-FOR-US: PDFLib CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic befor ...) NOT-FOR-US: Logaholic CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 all ...) NOT-FOR-US: Logaholic CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a denia ...) NOT-FOR-US: TotalPlayer CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...) NOT-FOR-US: MeGaCheatZ CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow rem ...) NOT-FOR-US: websihirbazi CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...) NOT-FOR-US: Joomla! extension CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 an ...) NOT-FOR-US: TeamCal CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1. ...) NOT-FOR-US: TeamCal CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows r ...) NOT-FOR-US: AuraCMS CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, a ...) NOT-FOR-US: MailMachine CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...) NOT-FOR-US: PMOS Help Desk CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact an ...) NOT-FOR-US: RunCMS CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...) NOT-FOR-US: RunCMS CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...) NOT-FOR-US: RunCMS CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it easi ...) NOT-FOR-US: RunCMS CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1 ...) NOT-FOR-US: RunCMS CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow re ...) NOT-FOR-US: RunCMS CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exch ...) NOT-FOR-US: eSyndiCat Link Exchange Script CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...) NOT-FOR-US: Arcadem LEArcadem LE CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...) NOT-FOR-US: neuron news CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...) NOT-FOR-US: neuron news CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot iSuppo ...) NOT-FOR-US: IDevspot iSupport CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...) - moodle (Vulnerable code not present, third party module) CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...) NOT-FOR-US: WinUAE CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta pres ...) NOT-FOR-US: Google Toolbar CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006 ...) NOT-FOR-US: YShortcut ActiveX control CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher all ...) NOT-FOR-US: Microsoft Office Publisher CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-ass ...) NOT-FOR-US: Zoom Player CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce ...) - libxfcegui4 4.4.2 (low) [sarge] - libxfcegui4 (Minor issue) [etch] - libxfcegui4 (Minor issue) CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in Xf ...) - xfce4-panel 4.4.2 (low) [sarge] - xfce4-panel (Minor issue) [etch] - xfce4-panel (Minor issue) CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...) NOT-FOR-US: XUpload CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unk ...) - tikiwiki CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki b ...) - tikiwiki CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload ...) NOT-FOR-US: PunBB CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...) - tikiwiki CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) T ...) NOT-FOR-US: IBM DB2 Content Manager CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially sensit ...) NOT-FOR-US: Opera CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...) NOT-FOR-US: Opera CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...) NOT-FOR-US: Opera CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...) NOT-FOR-US: Opera CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain scri ...) NOT-FOR-US: Opera CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System (FF ...) NOT-FOR-US: HP Tru64 UNIX CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab Burnin ...) NOT-FOR-US: WoltLab Burning Board CVE-2007-6517 (SQL injection vulnerability in the forget password section (LostPwd.as ...) NOT-FOR-US: Eagle Software Aeries Browser Interface CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.o ...) NOT-FOR-US: RavWare Software MAS Flic ActiveX Control CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to exe ...) NOT-FOR-US: SiteScape CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports ...) NOT-FOR-US: HP eSupportDiagnostics ActiveX control CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...) NOT-FOR-US: PHP MySQL Banner Exchange CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content fi ...) NOT-FOR-US: Websense Enterprise CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 ...) NOT-FOR-US: ProWizard CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process Manage ...) NOT-FOR-US: Appian Enterprise Business Process Management Suite CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows remo ...) NOT-FOR-US: xeCMS CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a Wi ...) - linux-2.6 2.6.17-1 (low; bug #529318) - linux-2.6.24 (Fixed before initial upload, 2.6.17) NOTE: While labeled as an Apache flaw, fix required in smbfs CVE-2007-XXXX [venkman preinst symlink dos] - venkman 0.9.87.2-1 (bug #456520) [lenny] - venkman (Vulnerable code not present) [sarge] - venkman (Vulnerable code not present) [etch] - venkman (Vulnerable code not present) CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable] - unace-nonfree 2.5-3 [etch] - unace-nonfree 2.5-1etch1 CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, befo ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.d ...) NOT-FOR-US: HP Software Update CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd ...) NOT-FOR-US: Solaris CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 ...) NOT-FOR-US: Hosting Controller CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...) NOT-FOR-US: Hosting Controller CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authentic ...) NOT-FOR-US: Hosting Controller CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...) NOT-FOR-US: Hosting Controller CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...) NOT-FOR-US: Hosting Controller CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...) NOT-FOR-US: Hosting Controller CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot f ...) NOT-FOR-US: Hosting Controller CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attac ...) NOT-FOR-US: Hosting Controller CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allo ...) NOT-FOR-US: Hosting Controller CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...) NOT-FOR-US: iMesh CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...) NOT-FOR-US: iMesh CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS all ...) NOT-FOR-US: Kvaliitti WebDoc CMS CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One C ...) NOT-FOR-US: Falcon Series One CMS CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series O ...) NOT-FOR-US: Falcon Series One CMS CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series On ...) NOT-FOR-US: Falcon Series One CMS CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 a ...) NOT-FOR-US: Plain Black WebGUI CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...) NOT-FOR-US: LineShout CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ( ...) - centreon-web (bug #913903) CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote a ...) NOT-FOR-US: phpRPG CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...) NOT-FOR-US: SafeNet Sentinel Protection and Keys Server CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...) NOT-FOR-US: utdevmgrd in Sun Ray Server Software CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...) NOT-FOR-US: utdevmgrd in Sun Ray Server Software CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...) NOT-FOR-US: Oracle database component in Sun Management Center CVE-2007-6479 (Unrestricted file upload vulnerability in the "My productions" compone ...) NOT-FOR-US: Dokeos CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and p ...) NOT-FOR-US: Rosoft Media Player CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature i ...) NOT-FOR-US: Citrix Web Interface and NFuse CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration inform ...) NOT-FOR-US: GF-3XPLORER CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow ...) NOT-FOR-US: GF-3XPLORER CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...) NOT-FOR-US: GF-3XPLORER CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explor ...) NOT-FOR-US: WFTPD Explorer Pro CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allo ...) NOT-FOR-US: phpMyRealty CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Win ...) NOT-FOR-US: phPay CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with insuff ...) NOT-FOR-US: phpRPG CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qut ...) NOT-FOR-US: phpRPG CVE-2007-6468 (Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman. ...) NOT-FOR-US: Hammer of Thyrion CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows re ...) NOT-FOR-US: MKPortal CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...) NOT-FOR-US: FreeWebshop CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in ...) - ganglia-monitor-core (ganglia web-frontend not included) CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0 ...) NOT-FOR-US: Form tools CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...) NOT-FOR-US: PHP Real Estate Classifieds CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate Classif ...) NOT-FOR-US: PHP Real Estate Classifieds CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fl ...) - flyspray CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Serv ...) NOT-FOR-US: Anon Proxy Server CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers t ...) NOT-FOR-US: Anon Proxy Server CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 al ...) NOT-FOR-US: 123tkShop CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 a ...) NOT-FOR-US: NetWin SurgeMail 38k4 CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffic ...) NOT-FOR-US: Planamesa NeoOffice NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ma ...) NOT-FOR-US: Mambo NOTE: Mambo is in experimental CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...) {DSA-1583-1 DSA-1441-1} - peercast 0.1218+svn20071220+2 (medium; bug #457300) - gnome-peercast 0.5.4-1.2 (medium; bug #466539) CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php i ...) NOT-FOR-US: RaidenHTTPD CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google ...) - gwt 1.6.4-1 (low; bug #563542) CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly ...) {DSA-1446-1 DTSA-104-1} - wireshark 0.99.7-1 - ethereal CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 all ...) {DSA-1446-1 DTSA-104-1} - wireshark 0.99.7-1 - ethereal CVE-2007-6449 REJECTED CVE-2007-6448 REJECTED CVE-2007-6447 REJECTED CVE-2007-6446 REJECTED CVE-2007-6445 REJECTED CVE-2007-6444 REJECTED CVE-2007-6443 REJECTED CVE-2007-6442 REJECTED CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows rem ...) {DTSA-104-1} - wireshark 0.99.7-1 [sarge] - ethereal (vulnerable code introduced in 0.99.6) [etch] - wireshark (vulnerable code introduced in 0.99.6) CVE-2007-6440 REJECTED CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause ...) {DTSA-104-1} - wireshark 0.99.7-1 [sarge] - ethereal (vulnerable code introduced in 0.99.6) [etch] - wireshark (vulnerable code introduced in 0.99.6) CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly ...) {DTSA-104-1} - wireshark 0.99.7-1 [sarge] - ethereal (vulnerable code introduced in 0.99.6) [etch] - wireshark (vulnerable code introduced in 0.99.6) CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows rem ...) {DSA-1464-1 DTSA-105-1} - syslog-ng 2.0.6-1 (low; bug #457334) [sarge] - syslog-ng (Vulnerable code not present) CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...) NOT-FOR-US: JustSystems CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTM ...) NOT-FOR-US: Novell GroupWise CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...) - linux-2.6 2.6.23-2 [etch] - linux-2.6 (Only Linux 2.6.23 and above affected) CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query clas ...) - jbosseam (bug #451956) CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...) NOT-FOR-US: Adobe PageMaker CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...) NOT-FOR-US: Adobe Flash Media Server CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...) {DSA-1525-1} - asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063) [etch] - asterisk (Minor issue, eventually fix in a later DSA) [sarge] - asterisk (Vulnerable code not present) CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow context ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension i ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows context-depe ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and pos ...) NOT-FOR-US: EMC RepliStor CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transpor ...) NOT-FOR-US: HP-UX CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in cert ...) NOT-FOR-US: Fonality Trixbox CVE-2007-6423 - apache2 (disputed / only for Windows) CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...) - apache2 2.2.8-1 (low) [sarge] - apache2 (vulnerable code introduced in 2.2) [etch] - apache2 2.2.3-4+etch4 (low) CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in mod_pr ...) - apache2 2.2.8-1 (low) [sarge] - apache2 (vulnerable code introduced in 2.2) [etch] - apache2 2.2.3-4+etch4 (low) CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the balancer-manage ...) - apache2 2.2.9-1 (low) [etch] - apache2 (minor issue) [sarge] - apache2 (vulnerable code introduced in 2.2) NOTE: Won't be fixed in etch. CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.2 ...) NOT-FOR-US: HP-UX CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...) {DSA-1436-1} - linux-2.6 2.6.23-2 CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen 3 ...) - xen-unstable (We only have xen for i386 and amd64) - xen-3 (We only have xen for i386 and amd64) - xen-3.0 (We only have xen for i386 and amd64) CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...) {DSA-1473-1} - scponly 4.6-1.2 (high) CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a redire ...) NOT-FOR-US: Adult ScriptAdult Script CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120 ...) NOT-FOR-US: Sun Solaris CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in Bitwea ...) NOT-FOR-US: Bitweaver CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...) NOT-FOR-US: Gadu-Gadu client CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows re ...) NOT-FOR-US: Gadu-Gadu client CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed b ...) NOT-FOR-US: Gadu-Gadu client CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified informati ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Prov ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Co ...) NOT-FOR-US: CA eTrust Threat Management Console CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...) NOT-FOR-US: Simple HTTPD CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttp ...) NOT-FOR-US: Simple HTTPD CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assist ...) NOT-FOR-US: Winamp CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic (M ...) NOT-FOR-US: Media Player Classic CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ( ...) NOT-FOR-US: PolDoc CMS CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote authenticate ...) NOT-FOR-US: Flat PHP Board CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass authe ...) NOT-FOR-US: Flat PHP Board CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...) NOT-FOR-US: Flat PHP Board CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP Bo ...) NOT-FOR-US: Flat PHP Board CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...) NOT-FOR-US: Flat PHP Board CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 allo ...) NOT-FOR-US: Content Injector CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...) NOT-FOR-US: Ace Image Hosting Script CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows remo ...) NOT-FOR-US: DWdirectory CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 allow ...) NOT-FOR-US: SH-News CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar plug ...) - serendipity (This is an external plugin not included in our packages) CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 mig ...) - gnome-screensaver 2.22.0-1 (low; bug #455484) [etch] - gnome-screensaver (Minor issue) CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache H ...) - apache (low) - apache2 2.2.8-1 (low) [etch] - apache2 2.2.3-4+etch6 [etch] - apache 1.3.34-4.1+etch1 CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...) {DSA-1437-1} - cups 1.3.5-1 (low; bug #456960) - cupsys 1.3.5-1 (low; bug #456960) [sarge] - cupsys (Minor issue) NOTE: the debian package is a bit confusing here as it also ships a pdftops NOTE: wrapper script as an example but the original script is installed NOTE: under /usr/lib/cups/filters CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (in ...) {DSA-1533-2 DSA-1533-1} - exiftags 1.01-0.1 (low; bug #457062) CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...) {DSA-1533-2 DSA-1533-1} - exiftags 1.01-0.1 (bug #457062) CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact a ...) {DSA-1533-2 DSA-1533-1} - exiftags 1.01-0.1 (bug #457062) CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependen ...) {DSA-1487-1} - libexif 0.6.16-2.1 (medium; bug #457330) CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...) {DSA-1487-1} - libexif 0.6.16-2.1 (low; bug #457330) CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windo ...) NOT-FOR-US: P4Web CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQ ...) {DSA-1501-1} - dspam 3.6.8-5.1 (low; bug #448519) CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 Acti ...) NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...) NOT-FOR-US: Trend Micro AntiVirus CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not prop ...) NOT-FOR-US: Kerio WinRoute Firewall CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...) NOT-FOR-US: BEA WebLogic Mobility Server CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ch ...) NOT-FOR-US: Chandler CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote attac ...) NOT-FOR-US: Robocode CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...) {DSA-1439-1} - typo3-src 4.1.5-1 (low; bug #457446) NOTE: you need to be a logged in backend user to exploit this CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1 ...) NOT-FOR-US: e-Xoops CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: BadBlue CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and e ...) NOT-FOR-US: BadBlue CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll i ...) NOT-FOR-US: BadBlue CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi P ...) NOT-FOR-US: PHP-Nuke CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...) NOT-FOR-US: Bitweaver CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...) NOT-FOR-US: Bitweaver CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow rem ...) NOT-FOR-US: GestDown CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remo ...) NOT-FOR-US: JUNOS CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attac ...) NOT-FOR-US: Nokia N95 CVE-2007-6370 REJECTED CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the Pict ...) NOT-FOR-US: PictPress CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 all ...) NOT-FOR-US: ezContents CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook i ...) NOT-FOR-US: SineCMS CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier al ...) NOT-FOR-US: SineCMS CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php i ...) NOT-FOR-US: bcoos CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLM ...) NOT-FOR-US: JLMForo System CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when u ...) NOT-FOR-US: IBM Tivoli Netcool Security Manager CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery (com_rsgalle ...) NOT-FOR-US: RSGallery CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web roo ...) NOT-FOR-US: Gekko CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...) NOT-FOR-US: Sun eXtended System Control Facility CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...) NOT-FOR-US: Microsoft Office Access CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...) {DSA-1474-1} - exiv2 0.15-2 (medium; bug #456760) CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...) {DSA-1473-1} - scponly 4.6-1.1 (high; bug #437148) CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net befo ...) - squirrelmail (Compromised packages were never in Debian) CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php i ...) NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allo ...) NOT-FOR-US: Rainboard CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...) NOT-FOR-US: aurora CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms Eas ...) NOT-FOR-US: Mcms Easy Web Make CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node M ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module (AuthCA ...) NOT-FOR-US: Apache AuthCAS module CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such a ...) {DSA-1515-1} - libnet-dns-perl 0.63-1 (low; bug #457445) NOTE: maybe this should be unimportant as applications using net-dns should handle this croak CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ciph ...) NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (Do ...) NOT-FOR-US: Akamai Download Manager CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill E ...) NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in nsis ...) {DTSA-101-1} - clamav 0.92~dfsg-1~volatile2 [sarge] - clamav (Vulnerable code not present) [etch] - clamav (Vulnerable code not present) CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to exec ...) {DSA-1435-1 DTSA-101-1} - clamav 0.92~dfsg-1~volatile2 [sarge] - clamav (Vulnerable code not present) CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote atta ...) {DSA-1435-1 DTSA-101-1} - clamav 0.92~dfsg-1~volatile2 [sarge] - clamav (Vulnerable code not present) CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and pos ...) NOT-FOR-US: Ingres on Windows CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...) NOT-FOR-US: HP Info Center / HP Quick Launch Buttons CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...) NOT-FOR-US: HP Info Center HP Quick Launch Buttons CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 Active ...) NOT-FOR-US: HP Info Center / HP Quick Launch Buttons CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...) NOT-FOR-US: Meridian Prolog Manager CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sig ...) NOT-FOR-US: Microsoft Office CVE-2007-6328 - dosbox 0.72-1 (unimportant; bug #458950) NOTE: this is not a security issue, its a feature of dosbox and the first NOTE: thing documented in the manpage CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media Technolog ...) NOT-FOR-US: Online Media Technologies CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attac ...) NOT-FOR-US: Simple HTTPD CVE-2007-6325 (PHP remote file inclusion vulnerability in adminbereich/designconfig.p ...) NOT-FOR-US: Fastpublish CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter 0.9. ...) NOT-FOR-US: CityWriter CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 al ...) NOT-FOR-US: MMS Gallery PHP CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...) NOT-FOR-US: xml2owl CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does n ...) NOT-FOR-US: Feature (third party drupal module) CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8 ...) NOT-FOR-US: Lyris ListManager CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress 2.3. ...) - wordpress 2.3.2-1 (low; bug #459305) [etch] - wordpress (Vulnerable code not present) NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416 CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web Ser ...) NOT-FOR-US: BarracudaDrive CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server ...) NOT-FOR-US: BarracudaDrive CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote authe ...) NOT-FOR-US: BarracudaDrive CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read t ...) NOT-FOR-US: BarracudaDrive CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...) - mysql-dfsg-5.0 (this only affects >= 5.1.x, update for experimental is on its way) - mysql-dfsg-4.1 CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web Repo ...) NOT-FOR-US: Web Security Suite CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) admin/i ...) NOT-FOR-US: Falt4Extreme CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC ...) NOT-FOR-US: Falt4Extreme CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in we ...) NOT-FOR-US: webSPELL CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows re ...) NOT-FOR-US: HttpLogger CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php ...) NOT-FOR-US: wwwstats CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map f ...) - libjfreechart-java 1.0.9-1 (low; bug #456148) [sarge] - libjfreechart-java (Contrib not supported) CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...) NOT-FOR-US: IBM Hardware Management Console CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3 ...) NOT-FOR-US: Novell NetMail CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in OpenNewslet ...) NOT-FOR-US: OpenNewsletter CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 a ...) NOT-FOR-US: Fusion News CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for Dr ...) NOT-FOR-US: shoutbox (third party module for Drupal) CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14. ...) NOT-FOR-US: PHPMyChat CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyC ...) NOT-FOR-US: PHPMyChat CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page i ...) NOT-FOR-US: IBM Lotus Sametime CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...) NOT-FOR-US: IBM Hardware Management Console CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...) NOT-FOR-US: IBM Hardware Management Console CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ea ...) NOT-FOR-US: MWOpen CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manag ...) NOT-FOR-US: Xigla Absolute Banner Manager .NET CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in SERWe ...) NOT-FOR-US: SERWeb CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev ...) NOT-FOR-US: SERWeb CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow ...) NOT-FOR-US: TCExam CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs H ...) NOT-FOR-US: HyperVM CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...) - tomcat5.5 (Does not use apr connector) - tomcat5 CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux distrib ...) - autofs (-hosts feature not present, auto.net has nosuid,nodev) - autofs5 5.0.3-1 NOTE: for autofs5 see 12disable_default_auto_master.dpatch CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows context-de ...) {DSA-1461-1} - libxml2 2.6.30.dfsg-3.1 (medium; bug #460292) - libxml 1.8.17-14.1 (medium) CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ...) - bind9 (On Debian this file is rw for user bind and just readable for group bind) CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote r ...) {DSA-1630-1} - linux-2.6 2.6.25-1 - linux-2.6.24 2.6.24-6~etchnhalf.4 NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69 CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...) NOT-FOR-US: St. Bernard Open File Manager CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.2 ...) {DSA-1451-1} - mysql-dfsg-5.0 5.0.45-5 (low; bug #455737) - mysql-dfsg-4.1 CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0. ...) - mysql-dfsg-5.0 5.0.45-5 (low; bug #455737) - mysql-dfsg-4.1 [etch] - mysql-dfsg-5.0 (Vulnerable code introduced after 5.0.32) CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x be ...) - drupal5 5.5-1 - drupal 4.7.10-1 CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...) - roundcube 0.1~rc2-6 (low; bug #455840) NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html CVE-2007-6280 RESERVED CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec (FLA ...) - flac 1.2.1-1 (unimportant) NOTE: According to upstream this issue is not exploitable for code injection NOTE: due to the layout of the seektable memory CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assi ...) - flac 1.2.1-1 (unimportant) NOTE: Such validations are within the responsibility of the respective applications CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) {DSA-1469-1} - flac 1.2.1-1 CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos ...) NOT-FOR-US: bcoos CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/di ...) NOT-FOR-US: bcoos CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in So ...) NOT-FOR-US: SonicWALL GLobal VPN Client CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...) NOT-FOR-US: Joomla! CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain sensit ...) NOT-FOR-US: Absolute News Manager.NET CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News M ...) NOT-FOR-US: Absolute News Manager.NET CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolu ...) NOT-FOR-US: Absolute News Manager.NET CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute Ne ...) NOT-FOR-US: Absolute News Manager.NET CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 an ...) NOT-FOR-US: Citrix EdgeSight CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier all ...) NOT-FOR-US: bcoos CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions b ...) NOT-FOR-US: avast! CVE-2007-6264 RESERVED CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, whe ...) - linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733) [sarge] - linux-ftpd-ssl (Minor issue) [etch] - linux-ftpd-ssl (Minor issue) CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...) - vlc (Windows only issue) CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with def ...) NOT-FOR-US: Oracle CVE-2007-6259 RESERVED CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV ...) - libapache2-mod-jk2 2.0.4-1 CVE-2007-6257 RESERVED CVE-2007-6256 REJECTED CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBE ...) NOT-FOR-US: Microsoft HRTBEAT.OCX CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects BusinessObject ...) NOT-FOR-US: SAP CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5 ...) NOT-FOR-US: Adobe Form Designer CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation STRunn ...) NOT-FOR-US: Street Technologies CVE-2007-6251 RESERVED CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPl ...) NOT-FOR-US: AmpX ActiveX control CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the um ...) NOT-FOR-US: Gentoo portage CVE-2007-6248 RESERVED CVE-2007-6247 REJECTED CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier m ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unkno ...) NOT-FOR-US: Beehive Forum CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...) NOT-FOR-US: Snitz Forums CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before ...) {DSA-1646-2 DSA-1482-1} - squid 2.6.17-1 (medium; bug #455910) CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows ...) NOT-FOR-US: Apple QuickTime CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie paramete ...) NOT-FOR-US: DeluxeBB CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote ...) NOT-FOR-US: RealNetworks RealPlayer 11 CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass authent ...) NOT-FOR-US: FTP Admin 0.1.0 CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allo ...) NOT-FOR-US: FTP Admin 0.1.0 CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1 ...) NOT-FOR-US: FTP Admin 0.1.0 CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 ...) NOT-FOR-US: tellmatic CVE-2007-6230 (Directory traversal vulnerability in common/classes/class_HeaderHandle ...) NOT-FOR-US: Rayzz CVE-2007-6229 (PHP remote file inclusion vulnerability in common/classes/class_Header ...) NOT-FOR-US: Rayzz CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 A ...) NOT-FOR-US: Yahoo! Toolbar CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating syst ...) - qemu (Windows issue) CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Powe ...) NOT-FOR-US: American Power Conversion (APC) CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used o ...) NOT-FOR-US: Sun Solaris 10 CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc326 ...) NOT-FOR-US: RealAudioObjects.RealAudio ActiveX CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 ...) NOT-FOR-US: phpBB Garage CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT Interleav ...) NOT-FOR-US: Interleave CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain configurati ...) NOT-FOR-US: TuMusika CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of se ...) - typespeed 0.6.4-1 (unimportant; bug #454527) CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Securit ...) NOT-FOR-US: IBM Tivoli Netcool Security Manager CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...) NOT-FOR-US: Ossigeno CMS CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ( ...) NOT-FOR-US: Irola My-Time CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices ...) NOT-FOR-US: Sun Solaris CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...) NOT-FOR-US: Web-MeetMe CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in Lear ...) NOT-FOR-US: LearnLoop CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in ...) NOT-FOR-US: WebED CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 allow ...) NOT-FOR-US: KML share CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...) - xen-3 3.1.2-1 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1} - linux-2.6 2.6.24-1 - linux-2.6.24 (Fixed before initial upload, upstream in 2.6.24) CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plu ...) {DSA-1528-1} - serendipity 1.2.1-1 (low) CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...) NOT-FOR-US: HP OpenView CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ...) - apache2 2.2.6-3 (low) [sarge] - apache2 (minor issue) - apache (vulnerable code not present) NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting [etch] - apache2 2.2.3-4+etch4 CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...) - claws-mail 3.1.0-2 (low; bug #454089) CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" script ...) {DSA-1420-1 DTSA-93-1} - zabbix 1:1.4.2-4 (bug #452682) CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome S ...) NOT-FOR-US: Neocrome Seditio CMS CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...) - sing 1.1-16 (low; bug #454167) [etch] - sing 1.1-13etch1 [sarge] - sing 1.1-9sarge1 CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...) - zsh 4.3.4-dev-3-2 (low; bug #454073) [etch] - zsh (Minor issue) [sarge] - zsh (Minor issue) CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x bef ...) - wesnoth 1:1.2.8-1 (low) [etch] - wesnoth 1.2-4 [sarge] - wesnoth 0.9.0-8 CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a wr ...) - rsync 2.6.9-6 (low; bug #453652) [etch] - rsync (Minor issue) CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is n ...) - rsync 2.6.9-6 (unimportant; bug #453652) NOTE: Security feature enhancement, not really a security problem CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5 ...) NOT-FOR-US: Plumtree CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 a ...) NOT-FOR-US: Plumtree CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...) NOT-FOR-US: Calacode CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in Softw ...) NOT-FOR-US: HP-UX CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 a ...) NOT-FOR-US: HP Select Identity CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...) NOT-FOR-US: Citrix CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses w ...) NOT-FOR-US: Citrix CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.m ...) NOT-FOR-US: Armin Burger p.mapper CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobi ...) NOT-FOR-US: Cisco Unified IP Phone CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in Bit ...) NOT-FOR-US: BitDefender Online Anti-Virus Scanner CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7 ...) NOT-FOR-US: TuMusika Evolution CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...) NOT-FOR-US: PHP Content Architect CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impa ...) NOT-FOR-US: PHPDevShell CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...) NOT-FOR-US: Eurologon CMS CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...) NOT-FOR-US: Project Alumni CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 al ...) NOT-FOR-US: ISPmanager CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...) NOT-FOR-US: Cygwin CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...) NOT-FOR-US: Solaris CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0. ...) NOT-FOR-US: Charray's CMS CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Con ...) NOT-FOR-US: Easy Hosting Control Panel for Ubuntu CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in PHP ...) NOT-FOR-US: PHP-CON CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...) NOT-FOR-US: KB-Bestellsystem CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...) NOT-FOR-US: Lhaplus CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain pri ...) NOT-FOR-US: PHPDevShell CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) - liferay-portal (bug #569819) CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...) NOT-FOR-US: wpQuiz CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...) NOT-FOR-US: GOUAE DWD Realty CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows r ...) NOT-FOR-US: VU Case Manager CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...) NOT-FOR-US: Yast2 CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used i ...) NOT-FOR-US: Apple QuickTime CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote at ...) NOT-FOR-US: Apple Mac OS X CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote a ...) NOT-FOR-US: Eurologon CMS CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...) NOT-FOR-US: GOUAE DWD Realty CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1. ...) NOT-FOR-US: FMDeluxe CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to obta ...) NOT-FOR-US: Tilde CMS CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...) NOT-FOR-US: Tilde CMS CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...) NOT-FOR-US: Tilde CMS CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...) NOT-FOR-US: Proverbs Web Calendar CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...) NOT-FOR-US: SimpleGallery CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.p ...) - acidbase 1.3.9-1 (low; bug #453838) [etch] - acidbase (vulnerable code not present, in etch acidbase exits in this case) CVE-2007-6155 RESERVED CVE-2007-6154 RESERVED CVE-2007-6153 RESERVED CVE-2007-6152 RESERVED CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1} - linux-2.6 2.6.23-2 CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media Ser ...) NOT-FOR-US: Adobe Flash Media Server CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media S ...) NOT-FOR-US: Adobe Flash Media Server CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1. ...) NOT-FOR-US: IAPR COMMENCE CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Win ...) NOT-FOR-US: JP1/File Transmission Server/FTP on windows CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...) NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control i ...) NOT-FOR-US: Xunlei Thunder CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...) NOT-FOR-US: VU Case Manager CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...) NOT-FOR-US: JAF CMS CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 B ...) NOT-FOR-US: vBTube CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...) NOT-FOR-US: Dora Emlak CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1. ...) NOT-FOR-US: Mp3 ToolBox CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows remo ...) NOT-FOR-US: VU Mass Mailer CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 allow ...) NOT-FOR-US: Content Injector CVE-2007-6136 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2 ...) NOT-FOR-US: M2Scripts MySpace Scripts CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSli ...) NOT-FOR-US: PHPSlideShow CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6. ...) NOT-FOR-US: PHPKIT CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...) NOT-FOR-US: DevMass Shopping Cart CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in gtk/sr ...) {DSA-1431-1 DTSA-102-1} - ruby-gnome2 0.16.0-10 (medium; bug #453689) CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine (res_confi ...) - asterisk 1:1.4.15~dfsg-1 (medium) [sarge] - asterisk (Vulnerable code not present) [etch] - asterisk (Vulnerable code not present) CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...) {DSA-1417-1} - asterisk 1:1.4.15~dfsg-1 (medium) CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices ...) - kfreebsd-7 7.0~cvs20080107-1 - kfreebsd-6 6.3~cvs20080107-1 - kfreebsd-5 (medium; bug #453944) [etch] - kfreebsd-5 (kfreebsd not supported) CVE-2007-6132 REJECTED CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...) - scanbuttond 0.2.3-6 (unimportant; bug #453239) NOTE: this is just an example script, maintainer adds a note about it NOTE: 0.2.3-6 adds a security note about this script CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, wh ...) - gnump3d 3.0-1 (medium) [sarge] - gnump3d (Vulnerable code not present) [etch] - gnump3d (Vulnerable code not present) CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...) NOT-FOR-US: Amber script CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 all ...) NOT-FOR-US: WorkingOnWeb CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ear ...) NOT-FOR-US: Alumni CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni ...) NOT-FOR-US: Alumni CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers ...) NOT-FOR-US: Softbiz Freelancers Script CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Free ...) NOT-FOR-US: Softbiz Freelancers Script CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...) NOT-FOR-US: IRC Services CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before 5.0.6 ...) NOT-FOR-US: IRC Services CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 ...) {DSA-1429-1} - htdig 1:3.2.0b6-4 (low; bug #453278) [sarge] - htdig (Vulnerable code not present) CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...) {DTSA-98-1 DTSA-99-1} - emacs22 22.1+1-2.2 (bug #455432) - emacs21 21.4a+1-5.2 (bug #455433) [etch] - emacs21 (Minor issue, .el scripts opened need to be trusted) - xemacs21 21.4.21-4 (bug #457764) [etch] - xemacs21 (Minor issue, .el scripts opened need to be trusted) CVE-2007-6108 RESERVED CVE-2007-6107 RESERVED CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 ...) NOT-FOR-US: AlstraSoft E-Friends CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 a ...) NOT-FOR-US: TalkBack CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...) NOT-FOR-US: FileMaker Pro CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) ...) - ihu 0.5.6-3.1 (unimportant; bug #453280) NOTE: Would only terminate normal phone call by hanging up, not a real security bug CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2J ...) NOT-FOR-US: feed2js CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to c ...) NOT-FOR-US: Ability Mail Server CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth ...) - phpmyadmin 4:2.11.2.2-1 [sarge] - phpmyadmin (Vulnerable code not present) [etch] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2007-8/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/960064b55f68cd74969e8f0eee56da045f6ea57a CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParato ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log tru ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate Firewal ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0 ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParat ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Ba ...) NOT-FOR-US: JiRo's Banner System (JBS) CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...) NOT-FOR-US: Nuked-Klan CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...) NOT-FOR-US: meBiblio CVE-2007-6088 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...) NOT-FOR-US: phpBBViet CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in Vigile ...) NOT-FOR-US: VigileCMS CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...) NOT-FOR-US: VigileCMS CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...) NOT-FOR-US: VigileCMS CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts ...) NOT-FOR-US: HotScripts Clone script CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...) NOT-FOR-US: IceBB CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in Sciu ...) NOT-FOR-US: Sciurus Hosting Panel CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...) NOT-FOR-US: Windows CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the banner ...) NOT-FOR-US: bcoos CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos 1.0.1 ...) NOT-FOR-US: bcoos CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote a ...) NOT-FOR-US: SkyPortal CVE-2007-6076 RESERVED CVE-2007-6075 RESERVED CVE-2007-6074 RESERVED CVE-2007-6073 RESERVED CVE-2007-6072 RESERVED CVE-2007-6071 RESERVED CVE-2007-6070 REJECTED CVE-2007-6069 RESERVED CVE-2007-6068 RESERVED CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 - tcl8.3 8.3.5-13 [etch] - tcl8.3 (Minor issue) - tcl8.4 8.4.17-1 [etch] - tcl8.4 (Minor issue) [sarge] - postgresql CVE-2007-6066 RESERVED CVE-2007-6065 RESERVED CVE-2007-6064 RESERVED CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1} - linux-2.6 2.6.23-2 CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...) - ngircd 0.10.3-1 (bug #451875) [etch] - ngircd 0.10.0-2etch1 CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name w ...) - audacity 1.3.4-1.1 (bug #453283; low) [etch] - audacity (Minor issue) CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a f ...) NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum CVE-2007-6059 NOT-FOR-US: Javamail CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 ...) NOT-FOR-US: ProfileCMS CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm Socia ...) NOT-FOR-US: datecomm Social Networking Script CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a ...) NOT-FOR-US: Aida-Web CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) - liferay-portal (bug #569819) CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the mana ...) NOT-FOR-US: Aruba 800 Mobility Controller CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large ...) NOT-FOR-US: IBM DB2 CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggre ...) NOT-FOR-US: IBM DB2 CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1 ...) NOT-FOR-US: IBM DB2 CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak ...) NOT-FOR-US: IBM DB2 CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB ...) NOT-FOR-US: IBM DB2 CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...) NOT-FOR-US: IBM DB2 CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 befor ...) NOT-FOR-US: IBM DB2 CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 UD ...) NOT-FOR-US: IBM DB2 CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...) NOT-FOR-US: IBM DB2 CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unkn ...) NOT-FOR-US: IBM WebSphere CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates predic ...) NOT-FOR-US: Windows CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Co ...) NOT-FOR-US: SWSoft Confixx Professional CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in sequencer.c ...) NOT-FOR-US: Rigs of Rods (RoR) CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to caus ...) NOT-FOR-US: Belkin F5D7230-4 Wireless G Router CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ...) - php5 5.2.5-1 (unimportant; bug #453295) NOTE: Not a vulnerability per Debian PHP security policy, requires malicious NOTE: script to trigger this issue CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails 1 ...) - rails 1.2.6-1 (low; bug #452748) CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [etch] - wireshark (Vulnerable code not present) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.9 ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (medium; bug #452381) [etch] - wireshark (Vulnerable code not present) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly ...) {DTSA-92-1} - wireshark 0.99.6pre1-1 (low) [etch] - wireshark (Minor issue, exotic dissector, very intrusive backport) CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 thro ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (medium; bug #452381) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethe ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (medium; bug #452381) [etch] - wireshark (Vulnerable code not present) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99 ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [etch] - wireshark (Vulnerable code not present) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark (formerl ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (bug #452381) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...) {DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [etch] - wireshark (Vulnerable code not present) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0. ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) [sarge] - ethereal (Vulnerable code not present) CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...) {DSA-1414-1 DTSA-92-1} - wireshark 0.99.7~pre1-1 (low; bug #452381) CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the ...) NOT-FOR-US: Joomla! extension CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in ...) NOT-FOR-US: Citrix NetScaler CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...) NOT-FOR-US: LIVE555 Media Server CVE-2007-6034 REJECTED CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure p ...) NOT-FOR-US: Invensys Wonderware InTouch CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web Publish ...) NOT-FOR-US: Aleris Web Publishing Server CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attack ...) NOT-FOR-US: VanDyke VShell CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknow ...) NOT-FOR-US: Weird Solutions BOOTPTurbo CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote at ...) NOTE: this information is based upon a vague advisory by a vulnerability NOTE: information sales organization that does not coordinate with vendors or NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is NOTE: not disclosed it would be hard to fix and track it. CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL Ac ...) NOT-FOR-US: ComponentOne FlexGrid CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the ...) NOT-FOR-US: Joomla! extension CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka M ...) NOT-FOR-US: Microsoft Jet Engine CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 a ...) - wpasupplicant 0.6.0-4 [etch] - wpasupplicant (Vulnerable code not present) [sarge] - wpasupplicant (Vulnerable code not present) CVE-2007-6024 RESERVED CVE-2007-6023 RESERVED CVE-2007-6022 RESERVED CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows u ...) NOT-FOR-US: Adobe PageMaker CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...) NOT-FOR-US: KeyView CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, al ...) - flashplugin-nonfree 1:1.4 CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...) {DSA-1470-1} - horde3 3.1.6-1 (bug #461131; low) - imp4 (xss.php is only present in horde3 package) CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in th ...) NOT-FOR-US: Symantec Backup Exec CVE-2007-6016 (Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar. ...) NOT-FOR-US: Symantec Backup Exec CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in S ...) {DSA-1427-1 DTSA-100-1} - samba 3.0.28-1 (high) CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ear ...) NOT-FOR-US: Beehive Forum CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash o ...) - wordpress 2.5.0-1 (low; bug #452251) [etch] - wordpress (Minor issue) NOTE: if untrusted people are allowed to read the database they could still NOTE: crack the hash with more work, so maybe this is unimportant? CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 ...) NOT-FOR-US: DocuSafe CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...) {DSA-1418-1} - cacti 0.8.7a-1 (medium; bug #452085) CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System b ...) NOT-FOR-US: BugHotel CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allow ...) {DTSA-89-1} - pioneers 0.11.3-2 (low; bug #449541) [etch] - pioneers (Minor issue) CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote a ...) NOT-FOR-US: ACD products CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (fo ...) NOT-FOR-US: Autonomy CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manage ...) NOT-FOR-US: Pro Photo Manager CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization me ...) NOT-FOR-US: TestLink CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX c ...) NOT-FOR-US: WebEx CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...) NOT-FOR-US: Toko Instan CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Th ...) NOT-FOR-US: SpeedTouch CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.1 ...) NOT-FOR-US: Fenriru CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ba ...) - bandersnatch (low; bug #435709) CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a den ...) - kdebase (unimportant; bug #451794) NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer NOTE: it seems konqueror only treats the cookie value until some special length NOTE: as cookie, after this length it will open the rest as site content. This eats alot NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after NOTE: no memory is left, not treated as security problem. CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions Sc ...) NOT-FOR-US: Softbiz CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus S ...) NOT-FOR-US: Softbiz CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner Ex ...) NOT-FOR-US: Softbiz Banner Exchange Network Script CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link Direct ...) NOT-FOR-US: Softbiz Link Directory Script CVE-2007-5995 (PHP remote file inclusion vulnerability in examples/patExampleGen/bbco ...) NOT-FOR-US: patBBcode CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz ...) NOT-FOR-US: php photo album CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in Li ...) NOT-FOR-US: vtls CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...) NOT-FOR-US: Social Networking Script CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote a ...) NOT-FOR-US: ExoPHPdesk CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote a ...) NOT-FOR-US: ExoPHPdesk CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...) NOT-FOR-US: Skype CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user acc ...) NOT-FOR-US: BtiTracker CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is disabl ...) NOT-FOR-US: BtiTracker CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker bef ...) NOT-FOR-US: BtiTracker CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker befo ...) NOT-FOR-US: BtiTracker CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 a ...) NOT-FOR-US: AutoIndex CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstr ...) NOT-FOR-US: AutoIndex CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, ...) NOT-FOR-US: X7 Chat CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which ...) NOT-FOR-US: Lantronix CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog be ...) NOT-FOR-US: eggblog CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...) NOT-FOR-US: F5 Firepass CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module fo ...) NOT-FOR-US: XOOPS CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmi ...) - phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465) [etch] - phpmyadmin (Vulnerable code not present) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2007-7/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/83adea5d6f79640648d3d5384c910820f1d085c3 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6225d4533abb0ffee0c985354326295a746cc79e CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11 ...) - phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465) CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) T ...) NOT-FOR-US: TBSource CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote a ...) NOT-FOR-US: JPortal CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and earli ...) NOT-FOR-US: JPortal CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in lib/k ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: potential attackers must have privileges to store the krb5kdc master key NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 functi ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authent ...) - mysql-dfsg-5.0 (Vulnerable code not present referring to maintainer) - mysql-dfsg-4.1 - mysql-dfsg NOTE: version in experimental is affected by this NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377 CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x be ...) {DSA-1451-1} - mysql-dfsg-5.0 5.0.45-4 (low; bug #455010) - mysql-dfsg-4.1 CVE-2007-5968 REJECTED CVE-2007-5967 RESERVED CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...) {DSA-1436-1} - linux-2.6 2.6.23-2 CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verif ...) - qt4-x11 4.3.3-1 [etch] - qt4-x11 (Vulnerable code was introduced in 4.3) - qt-x11-free (Vulnerable code was introduced in 4.3) CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, suc ...) - autofs 3.1.4-8 (medium) - autofs5 5.0.3-1 CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a den ...) - kdebase (unimportant) NOTE: This has only theoretical security impact CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...) - vsftpd (Vulnerability in Red Hat-specific patch) CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network channe ...) NOT-FOR-US: Red Hat Network channel search feature CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ...) {DSA-1506-1 DSA-1425-1 DSA-1424-1} - iceweasel 2.0.0.10-1 - iceape 1.1.7-1 - xulrunner 1.8.1.11-1 NOTE: MFSA2007-39 CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1506-1 DSA-1425-1 DSA-1424-1} - iceweasel 2.0.0.10-1 - iceape 1.1.7-1 - xulrunner 1.8.1.11-1 NOTE: MFSA2007-38 CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the existen ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.T ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET bef ...) NOT-FOR-US: UPDIR.NET CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo Sy ...) NOT-FOR-US: JLMForo System CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...) NOT-FOR-US: Really Simple CalDAV Store CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...) NOT-FOR-US: Helios Calendar CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows re ...) NOT-FOR-US: E-Vendejo CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...) NOT-FOR-US: NetCommons CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6. ...) NOT-FOR-US: IBM Tivoli Service Desk CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF- ...) NOT-FOR-US: SF-Shoutbox CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...) {DSA-1506-1 DSA-1425-1 DSA-1424-1} - iceweasel 2.0.0.10-1 (low; bug #451624) - iceape 1.1.7-1 - xulrunner 1.8.1.11-1 NOTE: MFSA2007-37 CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11. ...) NOT-FOR-US: HP-UX CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of reposito ...) NOT-FOR-US: usvn CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Conta ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a me ...) NOT-FOR-US: Simple Machines Forum CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive informati ...) - bandersnatch (unimportant; bug #451365) NOTE: Installation path disclosure not treated as a security issue CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adob ...) NOT-FOR-US: Adobe Shockwave CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...) - texlive-bin 2005.dfsg.2-1 - feynmf 1.08-1 CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...) - heimdal (vulnerable code not present, ticketfile is just unlinked which is ok) CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1. ...) - linux-2.6 2.6.23-2 [etch] - linux-2.6 (Vulnerable code not present) NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2 ...) - texlive-bin 2007-13 [etch] - texlive-bin (Minor issue) CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to obta ...) - texlive-bin 2007-13 [etch] - texlive-bin (Minor issue) CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 200 ...) {DTSA-97-1} - texlive-bin 2007.dfsg.1-1 [etch] - texlive-bin (Minor issue) CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...) - php-mdb2 2.5.0b2-1 CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...) {DTSA-89-1} - pioneers 0.11.3-2 (low; bug #449541) [etch] - pioneers (Minor issue) CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...) NOT-FOR-US: Fatwire Content Server CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in Oran ...) NOT-FOR-US: OrangeHRM CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in Cerbe ...) NOT-FOR-US: Cerberus Ftp Server CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote auth ...) NOT-FOR-US: OpenBase CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to trigg ...) NOT-FOR-US: OpenBase CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier allow ...) NOT-FOR-US: OpenBase CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to execu ...) NOT-FOR-US: OpenBase CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the In ...) {DSA-1413-1 DTSA-91-1} - mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235) - mysql-dfsg-4.1 - mysql-dfsg CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in ...) NOT-FOR-US: eTrust SiteMinder Agent CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloade ...) - ircii-pana (Does not ship this script) CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...) NOT-FOR-US: Solaris CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...) NOT-FOR-US: Domenico Mancini PicoFlat CMS CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web r ...) NOT-FOR-US: MyWebFTP CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS ...) NOT-FOR-US: MS TopSites CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in admin/admin_account ...) NOT-FOR-US: Skalinks CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 al ...) NOT-FOR-US: phphelpdesk CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 a ...) NOT-FOR-US: phphelpdesk CVE-2007-5914 (Direct static code injection vulnerability in dirsys/modules/config/po ...) NOT-FOR-US: JBC Explorer CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not ...) NOT-FOR-US: JBC Explorer CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote a ...) NOT-FOR-US: jPORTAL CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX cont ...) NOT-FOR-US: Viewpoint Media Player CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView View ...) NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...) NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others CVE-2007-5908 REJECTED CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from applicatio ...) - xen-3 3.1.2-1 (unimportant; bug #451626) - xen-3.0 (unimportant) NOTE: CONFIG_SECCOMP isn't activated in Debian kernels CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of servi ...) - xen-3 3.1.2-1 (medium; bug #451626) - xen-3.0 CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...) NOT-FOR-US: Adobe ColdFusion CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earli ...) {DSA-1428-1} - linux-2.6 2.6.24-1 - linux-2.6.24 (Fixed before initial upload, upstream in 2.6.24) NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3 CVE-2007-5903 RESERVED CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in lib/rpc/ ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in lib ...) - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms co ...) NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch NOTE: from CVS and later re-introduction NOTE: https://bugs.php.net/bug.php?id=41561 CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...) {DSA-1444-1} - php5 5.2.5-1 (bug #453295) NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch NOTE: fixed in php5/etch svn CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...) {DSA-1444-1} - php5 5.2.5-1 (bug #453295) NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch NOTE: fixed in php5/etch svn CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...) NOT-FOR-US: Oracle CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of s ...) - iceweasel (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-5895 RESERVED CVE-2007-5894 - krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974) NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote a ...) NOT-FOR-US: Sockets Library CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReade ...) NOT-FOR-US: SSReader CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...) NOT-FOR-US: ManageEngine OpManager and OpManager CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows ...) NOT-FOR-US: easyGB CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha ...) NOT-FOR-US: IDMOS CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in Copper ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...) NOT-FOR-US: ASP Message Board CVE-2007-5886 RESERVED CVE-2007-5885 RESERVED CVE-2007-5884 RESERVED CVE-2007-5883 RESERVED CVE-2007-5882 RESERVED CVE-2007-5881 RESERVED CVE-2007-5880 RESERVED CVE-2007-5879 RESERVED CVE-2007-5878 RESERVED CVE-2007-5877 RESERVED CVE-2007-5876 RESERVED CVE-2007-5875 RESERVED CVE-2007-5874 RESERVED CVE-2007-5873 RESERVED CVE-2007-5872 RESERVED CVE-2007-5871 RESERVED CVE-2007-5870 RESERVED CVE-2007-5869 RESERVED CVE-2007-5868 RESERVED CVE-2007-5867 RESERVED CVE-2007-5866 RESERVED CVE-2007-5865 RESERVED CVE-2007-5864 RESERVED CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ex ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypas ...) NOT-FOR-US: Cisco IP Phone 7940 CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allo ...) NOT-FOR-US: Spin Tracer (Apple Mac OS X) CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allo ...) NOT-FOR-US: Safari RSS (Apple Mac OS X) CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 thro ...) NOT-FOR-US: Safari (Apple Mac OS X) CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from acce ...) NOT-FOR-US: Quick Look (Apple Mac OS X) CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does n ...) NOT-FOR-US: Quick Look (Apple Mac OS X) CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has be ...) NOT-FOR-US: Mail (Apple Mac OS X) CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HT ...) NOT-FOR-US: Launch Services (Apple Mac OS X) CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4. ...) NOT-FOR-US: IO Storage Family (Apple Mac OS X) CVE-2007-5852 RESERVED CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attacke ...) NOT-FOR-US: iChat (Apple Mac OS X) CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4. ...) NOT-FOR-US: Desktop Services (Apple Mac OS X) CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...) {DSA-1437-1} - cupsys 1.3.5-1 (medium; bug #457453) - cups 1.3.5-1 (medium; bug #457453) [sarge] - cupsys (Vulnerable code not present) CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin u ...) - cupsys 1.2.0 - cups 1.2.0 NOTE: This only affects the Cups 1.1 series [sarge] - cupsys (Minor issue, may only lead to an infinite loop) CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in Cor ...) NOT-FOR-US: Core Foundation (Apple Mac OS X) CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote a ...) {DSA-1483-1 DTSA-88-1} - net-snmp 5.4.1~dfsg-1 NOTE: 5.4.1 already includes a fix by the upstream author CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...) NOT-FOR-US: GuppY CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 a ...) NOT-FOR-US: GuppY CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in scWi ...) NOT-FOR-US: scWiki CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1. ...) NOT-FOR-US: Vortex Portal CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard ...) NOT-FOR-US: nuBoard CVE-2007-5840 (PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.i ...) NOT-FOR-US: SyndeoCMS CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 a ...) NOT-FOR-US: Symantec CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, a ...) {DSA-1477-1} - yarssr 0.2.2-3 (bug #448721) CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...) NOT-FOR-US: Amazing Flash AFCommerce CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...) NOT-FOR-US: BosDev BosNews CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows re ...) NOT-FOR-US: BosDev BosNews CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarke ...) NOT-FOR-US: BosDev BosMarket Business Directory System CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...) NOT-FOR-US: SSL-Explorer CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer bef ...) NOT-FOR-US: SSL-Explorer CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya Mes ...) NOT-FOR-US: Avaya Messaging Storage Server CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10. ...) NOT-FOR-US: Symantec AntiVirus CVE-2007-5828 - python-django 1.2.1 (unimportant) NOTE: this is documented in docs/csrf.txt included in the python-django package and NOTE: there is a plugin enabling this feature. This is intended behaviour pre-1.2. NOTE: https://docs.djangoproject.com/en/1.10/ref/csrf/#using-csrf CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...) {DTSA-106-1} - iscsitarget 0.4.15-5 (bug #448873) NOTE: init script has "dump" function, which marks conffile correctly CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX c ...) NOT-FOR-US: EDraw Flowchart CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c i ...) {DSA-1597-1} - mt-daapd 0.9~r1696-1 (bug #459961) CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allo ...) {DSA-1597-1} - mt-daapd 0.9~r1696-1.1 (bug #459961) CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 an ...) NOT-FOR-US: Ben Ng Scribe CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng Scri ...) NOT-FOR-US: Ben Ng Scribe CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...) NOT-FOR-US: DM Guestbook CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS (Ax ...) NOT-FOR-US: Ax Developer CMS CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...) NOT-FOR-US: IBM Tivoli CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...) NOT-FOR-US: sBlog CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...) NOT-FOR-US: CONTENTCustomizer CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...) NOT-FOR-US: CONTENTCustomizer CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX c ...) NOT-FOR-US: WebCacheCleaner CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunc ...) NOT-FOR-US: SonicWall SSL-VPN NetExtender CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ISPwor ...) NOT-FOR-US: ISPworker CVE-2007-5812 (Directory traversal vulnerability in modules/Builder/DownloadModule.ph ...) NOT-FOR-US: ModuleBuilder CVE-2007-5811 NOT-FOR-US: phpMyConferences CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminex ...) NOT-FOR-US: Hitachi Web Server CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 t ...) NOT-FOR-US: Hitachi Web Server CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule com ...) NOT-FOR-US: Hitachi Groupmax Collaboration Portal CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...) NOT-FOR-US: SSReader CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in Services/Utilities/classes ...) NOT-FOR-US: ILIAS CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) NOT-FOR-US: IBM AIX CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) NOT-FOR-US: IBM AIX CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...) {DSA-1883-2 DSA-1883-1} - nagios2 (low; bug #482445) - nagios3 3.0.2-1 (low; bug #485439) CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf Technologie ...) NOT-FOR-US: Firewolf Technologies Synergiser CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has u ...) NOT-FOR-US: WORK system e-commerce CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPr ...) NOT-FOR-US: BackUpWordPress CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/ ...) NOT-FOR-US: IBM WebSphere CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigat ...) NOT-FOR-US: IBM WebSphere CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ex ...) - geronimo (bug #481869) CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: Blue Coat ProxySG CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...) {DSA-1430-1} - libnss-ldap 256-1 (bug #453868) CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local user ...) - ircii-pana (low; bug #449149) [etch] - ircii-pana (Minor issue) [sarge] - ircii-pana (Minor issue) CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when enable-lo ...) {DTSA-79-1} - emacs22 22.1+1-2.1 (medium; bug #449008) NOTE: Emacs 21 is not affected CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/ ...) NOT-FOR-US: Stonesoft StoneGate IPS CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP pack ...) NOT-FOR-US: Vonage Motorola Phone Adapter CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify ...) NOT-FOR-US: Vonage Motorola Phone Adapter CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequ ...) NOT-FOR-US: Globe7 soft phone client CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial o ...) NOT-FOR-US: Grandstream HT-488 CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...) NOT-FOR-US: Grandstream HT-488 CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...) NOT-FOR-US: Micro Login System CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 al ...) NOT-FOR-US: GoSamba CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 al ...) NOT-FOR-US: JobSite CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro ...) NOT-FOR-US: CaupoShop Pro CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows re ...) NOT-FOR-US: emagiC cms CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows r ...) NOT-FOR-US: FireConfig CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0 ...) NOT-FOR-US: Sige CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in t ...) NOT-FOR-US: teatro CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in ...) NOT-FOR-US: Gretech Online Movie Player CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the Retinax ...) NOT-FOR-US: Mobile Spy CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information und ...) NOT-FOR-US: Blue-Collar Productions i-Gallery CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar Produ ...) NOT-FOR-US: Blue-Collar Productions i-Gallery CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute a ...) NOT-FOR-US: BitDefender CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote attac ...) NOT-FOR-US: Flatnuke CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the Fi ...) NOT-FOR-US: Flatnuke CVE-2007-5772 (Direct static code injection vulnerability in the download module in F ...) NOT-FOR-US: Flatnuke CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrat ...) NOT-FOR-US: Flatnuke CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, an ...) {DSA-1412-1 DSA-1411-1 DSA-1410-1} - ruby1.9 1.9.0+20071016-1 - ruby1.8 1.8.6.111-1 (low; bug #451374) CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit ...) - netkit-ftp (Vulnerable code not present) CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password informati ...) NOT-FOR-US: Globe7 soft phone client CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application (clntrust.e ...) NOT-FOR-US: Geronimo Apache CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 1 ...) NOT-FOR-US: Oracle CVE-2007-5765 RESERVED CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...) NOT-FOR-US: IBM AIX CVE-2007-5763 REJECTED CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, al ...) NOT-FOR-US: Novell NetWare Client CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 h ...) NOT-FOR-US: Motorola netOctopus CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver befor ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 CVE-2007-5759 REJECTED CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration Ser ...) NOT-FOR-US: IBM DB2 CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal Data ...) NOT-FOR-US: IBM DB2 CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...) NOT-FOR-US: WinPcap CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...) NOT-FOR-US: AOL Radio CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...) NOT-FOR-US: phpFaber CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) befor ...) NOT-FOR-US: Light FMan PHP CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does ...) NOT-FOR-US: PHP-AGTC Membership CVE-2007-5750 RESERVED CVE-2007-5749 RESERVED CVE-2007-5748 RESERVED CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allo ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 CVE-2007-5744 RESERVED CVE-2007-5743 (viewvc 1.0.3 allows improper access control to files in a repository w ...) - viewvc 1.0.3-2.1 (bug #416696) CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for W ...) {DSA-1421-1 DTSA-90-1} - wesnoth 1:1.2.8-1 (medium; bug #453500) CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...) {DSA-1405-2 DSA-1405-1} - zope-cmfplone 2.5.2-2 (bug #449523) [sarge] - zope-cmfplone (Upstream confirms that 2.0 branch is not vulnerable) NOTE: Fix available: NOTE: http://plone.org/about/security/advisories/cve-2007-5741 CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail Ret ...) {DSA-1398-1 DTSA-84-1} - perdition 1.17.1-1 (medium; bug #448853) CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opm ...) {DTSA-107-1} - liferea 1.4.6-1 (low; bug #448850) [etch] - liferea (backup feedlist introduced in 1.2.7) [sarge] - liferea (backup feedlist introduced in 1.2.7) NOTE: this file can contain credentials for rss feeds CVE-2007-5739 (Directory traversal vulnerability in component/flashupload/download.js ...) NOT-FOR-US: Korean GHBoard CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side protect ...) NOT-FOR-US: Korean GHBoard CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in Kore ...) NOT-FOR-US: Korean GHBoard CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 B ...) NOT-FOR-US: SeeBlick CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root w ...) NOT-FOR-US: eFileMan CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows ...) NOT-FOR-US: eFileMan CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in Japanes ...) NOT-FOR-US: Japanese PHP Gallery Hosting CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's Forc ...) NOT-FOR-US: eLouai's Force Download CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...) - slide-webdavclient (Vulnerable code is only in the server part, but debian only has the client part) CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ...) {DSA-1284-1} - qemu 0.9.0-2 (bug #424070) - kvm 72+dfsg-1 - linux-2.6 (vulnerability does not affected kernel module) - linux-2.6.24 (vulnerability does not affected kernel module) CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitr ...) {DSA-1284-1} - qemu 0.9.0-2 (bug #424070) - kvm 72+dfsg-1 - linux-2.6 (vulnerability does not affected kernel module) - linux-2.6.24 (vulnerability does not affected kernel module) CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, a ...) {DSA-1693-1} - phppgadmin 4.1.3-0.1 (bug #449103; low) CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in com ...) NOT-FOR-US: OneOrZero Helpdesk CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol ...) NOT-FOR-US: Sun Solaris CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allo ...) NOT-FOR-US: Smart-Shop CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live a ...) NOT-FOR-US: Omnistar Live CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...) {DTSA-82-1} - nufw 2.2.7-1 (low) [etch] - nufw (Vulnerable code not present) CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...) NOT-FOR-US: GlobalLink CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in My ...) NOT-FOR-US: MySpacePros MySpace Resource Script CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in Profi ...) NOT-FOR-US: ProfileCMS CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...) NOT-FOR-US: miniBB CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded L ...) NOT-FOR-US: Sun Fire CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality ...) NOT-FOR-US: Sun Solaris 10 CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log me ...) - denyhosts 2.6-2 (low) [etch] - denyhosts (Minor issue) NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account w ...) - mldonkey (Gentoo-specific packaging flaw) CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...) NOT-FOR-US: Half-Life Server CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1 ...) {DSA-1640-1} - python-django 0.96-1.1 (low; bug #448838) CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows remot ...) NOT-FOR-US: Conflict CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.ph ...) - wordpress 2.3.1-1 (unimportant) NOTE: requires register_globals On, which we don't support CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...) NOT-FOR-US: Sony SonicStage CONNECT Player CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...) - vobcopy 1.0.2-1 (low; bug #448319) [etch] - vobcopy (Minor issue) [sarge] - vobcopy (Minor issue) CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles Direc ...) NOT-FOR-US: Jeebles CVE-2007-5705 (Unspecified vulnerability in the Settings component in the administrat ...) NOT-FOR-US: Jeebles CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...) NOT-FOR-US: CodeWidgets CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk ...) NOT-FOR-US: RSA KEON CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions ...) NOT-FOR-US: SWAMP OpenSUSE CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) i ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security Analyze ...) NOT-FOR-US: eIQNetworks CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark GO ...) NOT-FOR-US: CREApark GOLD KOY PORTALI CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 al ...) NOT-FOR-US: phpImage CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic al ...) NOT-FOR-US: phpBasic CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows rem ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #448690) NOTE: there is no real exploit scenario CVE-2007-5694 (Absolute path traversal vulnerability in the translation module (trans ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #447135) CVE-2007-5693 (Eval injection vulnerability in the translation module (translator.php ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #447135) CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 a ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (low; bug #448689) CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...) - iceweasel 2.0.0.8-1 (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-5690 - zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763) NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) i ...) - sun-java6 6-03-1 (medium) - sun-java5 1.5.0-13-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the Multi-F ...) NOT-FOR-US: Multi Host Forum Pro CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...) NOT-FOR-US: JustSystems Ichitaro CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...) - shadow (unimportant) NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so NOTE: unknown usernames are not recorded on login failures CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers t ...) NOT-FOR-US: shttp CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and e ...) - tikiwiki CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8. ...) - tikiwiki CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWi ...) - tikiwiki CVE-2007-5681 RESERVED CVE-2007-5680 RESERVED CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of se ...) {DSA-1541-1} - openldap2.3 2.3.38-1 (medium; bug #440632) - openldap2.2 - openldap2 (slapd not built) CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, w ...) {DSA-1541-1 DTSA-87-1} - openldap2.3 2.3.39-1 (medium; bug #448644) CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer w ...) NOT-FOR-US: British Telecommunications Consumer webhelper CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Be ...) NOT-FOR-US: DM CMS CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows rem ...) NOT-FOR-US: phpBasic CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hac ...) NOT-FOR-US: Hackish CVE-2007-5676 (PHP remote file inclusion vulnerability in modules/Forums/favorites.ph ...) NOT-FOR-US: PHP-Nuke CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm Ap ...) NOT-FOR-US: MultiXTpm Application Server CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ( ...) NOT-FOR-US: InstaGuide Weather CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...) NOT-FOR-US: ifnet WebIf CVE-2007-5672 RESERVED CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2007-5670 REJECTED CVE-2007-5669 RESERVED CVE-2007-5668 RESERVED CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...) NOT-FOR-US: Novell Client CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 ...) NOT-FOR-US: Adobe Reader CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...) NOT-FOR-US: Novell ZENworks Endpoint Security Management CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal ...) NOT-FOR-US: IBM DB2 CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Adobe Reader CVE-2007-5662 RESERVED CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) Ac ...) NOT-FOR-US: Macrovision InstallShield CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in isu ...) NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008 CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlie ...) NOT-FOR-US: Adobe Reader CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ea ...) NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...) NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...) NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...) NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger u ...) NOT-FOR-US: LiteSpeed CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do no ...) - php5 (windows only) CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a ...) NOT-FOR-US: IBM DB2 CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol (E ...) NOT-FOR-US: Cisco IOS CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 all ...) NOT-FOR-US: ReloadCMS CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Di ...) NOT-FOR-US: Creative Digital Resources SocketMail CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rN ...) NOT-FOR-US: rnote CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 ...) NOT-FOR-US: SocketKB CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines F ...) NOT-FOR-US: Simple Machines Forum CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges fo ...) NOT-FOR-US: Lussumo Vanilla CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ea ...) NOT-FOR-US: Lussumo Vanilla CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...) NOT-FOR-US: PHP Project Management CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project Mana ...) NOT-FOR-US: PHP Project Management CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...) NOT-FOR-US: Nortel VOIP products CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...) NOT-FOR-US: Nortel VOIP products CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...) NOT-FOR-US: Nortel VOIP products CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...) NOT-FOR-US: Nortel VOIP products CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote ...) NOT-FOR-US: Nortel VOIP products CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support Incid ...) NOT-FOR-US: Salford Software Support Incident Tracke CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...) NOT-FOR-US: SpeedFan CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...) NOT-FOR-US: SpeedFan CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 th ...) NOT-FOR-US: Solaris CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...) NOT-FOR-US: PeopleAggregator CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.1 ...) NOT-FOR-US: BBsProcesS BBPortalS CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in Shoppin ...) NOT-FOR-US: ShoppingTree CandyPress Store # CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The On ...) NOT-FOR-US: TOWeLS CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php i ...) NOT-FOR-US: Socketmail CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MyS ...) - bacula 5.0.0-1 (unimportant; bug #446809) NOTE: this script needs the default database password and name needs to be set which NOTE: would be a bigger problem in a non-trusted environment. Apart from NOTE: this is documented in the bacula documentation NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site S ...) NOT-FOR-US: Site Search SearchSimon Lite CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 all ...) {DSA-1883-2 DSA-1883-1} - nagios2 2.9-1.1 (low; bug #448371) CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins (nagios-p ...) {DSA-1495-1} - nagios-plugins 1.4.8-2.2 (medium; bug #448372) [sarge] - nagios-plugins (Vulnerable code not present) CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in 3prox ...) - 3proxy (bug #718219) CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token modul ...) NOT-FOR-US: Token Drupal NOTE: Token is not included in the drupal packages CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashCha ...) NOT-FOR-US: ZZ:FlashChat CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user pa ...) - vmware-package (low; bug #486177) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-5618 (Unquoted Windows search path vulnerability in the Authorization and ot ...) - vmware-package (Only vulnerable on windows hosted systems) [etch] - vmware-package (Contrib not supported) CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) - vmware-package (low; bug #486177) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...) NOT-FOR-US: SSH Tectia Client and Server CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows r ...) - jetty 6.1.19-1 (low; bug #454529) CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...) - jetty 6.1.19-1 (low; bug #454529) CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Je ...) - jetty 6.1.19-1 (low; bug #454529) CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers ...) NOT-FOR-US: IBM Director CVE-2007-5611 RESERVED CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr Active ...) NOT-FOR-US: ActiveX control CVE-2007-5609 RESERVED CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX co ...) NOT-FOR-US: ActiveX control CVE-2007-5607 (Buffer overflow in the RegistryString function in the HPISDataManagerL ...) NOT-FOR-US: ActiveX control CVE-2007-5606 (Buffer overflow in the MoveFile function in the HPISDataManagerLib.Dat ...) NOT-FOR-US: ActiveX control CVE-2007-5605 (Buffer overflow in the GetFileTime function in the HPISDataManagerLib. ...) NOT-FOR-US: ActiveX control CVE-2007-5604 (Buffer overflow in the ExtractCab function in the HPISDataManagerLib.D ...) NOT-FOR-US: ActiveX control CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELau ...) NOT-FOR-US: SonicWall SSL-VPN NetExtender CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5 ...) NOT-FOR-US: SwiftView Viewer CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...) NOT-FOR-US: RealPlayer (windows only issue) CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 an ...) NOT-FOR-US: Artmedic CMS CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...) NOT-FOR-US: awrate CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x ...) - drupal5 (bug #447748) - drupal (bug #447746) NOTE: drupal weblinks is not included in the drupal package in debian CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...) - drupal5 5.3-1 - drupal 4.7.8-1 CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...) - drupal5 5.3-1 - drupal 4.7.8-1 CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in includes/c ...) - drupal5 5.3-1 - drupal 4.7.8-1 CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection a ...) - drupal5 5.3-1 - drupal 4.7.8-1 CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ser ...) - drupal5 5.3-1 - drupal 4.7.8-1 CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...) NOT-FOR-US: awzMB CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Ch ...) NOT-FOR-US: Nortel Enterprise VoIP-Core-CS CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote attacke ...) NOT-FOR-US: Miranda CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...) {DTSA-103-1} - mnogosearch 3.3.4-4.1 (low; bug #447753) [sarge] - mnogosearch (Minor issue) [etch] - mnogosearch (Minor issue) CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...) NOT-FOR-US: Microsoft Windows CVE-2007-5586 REJECTED CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without xscreensaver-gl-ex ...) {DTSA-83-1} - xscreensaver 5.03-3.1 (medium; bug #448157) [etch] - xscreensaver (Vulnerable code not present) [sarge] - xscreensaver (Vulnerable code not present) CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2 ...) NOT-FOR-US: Cisco CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...) NOT-FOR-US: Cisco IP Phone CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco Ci ...) NOT-FOR-US: Cisco CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/m ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 befo ...) NOT-FOR-US: Cisco CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1403-1} - phpmyadmin 4:2.11.1.2-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2007-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c32d999eb16a9e2748a834e3ad722cc4d33f7dd5 CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when res ...) NOT-FOR-US: Pligg CMS CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirec ...) - acidbase 1.3.8 (low) [etch] - acidbase (Minor issue) CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterpr ...) NOT-FOR-US: BEA Tuxedo CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allo ...) NOT-FOR-US: 1024 CMS CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 all ...) NOT-FOR-US: PHPDJPHPDJ CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php i ...) - limesurvey (bug #472802) CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple P ...) NOT-FOR-US: SPHPBlog CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...) NOT-FOR-US: Cisco Firewall Services Module CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...) NOT-FOR-US: Cisco Firewall Services Module CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configure ...) NOT-FOR-US: Cisco CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...) NOT-FOR-US: Cisco CVE-2007-5567 (PHP remote file inclusion vulnerability in _lib/fckeditor/upload_confi ...) - moin (Does not contain the vulnerable code) - karrigell (Does not contain the vulnerable code) - knowledgeroot (Does not contain the vulnerable code) CVE-2007-5566 NOT-FOR-US: PHPBlog CVE-2007-5565 NOT-FOR-US: phpSCMS CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (forme ...) NOT-FOR-US: NSSboard CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote at ...) NOT-FOR-US: VirtueMart CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the l ...) NOT-FOR-US: Netgear firmware CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...) NOT-FOR-US: Oracle CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote a ...) NOT-FOR-US: Juniper HTTP Service CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...) NOT-FOR-US: IBM ThinkVantage TPM Service CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to c ...) NOT-FOR-US: LG Mobile handset CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote atta ...) NOT-FOR-US: NEC mobile handset CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote atta ...) NOT-FOR-US: Avaya VoIP Handset CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution allo ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via cr ...) NOT-FOR-US: Oracle CVE-2007-5553 REJECTED CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute arbit ...) NOT-FOR-US: Cisco CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute arbit ...) NOT-FOR-US: Cisco CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to obta ...) NOT-FOR-US: Cisco CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local us ...) NOT-FOR-US: Cisco CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS all ...) NOT-FOR-US: Cisco CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote at ...) NOT-FOR-US: Cisco CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remot ...) NOT-FOR-US: TIBCO SmartPGM FX CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote attacke ...) NOT-FOR-US: TIBCO SmartPGM FX CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-5543 (Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remot ...) NOT-FOR-US: Miranda CVE-2007-5542 (Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attacker ...) NOT-FOR-US: Miranda CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an "externa ...) NOT-FOR-US: Opera CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...) NOT-FOR-US: Opera CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact Managem ...) NOT-FOR-US: Cisco CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco ...) NOT-FOR-US: Cisco CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 ...) NOT-FOR-US: Cisco CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11. ...) NOT-FOR-US: HP-UX CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown im ...) NOT-FOR-US: RunCms CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft En ...) NOT-FOR-US: Oracle CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle Peop ...) NOT-FOR-US: Oracle CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle Peop ...) NOT-FOR-US: Oracle CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle Ap ...) NOT-FOR-US: Oracle CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle ...) NOT-FOR-US: Oracle CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications ...) NOT-FOR-US: Oracle CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...) NOT-FOR-US: Oracle CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...) NOT-FOR-US: Oracle CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...) NOT-FOR-US: Oracle CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt & Notificatio ...) NOT-FOR-US: Oracle CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) NOT-FOR-US: Oracle CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, an ...) NOT-FOR-US: Oracle CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in Or ...) NOT-FOR-US: Oracle CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database b ...) NOT-FOR-US: Oracle CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager componen ...) NOT-FOR-US: Oracle CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia applic ...) NOT-FOR-US: Oracle CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component ...) NOT-FOR-US: Oracle CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8 ...) NOT-FOR-US: Oracle CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...) NOT-FOR-US: Oracle CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 1 ...) NOT-FOR-US: Oracle CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote a ...) {DSA-1542-1 DTSA-96-1} - libcairo 1.4.10-1.1 (medium; bug #453686) CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does ...) NOT-FOR-US: OpenSSL Fips object module CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux ...) - linux-2.6 2.6.23-1 (high) [etch] - linux-2.6 (Vulnerable code was introduced in 2.6.21) NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38 CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 che ...) {DSA-1428-1} - linux-2.6 2.6.23-2 CVE-2007-5499 REJECTED CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when ...) - xen-unstable (Vulnerable code not present) - xen-3 (Vulnerable code not present) CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 all ...) {DSA-1422-1 DTSA-95-1} - e2fsprogs 1.40.3-1 (bug #454760) CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allow ...) NOT-FOR-US: setroubleshoot CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitr ...) NOT-FOR-US: setroubleshoot CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...) - linux-2.6 (RedHat specific patch) CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...) NOT-FOR-US: Windows Mobile CVE-2007-5492 (Static code injection vulnerability in the translation module (transla ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (bug #447135) CVE-2007-5491 (Directory traversal vulnerability in the translation module (translato ...) {DSA-1423-1} - sitebar 3.3.8-12.1 (bug #447135) CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2. ...) NOT-FOR-US: Okul Otomasyon Portal CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...) NOT-FOR-US: Artmedic CMS CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allo ...) NOT-FOR-US: COWON America jetAudioc CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...) NOT-FOR-US: dotProject CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for Kws ...) NOT-FOR-US: KwsPHP CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows lo ...) NOT-FOR-US: WWWISIS CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such ...) NOT-FOR-US: IBM WebSphere CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTe ...) NOT-FOR-US: Sun firmware CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attacker ...) - dcc (vulnerable code introduced in 1.3.65) CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge Innov ...) NOT-FOR-US: ZInnovaAge InnovaShop CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer al ...) NOT-FOR-US: Xcomputer CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbea ...) NOT-FOR-US: Sbportal CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...) NOT-FOR-US: djeyl.net WebMod CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...) NOT-FOR-US: Opera specific flash vulnerability CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in L ...) NOT-FOR-US: Linksys WAP4400N Wi-Fi access point CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware 2. ...) NOT-FOR-US: Linksys WRT350N Wi-Fi access point CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when runnin ...) - mono (Windows-specific vulnerability) CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...) NOT-FOR-US: HIPS CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk- ...) - asterisk-addons 1.4.4-1 CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUS ...) - libgssapi 0.8-1 CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...) NOT-FOR-US: Microsoft Expression Media CVE-2007-5469 - openser 1.3.0-1 (unimportant; bug #446956) NOTE: should be only "exploitable" in local network with untrusted users CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest authenticati ...) NOT-FOR-US: Cisco CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote attacker ...) NOT-FOR-US: eXtremail CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...) NOT-FOR-US: eXtremail CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...) NOT-FOR-US: doop CMS CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allow ...) NOT-FOR-US: Live for Speed CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta a ...) NOT-FOR-US: ViArt Shop CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library (lib ...) NOT-FOR-US: Solaris CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak enc ...) NOT-FOR-US: Microsoft ActiveSync CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in t ...) NOT-FOR-US: MouseoverDictionary CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...) NOT-FOR-US: KwsPHP CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...) NOT-FOR-US: Joomla! extension CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to b ...) NOT-FOR-US: Internet Explorer CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 an ...) NOT-FOR-US: WWWISIS CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing Sys ...) NOT-FOR-US: PHP File Sharing CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow rem ...) NOT-FOR-US: Php-Stats CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-S ...) NOT-FOR-US: Php-Stats CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the com_ ...) NOT-FOR-US: Joomla! extension CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouc ...) NOT-FOR-US: Apple firmware CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes Por ...) NOT-FOR-US: Softbiz Recipes Portal Script CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...) - madwifi 1:0.9.3.2-2 (medium; bug #446824) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch2 CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...) NOT-FOR-US: ionCube CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: PBEmail CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...) NOT-FOR-US: VImpX CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full pat ...) NOT-FOR-US: CMS Made Simpe CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) NOT-FOR-US: CMS Made Simpe CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...) NOT-FOR-US: CMS Made Simpe CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...) NOT-FOR-US: CMS Made Simpe CVE-2007-5440 NOT-FOR-US: Crs Manager CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stor ...) NOT-FOR-US: eTrust ITM CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...) - vmware-package (Windows only) CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM (Threa ...) NOT-FOR-US: eTrust ITM CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...) NOT-FOR-US: G DATA Antivirus CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFus ...) NOT-FOR-US: CA ERwin Process Modeler CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earl ...) NOT-FOR-US: PRO-search CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Si ...) NOT-FOR-US: Site-Up CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the pa ...) NOT-FOR-US: Stride CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 conta ...) NOT-FOR-US: Stride module CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote atta ...) NOT-FOR-US: Stride CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...) NOT-FOR-US: Nucleus CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote atta ...) NOT-FOR-US: UMI CMS CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component i ...) NOT-FOR-US: Joomla! CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5 ...) NOT-FOR-US: ActiveKB NX CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...) NOT-FOR-US: ActiveKB NX CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to bypas ...) - php4 (unimportant) - php5 (unimportant) NOTE: if the function is blacklisted but not its alias it is a configuration NOTE: issue of the site not a vulnerability in php CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ex ...) - tikiwiki CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...) NOT-FOR-US: Solaris Auditing CVE-2007-5421 REJECTED CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote manag ...) NOT-FOR-US: 3Com 3CRWER100-75 CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...) NOT-FOR-US: 3Com 3CRWER100-75 CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 al ...) NOT-FOR-US: CARE2X CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka bM ...) NOT-FOR-US: boastMachine CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the inpu ...) - drupal5 (unimportant; bug #446887) - drupal (unimportant) NOTE: The underlying PHP issue has been fixed in DSA 1206. NOTE: Plus, register_globals is not supported in Debian CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...) - iceweasel (unimportant) NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the NOTE: equivalent strings in UTF-7 NOTE: referring to the mozilla security team this is a non-issue and a duplicate of NOTE: CVE-2007-5414, mailed mitre CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...) - iceweasel 2.0+dfsg-1 CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...) NOT-FOR-US: HP OpenView CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...) NOT-FOR-US: Joomla! extension CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Ph ...) NOT-FOR-US: Linksys CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in t ...) NOT-FOR-US: Joomla! extension CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...) NOT-FOR-US: NuSEO CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...) NOT-FOR-US: cpDynaLinks CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the JContentSubs ...) NOT-FOR-US: Joomla! extension CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Auto ...) NOT-FOR-US: KeyView CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the A ...) NOT-FOR-US: KeyView CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on whethe ...) NOT-FOR-US: Layton HelpBox CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...) NOT-FOR-US: Layton HelpBox CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ( ...) NOT-FOR-US: Layton HelpBox CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...) NOT-FOR-US: Layton HelpBox CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...) NOT-FOR-US: RealPlayer CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...) NOT-FOR-US: KeyView CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in nm ...) {DSA-1409-3 DSA-1409-2 DSA-1409-1} - samba 3.0.27-1 (high) CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka APServ ...) NOT-FOR-US: activePDF Server CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...) NOT-FOR-US: Miranda CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in tokenize. ...) {DSA-1432-1} - link-grammar 4.2.5-1 (medium; bug #450695) CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...) NOT-FOR-US: Adobe PageMaker CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...) {DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1} - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) - xpdf 3.02-1.3 (medium; bug #450629) - koffice 1:1.6.3-4 (medium; bug #450631) - cups 1.1.22-7 - gpdf - pdftohtml [etch] - pdftohtml 0.36-13etch1 - tetex-bin 3.0-12 NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed - cupsys (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code) NOTE: cups uses xpdf-utils and poppler-utils - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - swftools 0.9.2+ds1-2 CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...) {DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1} - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) [etch] - kdegraphics (Vulnerable code not used) - xpdf 3.02-1.3 (medium; bug #450629) - koffice 1:1.6.3-4 (medium; bug #450631) - cups 1.1.22-7 - gpdf - pdftohtml [etch] - pdftohtml 0.36-13etch1 - tetex-bin 3.0-12 NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed - cupsys (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code) NOTE: cups uses xpdf-utils and poppler-utils - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - swftools 0.9.2+ds1-2 CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4 ...) {DSA-1453-1 DSA-1447-1} - tomcat5.5 5.5.25-2 (low; bug #448664) - tomcat5 NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...) NOT-FOR-US: HP Select Identity CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0 ...) NOT-FOR-US: PicoFlat CVE-2007-5389 NOT-FOR-US: Joomla! extension CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 a ...) NOT-FOR-US: WebDesktop CVE-2007-5387 (PHP remote file inclusion vulnerability in active/components/xmlrpc/cl ...) NOT-FOR-US: Pindorama CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMy ...) {DSA-1403-1} - phpmyadmin 4:2.11.1.2-1 (bug #446451) [sarge] - phpmyadmin (vulnerable script not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2007-5/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/27d5467dc3ba6e594d5e5cd291a908b48464e289 CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alc ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Thom ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...) NOT-FOR-US: CiscoWorks CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco ...) NOT-FOR-US: Line Printer Daemon (LPD) Cisco CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...) - rails 1.2.5-1 CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...) - rails 1.2.5-1 [etch] - rails (Vulnerable code not present) CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolk ...) {DSA-1743-1 DSA-1416-1 DSA-1415-1} - tk8.3 8.3.5-10 (medium; bug #446465) - tk8.4 8.4.16-1 (medium) - libtk-img 1.3-release-8 (medium) CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functi ...) - tramp (the version we ship still uses make-temp-file) - emacs22 (the version we ship still uses make-temp-file) CVE-2007-5376 RESERVED CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows u ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrati ...) NOT-FOR-US: LightBlog CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument wh ...) {DSA-1517-1 DTSA-68-1} - ldapscripts 1.7.1-2 (bug #445582; medium) CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...) - sql-ledger (unimportant; bug #446366) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php i ...) NOT-FOR-US: MODx CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewswe ...) NOT-FOR-US: NetWin CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in Co ...) NOT-FOR-US: conflict CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions i ...) NOT-FOR-US: Sun Solaris CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun Sola ...) NOT-FOR-US: Sun Solaris CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...) NOT-FOR-US: Fujitsu Interstage Application Server CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c ...) {DSA-1388-3 DSA-1388-1} - dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354) - dhcp3 (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c) NOTE: dhcp has a request for removal #446386 CVE-2007-5364 NOT-FOR-US: ViArt Shopping Cart CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the ...) NOT-FOR-US: Joomla! extension CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: Joomla! and mambo extension CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...) NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...) NOT-FOR-US: OpenPegasus Management server CVE-2007-5359 RESERVED CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk 1 ...) - asterisk 1:1.4.13~dfsg-1 (medium) [sarge] - asterisk (Only Asterisk 1.4.x is affected) [etch] - asterisk (Only Asterisk 1.4.x is affected) CVE-2007-5357 REJECTED CVE-2007-5356 REJECTED CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Expl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5354 REJECTED CVE-2007-5353 REJECTED CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem Servic ...) NOT-FOR-US: Microsoft Windows CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) si ...) NOT-FOR-US: Microsoft Vista CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...) NOT-FOR-US: Microsoft Vista CVE-2007-5349 REJECTED CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5346 REJECTED CVE-2007-5345 REJECTED CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5343 REJECTED CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache To ...) {DSA-1447-1} - tomcat5.5 5.5.25-4 (low; bug #458237) - tomcat5 (Vulnerable code not present) CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla Firefo ...) - iceweasel 2.0.0.8-1 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox b ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (high) - xulrunner 1.8.1.9-1 (high) - icedove 2.0.0.9-1 (low) - iceape 1.1.5 (high) NOTE: MFSA2007-29 CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbir ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (high) - xulrunner 1.8.1.9-1 (bug #447734; high) - icedove 2.0.0.9-1 (low) - iceape 1.1.5 NOTE: MFSA2007-29 CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...) {DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-35 CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when runnin ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-34 CVE-2007-5336 REJECTED CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain s ...) {DSA-1396-1} - iceweasel 2.0.0.8-1 (low) NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8 CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-33 CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 th ...) - tomcat5.5 5.5.26-1 (low; bug #465645) - tomcat5 CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA BrightS ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message Engin ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5324 REJECTED CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote atta ...) NOT-FOR-US: RepliStor Server Service CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX cont ...) NOT-FOR-US: Microsoft Visual FoxPro CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control Pan ...) NOT-FOR-US: Verlihub Control Panel CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging Im ...) NOT-FOR-US: Imaging ImagXpress CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...) NOT-FOR-US: Solaris CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 all ...) NOT-FOR-US: Typolight webCMS CVE-2007-5317 REJECTED CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recr ...) NOT-FOR-US: Softbiz Jobs CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9 ...) NOT-FOR-US: LiveAlbum CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in x ...) NOT-FOR-US: xKiosk WEB CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in Pictu ...) NOT-FOR-US: Picturesolution CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...) NOT-FOR-US: TorrentTrader Classic CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in To ...) NOT-FOR-US: TorrentTrader Classic CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in t ...) NOT-FOR-US: TorrentTrader Classic CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...) NOT-FOR-US: Joomla! extension CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) ...) NOT-FOR-US: phpHPm) CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input d ...) NOT-FOR-US: ELSEIF CMS CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: ELSEIF CMS CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta ...) NOT-FOR-US: ELSEIF CMS CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...) NOT-FOR-US: ELSEIF CMS CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS ...) NOT-FOR-US: SnewsCMS CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System Manag ...) NOT-FOR-US: HP System Management Homepage CVE-2007-5300 (Off-by-one error in the do_login_loop function in libwzd-core/wzd_logi ...) {DSA-1452-1} - wzdftpd 0.8.2-2.1 (medium; bug #446192) CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, a ...) NOT-FOR-US: SkaDate CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion a ...) NOT-FOR-US: CMS Creamotion CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 al ...) NOT-FOR-US: Minki CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp ...) NOT-FOR-US: dbList CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a ...) NOT-FOR-US: Wikepage Opus CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0 ...) NOT-FOR-US: IDMOS CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta ...) NOT-FOR-US: IDMOS CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Im ...) NOT-FOR-US: Directory Image Gallery CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...) NOT-FOR-US: DB Manager CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...) NOT-FOR-US: MailBee WebMail Pro CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirec ...) NOT-FOR-US: HP Mercury Quality Center CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in input/vorbis/vor ...) {DSA-1538-1 DTSA-66-1} - alsaplayer 0.99.80~rc4-1 (low; bug #446034) CVE-2007-5288 REJECTED CVE-2007-5287 REJECTED CVE-2007-5286 REJECTED CVE-2007-5285 REJECTED CVE-2007-5284 REJECTED CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...) NOT-FOR-US: Hitachi TPBroker CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library S ...) NOT-FOR-US: Hitachi Cosminexus CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Deve ...) NOT-FOR-US: Hitachi Cosminexus CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...) NOT-FOR-US: Appfuse CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...) NOT-FOR-US: PowerArchiver CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information und ...) NOT-FOR-US: Zomplog CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed connectio ...) NOT-FOR-US: Internet Explorer CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP p ...) NOT-FOR-US: Opera CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...) - flashplugin-nonfree 9.0.115.0.1 (bug #449110) [sarge] - flashplugin-nonfree (Contrib not supported) [etch] - flashplugin-nonfree (Contrib not supported) CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allo ...) NOT-FOR-US: Furkan Tastan Blog CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...) NOT-FOR-US: Trionic Cite CMS CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5. ...) - drupal (does not ship this module) CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...) - libpng 1.2.15~beta5-3 (low; bug #446308) [sarge] - libpng (Minor issue) [etch] - libpng 1.2.15~beta5-1+etch2 CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) log ...) - libpng (Vulnerable code not present in Debian version, introduced in 1.2.19) CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...) - libpng (vulnerable code not present) NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1 NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...) - libpng (vulnerable code not present) NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1 NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1 ...) NOT-FOR-US: Dawn of Time CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online accou ...) NOT-FOR-US: Battlefront CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier al ...) NOT-FOR-US: Battlefront CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 a ...) NOT-FOR-US: Battlefront CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote a ...) NOT-FOR-US: MultiCart CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with insuf ...) NOT-FOR-US: ASP-CMS CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.0 ...) NOT-FOR-US: SysAid CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...) NOT-FOR-US: FreeLog CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control ...) NOT-FOR-US: EDraw Office Viewer CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...) NOT-FOR-US: FSD CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...) NOT-FOR-US: Google Mini Search Appliance CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Wr ...) NOT-FOR-US: VirusBlokAda Vba32 AntiVirus CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attac ...) NOT-FOR-US: Cart32 CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, an ...) NOT-FOR-US: NetSupport Manager/School Student CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 all ...) NOT-FOR-US: Helm CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by America ...) NOT-FOR-US: Americas Army CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal engine ...) NOT-FOR-US: Americas Army CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 engin ...) NOT-FOR-US: Doom 3 engine CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech engine ...) NOT-FOR-US: Monolith engine CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2 ...) - firebird2.0 2.0.3.12981.ds1-1 - firebird1.5 (medium; bug #446472) CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1. ...) - firebird2.0 2.0.3.12981.ds1-1 - firebird1.5 (medium; bug #446475) CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8 ...) NOT-FOR-US: Borland InterBase CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...) NOT-FOR-US: Borland InterBase CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON ...) NOT-FOR-US: HP OpenVMS CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...) NOT-FOR-US: HP OpenVMS CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...) - sun-java6 6-03-1 (unimportant) - sun-java5 1.5.0-13-1 (unimportant) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) NOTE: Leaked information hardly sensitive CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not prop ...) - sun-java6 6-03-1 (medium) - sun-java5 1.5.0-13-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK a ...) - sun-java6 (Windows only) - sun-java5 (Windows only) - openjdk-6 (Windows only) CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7. ...) NOT-FOR-US: Uebimiau CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...) NOT-FOR-US: Ossigeno CMS CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management Sy ...) NOT-FOR-US: Web Template Management System CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low) [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in Zo ...) NOT-FOR-US: Zomplog CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...) NOT-FOR-US: Zomplog CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner Feed ...) NOT-FOR-US: FeedBurner FeedSmith wordpress plugin CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription functiona ...) - drupal (does not shipt this module) CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in messaging/cours ...) NOT-FOR-US: BlackBoard Learning System CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...) - dircproxy 1.0.5-5.1 (low; bug #445883) [sarge] - dircproxy (Minor issue) [etch] - dircproxy 1.0.5-5etch1 CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun Sola ...) NOT-FOR-US: Sun Solaris CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows r ...) NOT-FOR-US: Original Photo Gallery CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network P ...) NOT-FOR-US: AlstraSoft CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...) NOT-FOR-US: MAXdev CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...) NOT-FOR-US: Poppawid CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog allo ...) NOT-FOR-US: ASP Product Catalog CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 Activ ...) NOT-FOR-US: CyberLink Power DVD CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DR ...) NOT-FOR-US: Don Barnes DRBGuestbook CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...) NOT-FOR-US: Altnet Download Manager CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...) NOT-FOR-US: eArk CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle God ...) NOT-FOR-US: GodSend CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...) NOT-FOR-US: Axis Network Camera CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) NOT-FOR-US: Axis Network Camera CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...) NOT-FOR-US: Axis Network Camera CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...) NOT-FOR-US: Peakflow CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6 ...) NOT-FOR-US: Peakflow CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...) NOT-FOR-US: CenterTools CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1. ...) {DSA-1462-1 DTSA-72-1} - hplip 1.6.10-4.3 (medium; bug #447341) [sarge] - hplip (This code was using smtp directly) CVE-2007-5206 RESERVED CVE-2007-5205 RESERVED CVE-2007-5204 RESERVED CVE-2007-5203 RESERVED CVE-2007-5202 RESERVED CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a com ...) - duplicity 0.4.3-2 (low; bug #442840) [etch] - duplicity (Vulnerable code introduced in 0.4.3) [sarge] - duplicity (Vulnerable code introduced in 0.4.3) NOTE: ftp is an inherently insecure protocol, any security-sensitive data would NOTE: be transferred through the scp, sftp or rsync backends. NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE 10 ...) {DTSA-74-1} - hugin 0.6.1-1.1 (low; bug #447344) [etch] - hugin (Minor issue) CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows r ...) - libxfont 1:1.3.2-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=327854 NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios Plugin ...) {DSA-1495-1 DTSA-67-1} - nagios-plugins 1.4.8-2.2 (low; bug #445475) NOTE: Requires the webserver, which has to be checked, to be compromised CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...) {DSA-1397-1 DTSA-76-1} - mono 1.2.5.1-2 CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...) NOT-FOR-US: novell-groupwise-client CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...) NOT-FOR-US: novell-groupwise-client CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...) NOT-FOR-US: rMake CVE-2007-5192 RESERVED CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and ...) {DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1} - util-linux 2.13-8 (low) - loop-aes-utils 2.13-2 (low) CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVis ...) NOT-FOR-US: Alcatel OmniVista CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script Gues ...) NOT-FOR-US: X-Script CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17. ...) NOT-FOR-US: Xoops CVE-2007-5187 (SQL injection vulnerability in infusions/calendar_events_panel/show_si ...) NOT-FOR-US: Php-Fusion CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8. ...) NOT-FOR-US: Segue CMS CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...) NOT-FOR-US: phpWCMS XT CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...) NOT-FOR-US: smbFtpd CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuit ...) NOT-FOR-US: OdysseySuite CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak ...) NOT-FOR-US: Netkamp Emlak Scripti CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allo ...) NOT-FOR-US: Netkamp Emlak Scripti CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow re ...) NOT-FOR-US: Ohesa Emlak Portali CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...) NOT-FOR-US: Iletisim Formu CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB pla ...) NOT-FOR-US: mxBB CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads) ...) NOT-FOR-US: Mambo extension CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelp ...) NOT-FOR-US: eHelpDesk CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 ...) NOT-FOR-US: actSite CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 a ...) NOT-FOR-US: actSite CVE-2007-5173 (PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID ...) NOT-FOR-US: phpBB Openid CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a symli ...) - guilt 0.27-1.2 (medium; bug #445308) CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and pos ...) - twiki 1:4.1.2-3 (bug #444982; low) [etch] - twiki (Minor packaging flaw, doesn't warrant an update) CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain sens ...) NOT-FOR-US: Quicksilver Forums CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows re ...) NOT-FOR-US: Quicksilver Forums CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) befor ...) NOT-FOR-US: Sun Fire CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...) NOT-FOR-US: Adobe PageMaker CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01 ...) NOT-FOR-US: Clan lite CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in p ...) NOT-FOR-US: phpLister CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a all ...) NOT-FOR-US: SiteSys CVE-2007-5165 NOT-FOR-US: myIpacNG-stats CVE-2007-5164 NOT-FOR-US: UniversiBO CVE-2007-5163 NOT-FOR-US: nexty CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net ...) {DSA-1412-1 DSA-1411-1 DSA-1410-1} - ruby1.9 1.9.0+20071016-1 (low) - ruby1.8 1.8.6.111-1 (low; bug #444929) NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504 CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in i-System ...) NOT-FOR-US: Feedreader 3 NOTE: editor not included in native wordpress CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...) NOT-FOR-US: Thierry Leriche Restaurant Management System CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g pac ...) - ntfs-3g 1:1.913-2 (medium; bug #445315) CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet Explo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex Koc ...) NOT-FOR-US: PHP Fidonet Tosser CVE-2007-5156 (Incomplete blacklist vulnerability in editor/filemanager/upload/php/up ...) - knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928) - moin 1.5.8-4.1 (unimportant) NOTE: This problem should rather be addressed by proper httpd config NOTE: The change only adds a workaround for insecure configs - karrigell (Does not include vulnerable php code) - gforge 4.6.99+svn6169-1 (low; bug #447590) [etch] - gforge (fckeditor is not shipped in these versions) [sarge] - gforge (fckeditor is not shipped in these versions) CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments ...) NOT-FOR-US: ICEOWS CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlie ...) NOT-FOR-US: Aipo CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...) NOT-FOR-US: Sun Java System Access Manager CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java Syste ...) NOT-FOR-US: Sun Java System Access Manager CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in includes/nu ...) NOT-FOR-US: NukeSentinel CVE-2007-5150 (SQL injection vulnerability in the is_god function in includes/nukesen ...) NOT-FOR-US: NukeSentinel CVE-2007-5149 (PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc. ...) NOT-FOR-US: North Country Public Radio Public Media Manager CVE-2007-5148 NOT-FOR-US: FrontAccounting CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...) NOT-FOR-US: Puzzle Apps CMS CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der D ...) NOT-FOR-US: Der Dirigent CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...) NOT-FOR-US: Windows XP CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used f ...) NOT-FOR-US: Windows Live Messenger CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows loca ...) NOT-FOR-US: Anti-Virus for Windows Servers CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Nov ...) NOT-FOR-US: Solidweb Novus CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allo ...) NOT-FOR-US: SiteX CVE-2007-5140 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...) NOT-FOR-US: IntegraMOD Nederland CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...) NOT-FOR-US: Chupix CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in lustig.c ...) NOT-FOR-US: lustig.cms CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...) {DSA-1743-1} - tk8.4 8.4.16-1 [etch] - tk8.4 (Vulnerability was introduced in 8.4.13) [sarge] - tk8.4 (Vulnerability was introduced in 8.4.13) - tk8.3 (Vulnerability was introduced in 8.4.13) - libtk-img 1.3-release-8 CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...) NOT-FOR-US: DFD Cart CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP address ...) NOT-FOR-US: Cisco firmware CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft Windows Explorer CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) NOT-FOR-US: Solaris CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...) NOT-FOR-US: ActiveKB CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: SimpGB CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with in ...) NOT-FOR-US: SimpGB CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows rem ...) NOT-FOR-US: SimpNews CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...) NOT-FOR-US: SimpGB CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup Exe ...) NOT-FOR-US: Symantec Veritas Backup Exec CVE-2007-5125 REJECTED CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...) NOT-FOR-US: AOL Messenger CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote at ...) NOT-FOR-US: Solidweb Novus CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds P ...) NOT-FOR-US: SoftBiz Classifieds PLUS CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allow ...) - jspwiki (The version we ship does not process a redirect parameter in Login.jsp and other source files) [sarge] - jspwiki (Contrib not supported) CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...) - jspwiki 2.5.139-1 (medium; bug #445477) [sarge] - jspwiki (Contrib not supported) CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sen ...) - jspwiki 2.5.139-1 (unimportant; bug #445477) [sarge] - jspwiki (Contrib not supported) CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class dr ...) NOT-FOR-US: Solaris CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...) NOT-FOR-US: FrontAccounting CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular Expre ...) {DSA-1400-1 DTSA-78-1} - perl 5.8.8-12 (medium; bug #450794) NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647 CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9 ...) {DSA-1379-1} - openssl 0.9.8e-9 (low; bug #444435) [sarge] - openssl 0.9.7e-3sarge5 CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Cont ...) NOT-FOR-US: Ekke Doerre Contenido CVE-2007-5114 NOT-FOR-US: phpmyProfiler CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass authenti ...) NOT-FOR-US: Google Urchin CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...) NOT-FOR-US: Google Urchin CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allo ...) NOT-FOR-US: ebCrypt CVE-2007-5110 (Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator ...) NOT-FOR-US: ebCrypt CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in FlatNu ...) NOT-FOR-US: flatnuke CVE-2007-5108 (Unspecified vulnerability in IAC Search & Media ask.com toolbar ha ...) NOT-FOR-US: IAC Search & Media ask.com toolbar CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 A ...) NOT-FOR-US: AskJeevesToolBar CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...) - wordpress 2.0.2-1 (low) CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...) - wordpress 2.0.4-1 (low) CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...) NOT-FOR-US: bcoos CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 R ...) NOT-FOR-US: Wordsmith CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...) NOT-FOR-US: Wordsmith CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter accou ...) NOT-FOR-US: ChironFS CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...) NOT-FOR-US: phpBB plus (phpbb2 does not include this module) CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters H ...) NOT-FOR-US: helplink CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 a ...) NOT-FOR-US: DFD Cart CVE-2007-5097 NOT-FOR-US: Online Fantasy Football League CVE-2007-5096 (PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822 ...) NOT-FOR-US: guanxiCRM Business Solution CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Inter ...) NOT-FOR-US: Windows Media Player CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitc ...) NOT-FOR-US: Ipswitch IMail Server CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2} - linux-2.6 2.6.23-1 CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music modu ...) NOT-FOR-US: phpNuke module CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4. ...) - egroupware 1.2.107-2.dfsg-2 (low; bug #444351) CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Micr ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.l ...) NOT-FOR-US: Sklog CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...) NOT-FOR-US: freeside CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support ...) - linux-2.6 (2.6 code base handles ARP entries differently) CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not ...) NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0 CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache Geron ...) NOT-FOR-US: Geronimo Apache CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) Bri ...) NOT-FOR-US: CA BrightStor Hierarchical Storage Manager CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor Hier ...) NOT-FOR-US: CA BrightStor Hierarchical Storage Manager CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) Brig ...) NOT-FOR-US: CA BrightStor Hierarchical Storage Manager CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...) NOT-FOR-US: RealPlayer CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Playe ...) NOT-FOR-US: RealPlayer CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...) - gdm (Red Hat-specific packaging flaw) CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager al ...) NOT-FOR-US: eGov Manager CVE-2007-5077 RESERVED CVE-2007-5076 RESERVED CVE-2007-5075 RESERVED CVE-2007-5074 RESERVED CVE-2007-5073 RESERVED CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Simple PHP Blog CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...) NOT-FOR-US: Simple PHP Blog CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX contr ...) NOT-FOR-US: Easy Mail Message Printer CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke M ...) NOT-FOR-US: PHP-Nuke CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allo ...) NOT-FOR-US: phpFullAnnu CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remo ...) NOT-FOR-US: iMatix Xitami Web Server CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows rem ...) - webmin CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...) NOT-FOR-US: Joomla! extension CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6 ...) NOT-FOR-US: Xunlei Web Thunder CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information unde ...) NOT-FOR-US: Adam Scheinberg Flip CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote atta ...) NOT-FOR-US: Adam Scheinberg Flip CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere ...) NOT-FOR-US: Clansphere CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass functiona ...) NOT-FOR-US: XCMS CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow ...) NOT-FOR-US: GreenSQL CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration int ...) NOT-FOR-US: Barracuda CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...) NOT-FOR-US: NetSupport Manager Client CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lit ...) NOT-FOR-US: ADOdb Lite CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and ...) NOT-FOR-US: iziContents CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC ...) NOT-FOR-US: iziContents CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...) NOT-FOR-US: iziContents CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...) NOT-FOR-US: Vigile CMS CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1. ...) {DSA-1559-1} - phpgedview 4.1.e+4.1.1-2 (low; bug #443901) CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 allo ...) NOT-FOR-US: Neuron News CVE-2007-5049 REJECTED CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote attack ...) NOT-FOR-US: lhaplus CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate cer ...) NOT-FOR-US: Norton Internet Security CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...) NOT-FOR-US: IceWarp Merak Mail Server CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...) - iceweasel (Only affects Firefox/Thunderbird on Windows) - icedove (Only affects Firefox/Thunderbird on Windows) CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameter ...) NOT-FOR-US: ZoneAlam Pro CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate certa ...) NOT-FOR-US: Kaspersky Internet Security CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...) NOT-FOR-US: Outpost Firewall PRO CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain parame ...) NOT-FOR-US: G DATA InternetSecurity CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain pa ...) NOT-FOR-US: Ghost Security Suite CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain par ...) NOT-FOR-US: Ghost Security Suite CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for B ...) - bugzilla (Affected versions were never present in the archive) CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in src/inotifyto ...) {DSA-1440-1} - inotify-tools 3.11-1 (medium; bug #443913) CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with firmwa ...) NOT-FOR-US: AirDefense firmware CVE-2007-5035 NOT-FOR-US: openEngine CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ap ...) {DSA-1380-1} - elinks 0.11.1-1.5 (low; bug #443914) CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...) NOT-FOR-US: phpBB XS CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in Franci ...) NOT-FOR-US: Php-Nuke CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbl ...) - dibbler 0.6.1-1 (low; bug #444002) CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...) - dibbler 0.6.1-1 (low; bug #444002) CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are appro ...) - dibbler 0.6.1-1 (low; bug #444002) CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspec ...) - dibbler 0.6.1-1 (medium; bug #444002) CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...) NOT-FOR-US: WBR3404TX firmware CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ro ...) NOT-FOR-US: dBlog CMS CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 a ...) NOT-FOR-US: VMware CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in clearte ...) NOT-FOR-US: VMware CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation b ...) NOT-FOR-US: VMware CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2007-5021 REJECTED CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows a ...) NOT-FOR-US: Acrobat Reader CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips] - mp 3.7.1-8 (low) [sarge] - mp (Minor issue) [etch] - mp (Minor issue) NOTE: Can be fixed in a point update CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java Runt ...) - sun-java6 (unimportant) - sun-java5 (unimportant) - openjdk-6 (unimportant) NOTE: exploiting this would not work under Linux CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...) NOT-FOR-US: Pegasus Mail Mercury CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows re ...) NOT-FOR-US: OneCMS CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP M ...) NOT-FOR-US: Streamline CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allo ...) NOT-FOR-US: pSlash CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ph ...) NOT-FOR-US: Phormer CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGalle ...) NOT-FOR-US: PhpWebGallery CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive i ...) NOT-FOR-US: WebBatch CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote att ...) NOT-FOR-US: WebBatch CVE-2007-5009 (PHP remote file inclusion vulnerability in language/lang_german/lang_m ...) NOT-FOR-US: Phpbb Plus NOTE: vulnerable code not included in phpbb2 CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not cor ...) NOT-FOR-US: HP-UX CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa befo ...) - balsa 2.3.20-1 (low) [etch] - balsa 2.3.13-3 NOTE: Minor issue fixed in 4.0r4 point release [sarge] - balsa (Minor issue) NOTE: attacker needs to get the victim a prepared server to use CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ARCse ...) NOT-FOR-US: CA ARCserve Backup CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer Associa ...) NOT-FOR-US: CA ARCserve Backup CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve Backu ...) NOT-FOR-US: CA ARCserve Backup CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) Brig ...) NOT-FOR-US: CA ARCserve Backup CVE-2007-5002 RESERVED CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ser ...) - linux-2.6 (RedHat/RHEL3 specific patch only) CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...) [sarge] - apache2 (minor issue) [sarge] - apache (minor issue) - apache2 2.2.8-1 (low) - apache (low) [etch] - apache2 2.2.3-4+etch4 [etch] - apache 1.3.34-4.1+etch1 CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allo ...) - pidgin 2.2.2-1 (medium) CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...) - coreutils 4.1.2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471 CVE-2007-4997 (Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80 ...) {DSA-1428-1} - linux-2.6 2.6.23-1 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge me ...) - pidgin 2.2.1-1 (medium) NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0 CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0. ...) {DSA-1571-1} - openssl 0.9.8f-1 (low) - openssl097 (DTLS support was introduced in 0.9.8) - openssl096 (DTLS support was introduced in 0.9.8) [sarge] - openssl (DTLS support was introduced in 0.9.8) CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not p ...) NOT-FOR-US: Redhat Certificate Server CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a gue ...) {DSA-1384-1} - xen-3 3.1.1-1 (medium; bug #444430) - xen-3.0 CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in fbserver ...) - firebird1.5 (medium; bug #446373) - firebird2.0 2.0.3.12981.ds1-1 (medium) CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...) NOT-FOR-US: Microsoft Internet Security and Acceleration CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 all ...) {DSA-1385-1} - xfs 1:1.0.5-1 CVE-2007-4989 REJECTED CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick befor ...) {DSA-1903-1 DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick 1.1.11-1 (medium; bug #444266) CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ImageMagi ...) {DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow context ...) {DSA-1903-1 DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick 1.1.11-1 (medium; bug #444266) CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...) {DSA-1903-1 DSA-1858-1 DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick 1.1.11-1 (medium; bug #444266) CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...) NOT-FOR-US: StylesDemo CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX ...) NOT-FOR-US: jetAudio CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCo ...) NOT-FOR-US: QRCode CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in Obedi ...) NOT-FOR-US: Obedit CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java i ...) NOT-FOR-US: GCALDaemon CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in Kws ...) NOT-FOR-US: KwsPHP CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 ...) NOT-FOR-US: phpSyncML CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Pho ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo G ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...) NOT-FOR-US: b1gMail CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in libsndf ...) {DSA-1442-1} - libsndfile 1.0.17-4 (bug #443386; medium) [sarge] - libsndfile (Vulnerable code not present) - ardour 1:2.1-1.1 (medium; bug #445889) [sarge] - ardour (Vulnerable code not present) [etch] - ardour (Vulnerable code not present) CVE-2007-4973 RESERVED CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System Se ...) NOT-FOR-US: NtRegmon CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...) NOT-FOR-US: ProSecurity CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to Sy ...) NOT-FOR-US: ProcessGuard CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...) NOT-FOR-US: Process Monitor CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...) NOT-FOR-US: Privatefirewal CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ce ...) NOT-FOR-US: Online Armor Personal Firewall CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge 4. ...) NOTE: Duplicate of CVE-2007-3913 CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and e ...) {DSA-1620-1 DSA-1551-1} - python2.5 2.5.1-6 (low; bug #443333) [etch] - python2.5 (Minor issue) [sarge] - python2.5 (Minor issue) - python2.4 2.4.4-7 (low; bug #443335) [etch] - python2.4 (Minor issue) CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: WinImage CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows re ...) NOT-FOR-US: WinImage CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...) NOT-FOR-US: WinImage CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by th ...) - secondlife-client (low; bug #406335) CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life secondl ...) - secondlife-client (low; bug #406335) CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in catalog_products_with_imag ...) NOT-FOR-US: osCMax CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) NOT-FOR-US: TinyWebGallery CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...) NOT-FOR-US: ChupixCMS CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote atta ...) NOT-FOR-US: KwsPhp CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...) NOT-FOR-US: Joomla! extension CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...) NOT-FOR-US: Joomla! extension CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote atta ...) NOT-FOR-US: SimpCMS CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...) NOT-FOR-US: OmniStar Article Manager CVE-2007-4951 NOT-FOR-US: YaPiG CVE-2007-4950 NOT-FOR-US: Phportal CVE-2007-4949 NOT-FOR-US: phpreactor CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia Explore ...) NOT-FOR-US: Webmedia Explorer CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0. ...) NOT-FOR-US: myphpPagetool CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information (i ...) NOT-FOR-US: LetterGrade CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade all ...) NOT-FOR-US: LetterGrade CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...) NOT-FOR-US: Opera CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...) NOT-FOR-US: Baofeng Storm CVE-2007-4942 (PHP remote file inclusion vulnerability in modules/Discipline/StudentF ...) NOT-FOR-US: Focus/SIS CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a den ...) NOT-FOR-US: KMPlayer for windows NOTE: its not kmplayer we ship its a windows only media player CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and e ...) NOT-FOR-US: Media Player Classic CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MP ...) NOT-FOR-US: Media Player Classic CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...) {DTSA-65-1} - mplayer 1.0~rc1-16.1 (bug #443478) CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with insu ...) NOT-FOR-US: CS Guestbook CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has u ...) NOT-FOR-US: SafeSquid CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...) NOT-FOR-US: phpFFL CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...) NOT-FOR-US: phpFFL CVE-2007-4933 (Direct static code injection vulnerability in includes/admin/sub/conf_ ...) NOT-FOR-US: Shop-Script FREE CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...) NOT-FOR-US: Shop-Script FREE CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in conjunct ...) NOT-FOR-US: HP System Management Homepage CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) NOT-FOR-US: Axis firmware CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W c ...) NOT-FOR-US: Axis firmware CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the confi ...) NOT-FOR-US: Axis firmware CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote auth ...) NOT-FOR-US: Axis firmware CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and pass ...) NOT-FOR-US: Axis firmware CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...) NOT-FOR-US: eWire Payment Client CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...) - opal 2.2.11~dfsg1-1 (low) [etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141) NOTE: will be fixed by regular stable update CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...) NOT-FOR-US: Joomla extension CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module fo ...) NOT-FOR-US: KwsPhp CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php ...) NOT-FOR-US: Ajax File Browser CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2 ...) NOT-FOR-US: Webquest CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote a ...) NOT-FOR-US: Jblog CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato allo ...) NOT-FOR-US: Gelato CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats ...) NOT-FOR-US: Php-Stats CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC ...) NOT-FOR-US: MFC Library CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLa ...) - boa (We don't ship this extension) CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision Pow ...) NOT-FOR-US: Invision Power Board CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) ...) NOT-FOR-US: Invision Power Board CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php ...) NOT-FOR-US: Invision Power Board CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...) NOT-FOR-US: JetCast Server CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown imp ...) NOT-FOR-US: Netinvoicing CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...) NOT-FOR-US: WinSCP CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and earl ...) NOT-FOR-US: AuraCMS CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow rem ...) NOT-FOR-US: X-Cart CVE-2007-4906 (PHP remote file inclusion vulnerability in tasks/send_queued_emails.ph ...) NOT-FOR-US: NuclearBB CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2. ...) NOT-FOR-US: AuraCMS CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0. ...) - helix-player (unimportant; bug #443130) NOTE: Just a floating point exception by via a crafted .au file) CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll ...) NOT-FOR-US: Ultra Crypto Component CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Ultra Crypto Component CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...) NOT-FOR-US: AOL Instant Messenger CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVi ...) NOT-FOR-US: RSA EnVision CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.1 ...) NOT-FOR-US: Boinc Forum CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 ...) NOT-FOR-US: Xwiki CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remo ...) {DTSA-94-1} - pwlib 1.10.10-1.1 (low; bug #454133) - pwlib-titan 1.11.2-1.1 (low; bug #454139) [etch] - pwlib 1.10.2-2+etch1 [sarge] - pwlib 1.8.4-1+sarge1.1 CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in admin/header.ph ...) NOT-FOR-US: Toms Gaestebuch CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ( ...) NOT-FOR-US: Sisfo Kampus CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ...) - wordpress 2.2.3-1 (medium) [etch] - wordpress (Vulnerable code not yet introduced) CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ...) - wordpress 2.2.3-1 (low) [etch] - wordpress (Vulnerable code not yet introduced) CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...) NOT-FOR-US: Plesk (Windows) CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer] - libwmf (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) - libgd2 2.0.35.dfsg-3 [etch] - libgd2 2.0.33-5.2etch1 CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Mi ...) NOT-FOR-US: PDWizard CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX contro ...) NOT-FOR-US: Microsoft Visual Studio CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...) - php5 (unimportant) NOTE: basedir and safemode not supported CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...) NOT-FOR-US: Xwiki CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent atta ...) - php5 5.2.5-1 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and pro ...) NOT-FOR-US: Aura CMS CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a d ...) NOT-FOR-US: Avnex AV MP3 Player CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ca ...) NOT-FOR-US: Windows CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in ...) - mediawiki-extensions (We don't ship this extension) CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel Custo ...) NOT-FOR-US: TechExcel CustomerWise CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com s ...) NOT-FOR-US: Psilabs CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ce ...) NOT-FOR-US: IBM Tivoli Storage Manager (TSM) CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, c ...) {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 (low; bug #444803) - iceape 1.1.9-1 (low; bug #444805) - xulrunner 1.8.1.13-1 CVE-2007-4878 RESERVED CVE-2007-4877 RESERVED CVE-2007-4876 RESERVED CVE-2007-4875 RESERVED CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.0 ...) NOT-FOR-US: SimpNews CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with ...) NOT-FOR-US: SimpNews CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: SimpNews CVE-2007-4871 RESERVED CVE-2007-4870 RESERVED CVE-2007-4869 RESERVED CVE-2007-4868 RESERVED CVE-2007-4867 RESERVED CVE-2007-4866 RESERVED CVE-2007-4865 RESERVED CVE-2007-4864 RESERVED CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote ...) NOT-FOR-US: SAXON CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5. ...) NOT-FOR-US: SAXON CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to obt ...) NOT-FOR-US: SAXON CVE-2007-4860 RESERVED CVE-2007-4859 RESERVED CVE-2007-4858 RESERVED CVE-2007-4857 RESERVED CVE-2007-4856 RESERVED CVE-2007-4855 RESERVED CVE-2007-4854 RESERVED CVE-2007-4853 RESERVED CVE-2007-4852 RESERVED CVE-2007-4851 REJECTED CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ...) - php4 (unimportant) - php5 5.2.6-1 (unimportant) NOTE: Safe mode bypasses not treated as security problems CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly o ...) {DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.23-1 (bug #442245; low) CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to d ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by Pi ...) NOT-FOR-US: Google Picasa CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1. ...) NOT-FOR-US: Webace-Linkscript CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Down ...) NOT-FOR-US: RW::Download CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly rea ...) NOT-FOR-US: Unreal Commander CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 bu ...) NOT-FOR-US: Unreal Commander CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan Explo ...) NOT-FOR-US: Magellan Explorer CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMon ...) - iceweasel (windows only issue) - iceape (windows only issue) - xulrunner (windows only issue) - icedove (windows only issue) NOTE: MFSA2007-36 NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a de ...) - glibc 2.7-1 (unimportant) NOTE: Original PHP issue only triggerable by malicious script CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...) NOT-FOR-US: IBM WebSphere CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier al ...) NOT-FOR-US: CellFactor Revolution CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows r ...) NOT-FOR-US: Proxy Anket CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0. ...) NOT-FOR-US: phpMyQuote CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows rem ...) NOT-FOR-US: phpMyQuote CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 a ...) NOT-FOR-US: phpRealty CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere Appli ...) NOT-FOR-US: IBM WebSphere CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...) NOT-FOR-US: CellFactor Revolution CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in account_setting ...) NOT-FOR-US: TorrentTrader CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...) NOT-FOR-US: DirectAdmin CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...) - perl 5.10.0-19 [etch] - perl (Was merged into Perl as of 5.10) - libarchive-tar-perl 1.38-1 (low; bug #449544) [sarge] - libarchive-tar-perl (Minor issue) [etch] - libarchive-tar-perl (Minor issue) CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing mo ...) - mediawiki 1.10.2-1 (low; bug #442255) [etch] - mediawiki (Does not include the vulnerable code) CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in Min ...) NOT-FOR-US: Modbus Slave ActiveX Control CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...) {DSA-1382-1} - quagga 0.99.9-1 (low; bug #442133) NOTE: Upstream says that this can only be exploited by configured peers. CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ...) - php5 5.2.5-1 (unimportant) - php4 (error message "Allowed memory size of 8388608 bytes exhausted...") NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google P ...) NOT-FOR-US: Google Picasa CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack vec ...) NOT-FOR-US: Google Picasa CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device manageme ...) NOT-FOR-US: Buffalo AirStation firmware CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.2 ...) NOT-FOR-US: EDraw Office Viewer CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo K ...) NOT-FOR-US: Sisfo Kampus CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 all ...) NOT-FOR-US: Txx CMS CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allo ...) NOT-FOR-US: Txx CMS CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante (com_restaur ...) NOT-FOR-US: Joomla component NOTE: not included in standard joomla installation, joomla has an itp though CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps ...) NOT-FOR-US: BaoFeng2 CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus ...) NOT-FOR-US: WebED CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed Ma ...) NOT-FOR-US: Microsoft SQL Server Enterprise Manager CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Bet ...) NOT-FOR-US: Domino Blogsphere CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions bef ...) NOT-FOR-US: Mac OS CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...) NOT-FOR-US: Netjuke CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...) NOT-FOR-US: Netjuke CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy F ...) NOT-FOR-US: Online Fantasy Football League CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote att ...) NOT-FOR-US: TLM CMS CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 al ...) NOT-FOR-US: Focus/SIS CVE-2007-4806 (PHP remote file inclusion vulnerability in modules/Discipline/Category ...) NOT-FOR-US: Focus/SIS CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime (cms ...) NOT-FOR-US: Fuzzylime CMS CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote a ...) NOT-FOR-US: AuraCMS CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...) NOT-FOR-US: AtomixMP3 CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remot ...) NOT-FOR-US: GlobalLink CVE-2007-4801 RESERVED CVE-2007-4800 RESERVED CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...) NOT-FOR-US: AIX perfstat kernel extension CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in invscout.r ...) NOT-FOR-US: invscout CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) comm ...) NOT-FOR-US: System V print CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows ...) NOT-FOR-US: uucp IBM AIX CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 al ...) NOT-FOR-US: mkpath IBM AIX CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 ...) NOT-FOR-US: fcstat IBM AIX CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allo ...) NOT-FOR-US: xlplm IBM AIX CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 ...) NOT-FOR-US: ibstat IBM AIX CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5. ...) NOT-FOR-US: swcons IBM AIX CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.O ...) NOT-FOR-US: Microsoft Visual FoxPro CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Cont ...) NOT-FOR-US: Cisco CSM CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Con ...) NOT-FOR-US: Cisco CSM CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...) NOT-FOR-US: Sophos Anti-Virus CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1 ...) NOT-FOR-US: Cisco ASA CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...) NOT-FOR-US: Sony Micro Vault CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent at ...) - php5 5.2.5-1 (unimportant; bug #441972) NOTE: Only triggerable by malicious script CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...) - php5 5.2.5-1 (unimportant; bug #441972) NOTE: Only triggerable by malicious script CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...) - php5 5.2.3-1 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...) NOT-FOR-US: Joomla! CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...) NOT-FOR-US: Joomla! CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (ak ...) NOT-FOR-US: Joomla! CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component (com_c ...) NOT-FOR-US: Joomla! CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) al ...) NOT-FOR-US: Joomla! CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6 ...) NOT-FOR-US: Microsoft Visual Basic CVE-2007-4775 RESERVED CVE-2007-4774 (The Linux kernel before 2.4.36-rc1 has a race condition. It was possib ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60 CVE-2007-4773 (Systrace before 1.6.0 has insufficient escape policy enforcement. ...) - systrace CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 - tcl8.3 8.3.5-13 (low) [etch] - tcl8.3 (Minor issue) - tcl8.4 8.4.17-1 (low) [etch] - tcl8.4 (Minor issue) [sarge] - postgresql CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...) {DSA-1511-1} - icu 3.8-6 (bug #463688) CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...) {DSA-1511-1} - icu 3.8-6 (bug #463688) CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 - postgresql-8.1 8.1.11-1 - tcl8.3 (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer) - tcl8.4 (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer) [sarge] - postgresql CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression (PCRE ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-4765 RESERVED CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...) NOT-FOR-US: Pawfaliki CVE-2007-4763 (PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.ph ...) NOT-FOR-US: PHPOF CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMAR ...) NOT-FOR-US: E-SMARTCART CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 al ...) NOT-FOR-US: Barbo91 CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus ...) NOT-FOR-US: Cosminexus Developer's Kit CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in C ...) NOT-FOR-US: Cosminexus Developer's Kit CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus D ...) NOT-FOR-US: Cosminexus Developer's Kit CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney al ...) NOT-FOR-US: phpMytourney CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...) NOT-FOR-US: Total Commander CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a d ...) - alien-arena 6.05-4.1 (low; bug #442075) CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in acesrc/ace ...) - alien-arena 6.05-4.1 (medium; bug #442075) CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...) NOT-FOR-US: Thomson ST 2030 SIP phone CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...) NOT-FOR-US: RemoteDocs R-Viewer CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allow ...) NOT-FOR-US: RemoteDocs R-Viewer CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attacker ...) NOT-FOR-US: Autodesk Backburner CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted c ...) {DSA-1576-1} - openssh 1:4.7p1-1 (low; bug #444738) [etch] - openssh (minor issue in weak security measure) [sarge] - openssh (minor issue in weak security measure) NOTE: An exploit needs limited control over the machine running a NOTE: trusted X client, so this is only a slight privilege NOTE: escalation. The X Security extension is merely an afterthought NOTE: and is unlikely to provide strong security guarantees. CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0 ...) NOT-FOR-US: PowerPlayer CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway Encoder/Deco ...) NOT-FOR-US: Cisco firmware CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone an ...) NOT-FOR-US: Cisco firmware CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.4 ...) NOT-FOR-US: AkoBook CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in AnyInven ...) NOT-FOR-US: AnyInventory CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to o ...) NOT-FOR-US: Claroline CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Cl ...) NOT-FOR-US: Claroline CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.Regis ...) NOT-FOR-US: HPRevolutionRegistryManager CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...) {DSA-1394-1} - reprepro 2.2.4-1 (high; bug #440535) NOTE: patch for etch in the BTS [sarge] - reprepro (Vulnerable code introduced in 1.3.0) CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...) NOT-FOR-US: SpeedTech PHP Library CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...) NOT-FOR-US: SpeedTech PHP Library CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold Shopp ...) NOT-FOR-US: CartKeeper CKGold Shopping Cart CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allow ...) NOT-FOR-US: Virtual DJ CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted re ...) NOT-FOR-US: OTSTurntables CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is di ...) NOT-FOR-US: Aztech firmware CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special F ...) NOT-FOR-US: Special File System CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_G ...) {DSA-1387-1 DSA-1367-1} - krb5 1.6.dfsg.1-7 (high; bug #441209) [sarge] - krb5 (Vulnerable code not present) - librpcsecgss 0.14-4 (high; bug #441393) NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86 NOTE: 1.6.dfsg.1-7 somehow already includes the updated version CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll i ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the Co ...) {DSA-1372-1 DTSA-73-1} - xorg-server 2:1.4-1 NOTE: XFree86 is not affected CVE-2007-4729 RESERVED CVE-2007-4728 RESERVED CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fast ...) {DSA-1362-1} - lighttpd 1.4.18-1 (medium; bug #441555) NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch NOTE: http://www.milw0rm.com/exploits/4391 CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote at ...) NOT-FOR-US: Web Oddity CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4. ...) NOT-FOR-US: AkkyWareHOUSE CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the cal ...) - tomcat5.5 (Version already ships fixed files) - tomcat5 (unimportant; bug #441205) - libservlet2.4-java 5.0.30-6 (unimportant) NOTE: DSA should not be required, minor issue, jsp just present as example CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel 4.3 ...) NOT-FOR-US: Ragnarok CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming Interne ...) NOT-FOR-US: Quantum Streaming CVE-2007-4721 REJECTED CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/C ...) NOT-FOR-US: Hitachi CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allo ...) NOT-FOR-US: 212cafeBoard CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in Claro ...) NOT-FOR-US: Claroline CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...) NOT-FOR-US: Claroline CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 al ...) NOT-FOR-US: PHD Help Desk CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allo ...) NOT-FOR-US: Weblogicnet CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows remo ...) NOT-FOR-US: Yvora CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in U ...) NOT-FOR-US: Urchin CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 allo ...) NOT-FOR-US: eNetman CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...) NOT-FOR-US: Toms Gaestebuch CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5. ...) NOT-FOR-US: CFNetwork (Apple Mac OS X) CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Address Book (Apple Mac OS X) CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in App ...) NOT-FOR-US: Apple QuickTime CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2007-4705 RESERVED CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...) NOT-FOR-US: Mac OS X CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a roo ...) NOT-FOR-US: Mac OS X CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when "Block all incom ...) NOT-FOR-US: Mac OS X CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporar ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10. ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through 10. ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X, Windows CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4695 (Unspecified "input validation" vulnerability in WebCore in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows at ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ca ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 conta ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users t ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ca ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 th ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not p ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remo ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows att ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...) NOT-FOR-US: Apple QuickTime CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote att ...) NOT-FOR-US: Apple QuickTime CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...) NOT-FOR-US: Apple QuickTime CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows remot ...) NOT-FOR-US: Apple QuickTime CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...) NOT-FOR-US: Safari CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ...) - php5 5.2.4-1 (unimportant) - php4 (unimportant) NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create da ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...) - php5 5.2.4-1 (unimportant) NOTE: open_basedir not supported CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...) {DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 NOTE: fixed in php5/etch svn NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147 CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...) - php5 5.2.4-1 (unimportant) NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only NOTE: triggerable by malicious script CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before 5. ...) {DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 NOTE: fixed in php5/etch svn NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2 NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2 CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...) {DTSA-61-1} - php5 5.2.4-1 (low) [etch] - php5 (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway) CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...) {DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 (low) NOTE: fixed in php5/etch svn NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667" NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and % CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...) {DSA-1578-1 DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 - php4 NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641 NOTE: Only exploitable by malicious script CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...) {DSA-1518-1} - backup-manager 0.7.6-3 (bug #439392) CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Ba ...) NOT-FOR-US: CGI RESCUE Shopping Basket CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cis ...) NOT-FOR-US: SSHield CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ea ...) NOT-FOR-US: Cisco Content Services Switch CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to b ...) - php5 5.2.4-1 (unimportant) NOTE: open_basedir() not supported CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows ...) NOT-FOR-US: Adobe Connect Enterprise Server CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow att ...) {DSA-1404-1} - gallery2 2.2.3-1 NOTE: does not affect gallery 1.x (package 'gallery') CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and In ...) NOT-FOR-US: MicroWorld eScan Virus Contro CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak perm ...) NOT-FOR-US: Norman Virus Control CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allow ...) NOT-FOR-US: Ourspace CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite ...) NOT-FOR-US: Hexamail CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remo ...) NOT-FOR-US: NMDeluxe CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...) NOT-FOR-US: Doomsday/deng CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier all ...) NOT-FOR-US: Doomsday/deng CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ear ...) NOT-FOR-US: Doomsday/deng CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...) NOT-FOR-US: Pakupaku CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0. ...) NOT-FOR-US: Pakupaku CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain debu ...) NOT-FOR-US: EnterpriseDB CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows r ...) NOT-FOR-US: StarCraft CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit a ...) NOT-FOR-US: xGB CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allo ...) NOT-FOR-US: phpBG CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ca ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and Unifie ...) NOT-FOR-US: Cisco CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManag ...) NOT-FOR-US: Cisco CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VT ...) NOT-FOR-US: Cisco CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and o ...) - qgit 1.5.5-1.1 (bug #440950; low) [etch] - qgit (Minor issue) CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...) NOT-FOR-US: Absolute Poll Manager CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in MapSer ...) {DSA-1539-1} - mapserver 4.10.3-1 CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...) NOT-FOR-US: phpns CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows remo ...) NOT-FOR-US: ABC eStore CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote attacke ...) - polipo 1.0.2-1 (low) [sarge] - polipo (Minor issue) [etch] - polipo (Minor issue) CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of se ...) - polipo 1.0.2-1 (low) [sarge] - polipo (Minor issue) [etch] - polipo (Minor issue) CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign D ...) NOT-FOR-US: AbleDesign Dynamic Picture Frame CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...) NOT-FOR-US: IBM AIX CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) libdns_nons ...) NOT-FOR-US: IBM AIX CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain p ...) NOT-FOR-US: IBM AIX CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) Aler ...) NOT-FOR-US: CA products CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) {DSA-1469-1} - flac 1.2.1-1 (medium) CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...) NOT-FOR-US: BEA WebLogic CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...) NOT-FOR-US: BEA WebLogic CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through ...) NOT-FOR-US: BEA WebLogic CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 ...) NOT-FOR-US: BEA WebLogic CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an adm ...) NOT-FOR-US: BEA WebLogic CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold th ...) NOT-FOR-US: BEA WebLogic CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale Moon ...) NOT-FOR-US: Moonware CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale Moo ...) NOT-FOR-US: Moonware CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in Moonwar ...) NOT-FOR-US: Moonware CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for a ...) NOT-FOR-US: eyeOS CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ePersonne ...) NOT-FOR-US: ePersonnel CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6 ...) NOT-FOR-US: EasyMailSMTPObj ActiveX control CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in ...) NOT-FOR-US: Php-Nuke CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...) NOT-FOR-US: Vwar CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows ...) NOT-FOR-US: DL PayCart CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 al ...) NOT-FOR-US: ACG news CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by De ...) NOT-FOR-US: Micro-CMS CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 1 ...) NOT-FOR-US: Mathsoft Mathcad CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...) NOT-FOR-US: RealPlayer CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager ...) NOT-FOR-US: IBM CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...) NOT-FOR-US: SunShop Shopping Cart CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, whic ...) - php5 (unimportant) NOTE: Safe mode violations not treated as vulnerabilities CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...) NOT-FOR-US: Mayaa CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly valid ...) NOT-FOR-US: Entrust Entelligence Security Provider CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Rational CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynR ...) NOT-FOR-US: Ignite-UX CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...) NOT-FOR-US: InterWorx Hosting Control Panel CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...) NOT-FOR-US: InterWorx Hosting Control Panel CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria es ...) NOT-FOR-US: escafeWeb CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension ...) NOT-FOR-US: iisfunc (windows only) CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2 ...) NOT-FOR-US: 2532|Gigs CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC serv ...) - ircii-pana (medium; bug #443544) CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the nvUtility.Util ...) NOT-FOR-US: ACTi Network Video Recorder CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX cont ...) NOT-FOR-US: ACTi Network Video Recorder CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 al ...) NOT-FOR-US: WBB2-Addon: Acrotxt 1 CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might all ...) - tcp-wrappers 7.6.dbs-12 (bug #405342; medium) [etch] - tcp-wrappers (Vulnerability was introduced in -10) [sarge] - tcp-wrappers (Vulnerability was introduced in -10) CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows loca ...) NOT-FOR-US: BufferZone (Windows) CVE-2007-4579 REJECTED CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...) NOT-FOR-US: Sophos CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...) NOT-FOR-US: Sophos CVE-2007-4576 REJECTED CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...) {DSA-1419-1} - openoffice.org 2.3.1~rc1-1 (medium; bug #454463) - hsqldb 1.8.0.9-1 CVE-2007-4574 (Unspecified vulnerability in the "stack unwinder fixes" in kernel in R ...) - linux-2.6 (Redhat specific vulnerability) NOTE: I contacted the redhat security team about this, this was caused by an incomplete NOTE: backport for stack unwinder fixes in the linux kernel made by them. NOTE: redhat sent a reproducer to the vendor-sec list CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...) {DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.22-5 (medium) CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, wh ...) {DSA-1409-3 DSA-1409-2 DSA-1409-1} - samba 3.0.27-1 (high; bug #451385) CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the Advance ...) {DSA-1505-1 DSA-1479-1} - linux-2.6 2.6.22-5 (low; bug #444571) - alsa-driver 1.0.15-1 NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 NOTE: very easy to exploit locally CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in ...) NOT-FOR-US: MCS translation daemon CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...) {DSA-1376-1 DTSA-60-1} - kdebase 4:3.5.7-4 [sarge] - kdebase (problem not present in code) NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server (x ...) {DSA-1385-1} - xfs 1:1.0.5-1 CVE-2007-4567 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...) - linux-2.6 2.6.22-1 [etch] - linux-2.6 (Introduced in 2.6.20) CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...) NOT-FOR-US: SIDVault CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...) {DSA-1377-2} - fetchmail 6.3.8-8 (bug #440006; low) [etch] - fetchmail (Hardly a security problem) [sarge] - fetchmail (problem not present in source) CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later mi ...) NOT-FOR-US: Hitachi Cosminexus CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later mi ...) NOT-FOR-US: Hitachi Cosminexus CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosm ...) NOT-FOR-US: Hitachi DABroker CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server bef ...) NOT-FOR-US: Helix DNA Server CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, al ...) {DSA-1366-1} - clamav 0.91.2-1~volatile1 (high) CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) extractal ...) - python2.3 (unimportant) - python2.4 (unimportant; bug #440097) - python2.5 (unimportant; bug #440099) NOTE: According to upstream this is the intended behaviour for the module. NOTE: Since this is a library interface to embed Tar functionality into applications NOTE: it is in order to not provide the full security safety belts one might NOTE: expect from an enduser application like tar(1). Plus, addressing this would NOTE: mean to diverge from upstream permanently and could break the behaviour NOTE: of external apps. Anyone who wants to see this "fixed" should rather file NOTE: a PEP on an improved tar interface with additional security guarantees NOTE: provided by design. CVE-2007-4558 REJECTED CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in Nove ...) NOT-FOR-US: Novell CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0. ...) NOT-FOR-US: OpenSymphony XWork CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows rem ...) NOT-FOR-US: Ipswitch WS_FTP CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php i ...) - tikiwiki CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...) NOT-FOR-US: Thomson ST 2030 SIP phone CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...) NOT-FOR-US: Agares Media Arcadem CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media A ...) NOT-FOR-US: Agares Media Arcadem CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean migh ...) NOT-FOR-US: ALPass CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...) NOT-FOR-US: ALPass CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...) NOT-FOR-US: Apache Geronimo CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...) NOT-FOR-US: Unreal Commander CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the C ...) NOT-FOR-US: Unreal Commander CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...) NOT-FOR-US: Unreal Commander CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPres ...) NOT-FOR-US: WordPress multi-user (MU) CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...) - bugzilla 2.22.1-2.2 (low; bug #440106) [etch] - bugzilla (Affected code only shipped in example, minor issue anyway) [sarge] - bugzilla (Vulnerable code not present) CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer befor ...) {DSA-1539-1} - mapserver 4.10.3-1 (bug #439346) CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...) NOT-FOR-US: Olate Download CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate Downlo ...) NOT-FOR-US: Olate Download CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 do ...) - bugzilla (Affected versions were never present in the archive) CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers t ...) - bugzilla (Affected versions were never present in the archive) CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm impl ...) NOT-FOR-US: Skulltag CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...) NOT-FOR-US: TorrentTrader CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...) NOT-FOR-US: Vavoom CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker ...) NOT-FOR-US: Vavoom CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in Vavoo ...) NOT-FOR-US: Vavoom CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...) NOT-FOR-US: Soldat game server CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...) NOT-FOR-US: Soldat game server CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Serve ...) - teamspeak-server 2.0.23.19-1 CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote auth ...) - teamspeak-server 2.0.23.19-1 CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not f ...) NOT-FOR-US: ffi extension for php CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...) NOT-FOR-US: phUploader CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before 3.5 ...) NOT-FOR-US: Novell Identity Manager CVE-2007-4525 - spip 2.0.6-1 CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2 ...) NOT-FOR-US: PhPress CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Ma ...) NOT-FOR-US: Ripe Website Manager CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 a ...) NOT-FOR-US: Ripe Website Manager CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an I ...) - asterisk (The voicemail backend is not enabled in Debian) [sarge] - asterisk (Only Asterisk 1.4.x is affected) [etch] - asterisk (Only Asterisk 1.4.x is affected) NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html NOTE: the backend will be enabled in future uploads with a fixed package. CVE-2007-4520 RESERVED CVE-2007-4519 RESERVED CVE-2007-4518 RESERVED CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedur ...) NOT-FOR-US: Oracle CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in Syman ...) NOT-FOR-US: Volume Manager Scheduler Service CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before 20 ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manag ...) NOT-FOR-US: HP ProCurve Manager CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow loc ...) NOT-FOR-US: IBM AIX CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Wind ...) NOT-FOR-US: Sophos Anti-Virus for Windows CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...) NOT-FOR-US: Sun Application Server CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...) {DSA-1366-1} - clamav 0.91.2-1~volatile1 [sarge] - clamav (Vulnerable code not present) NOTE: Only exploitable if CL_EXPERIMENTAL is set CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component (c ...) NOT-FOR-US: EventList component for Joomla! CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...) NOT-FOR-US: Rebellion Asura engine CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 al ...) NOT-FOR-US: External PHP component only relevant for Windows CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ( ...) NOT-FOR-US: NeoRecruit component for Joomla! CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ( ...) NOT-FOR-US: RemoSitory component for Mambo CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles componen ...) NOT-FOR-US: RSfiles component for Joomla! CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component (c ...) NOT-FOR-US: Nice Talk component for Joomla! CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component (com_ ...) NOT-FOR-US: BibTeX component for Joomla! CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...) NOT-FOR-US: SSHKeychain CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...) NOT-FOR-US: SSHKeychain CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American Finan ...) NOT-FOR-US: American Financing eMail Image Upload CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0 ...) NOT-FOR-US: Grandstream SIP Phone CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) - vmware-package 0.16 CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) - vmware-package 0.16 CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) NOT-FOR-US: Solaris CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9 ...) - ezpublish CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...) - ezpublish CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun Sol ...) NOT-FOR-US: Solaris CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows r ...) NOT-FOR-US: Gurur haber CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProte ...) NOT-FOR-US: Trend Micro CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...) NOT-FOR-US: eCentrex VOIP CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gig ...) NOT-FOR-US: Siemens GigaSet firmware CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...) NOT-FOR-US: Invision Power Board CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in Lin ...) NOT-FOR-US: Linkliste CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly on ...) NOT-FOR-US: Butterfly online visitors counter CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER 1.0 ...) NOT-FOR-US: My_REFERER CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0. ...) NOT-FOR-US: Pool 1.0.7 theme for WordPress CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...) NOT-FOR-US: Rus themes for WordPress CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1. ...) NOT-FOR-US: Sirius 1.0 theme for WordPress CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search Engi ...) NOT-FOR-US: Search Engine Builder CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...) NOT-FOR-US: Internet Explorer CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...) NOT-FOR-US: Planet VC-200M VDSL2 router CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...) {DSA-1566-1 DSA-1438-1} - tar 1.18-1 (low; bug #441444) - cpio 2.9-5 (low; bug #449222) CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webvie ...) NOT-FOR-US: EAI WebViewer3D ActiveX control CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web Acce ...) NOT-FOR-US: IBM Lotus Domino Web Access CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate se ...) NOT-FOR-US: Gesytec Easylon OPC Server CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings Play ...) NOT-FOR-US: Broderbund Expressit CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online E ...) NOT-FOR-US: QuickBooks CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping NC ...) NOT-FOR-US: Earth Resource Mapping NCSView CVE-2007-4469 RESERVED CVE-2007-4468 RESERVED CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...) NOT-FOR-US: Oracle CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCt ...) NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apa ...) - apache (low) - apache2 2.2.6-1 (bug #453783) [sarge] - apache (browser issue, low impact) [sarge] - apache2 (browser issue, low impact) NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE. NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset, NOTE: but many users change this. NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3. CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Co ...) NOT-FOR-US: Total Commander CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted rem ...) NOT-FOR-US: Total Commander CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwr ...) - po4a 0.31-1 (bug #439226) [etch] - po4a 0.29-1etch1 [sarge] - po4a 0.20-2sarge1 CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote attack ...) - nufw 2.2.4-1 (bug #439227) [etch] - nufw CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8 ...) {DSA-1365-3 DSA-1365-2 DSA-1365-1} - id3lib3.8.3 3.8.3-7 (low; bug #438540) CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...) NOT-FOR-US: Cisco IP Phone CVE-2007-4458 (PHP remote file inclusion vulnerability in includes/class/class_tpl.ph ...) NOT-FOR-US: Firesoft CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...) NOT-FOR-US: Dalai Forum CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ (com_simplef ...) NOT-FOR-US: mambo NOTE: mambo is in experimental though CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...) - asterisk 1:1.4.11~dfsg-1 [sarge] - asterisk (not affected according to advisory) [etch] - asterisk (not affected according to advisory) CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...) NOT-FOR-US: Olate Download CVE-2007-4453 NOT-FOR-US: vBulletin CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...) NOT-FOR-US: Toribash CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote attac ...) NOT-FOR-US: Toribash CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...) NOT-FOR-US: Toribash CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...) NOT-FOR-US: Toribash CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle parti ...) NOT-FOR-US: Toribash CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier a ...) NOT-FOR-US: Toribash CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...) NOT-FOR-US: Toribash CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...) NOT-FOR-US: Image space rfactor CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier all ...) NOT-FOR-US: Image space rfactor CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and 2004 ...) NOT-FOR-US: Unreal on Windows CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal engi ...) NOT-FOR-US: Unreal on Windows CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...) - php5 (Windows-specific) CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mai ...) NOT-FOR-US: Mercury mail system CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in Squirre ...) NOT-FOR-US: Squirrelcart CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...) - ampache 3.3.3.5-dfsg-1 (bug #407337) CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 al ...) - ampache 3.3.3.5-dfsg-1 (bug #407337) CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...) - drupal (External addon, see bug #439379) CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 al ...) NOT-FOR-US: TorrentTrader CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...) NOT-FOR-US: Text File Search ASP CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...) NOT-FOR-US: Text File Search ASP CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...) NOT-FOR-US: SUSE CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earli ...) NOT-FOR-US: Safari/windows CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows contex ...) NOT-FOR-US: Cisco IOS CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...) NOT-FOR-US: Skype CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via unknow ...) NOT-FOR-US: lhaz CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the C ...) NOT-FOR-US: InterSystems Cache CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a deni ...) NOT-FOR-US: Live for Speed CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 all ...) NOT-FOR-US: Live for Speed CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user be ...) NOT-FOR-US: Safari CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID functio ...) NOT-FOR-US: IBM DB2 CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN wi ...) NOT-FOR-US: Symantec Enterprise Firewall CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...) NOT-FOR-US: Olate Download CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: EDraw Office Viewer Component CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin u ...) NOT-FOR-US: Olate Download CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...) NOT-FOR-US: IBM DB2 CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not proper ...) NOT-FOR-US: IBM DB2 CVE-2007-4416 NOT-FOR-US: BellaBook CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 In ...) NOT-FOR-US: Cisco VPN client/windows CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to g ...) NOT-FOR-US: Cisco VPN client/windows CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...) NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2 CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solut ...) NOT-FOR-US: Deskpro CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the hi ...) - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314) [etch] - ircd-ircu (Minor issue) CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick actio ...) - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314) [etch] - ircd-ircu (Minor issue) CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote att ...) - ircd-ircu (Version affected not yet in unstable, maintainer informed) CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allow ...) - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314) [etch] - ircd-ircu (Minor issue) CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...) - ircd-ircu (Version affected not yet in unstable, maintainer informed) CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...) - ircd-ircu (Version affected not yet in unstable, maintainer informed) CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...) - ircd-ircu (Version affected not yet in unstable, maintainer informed) CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of servi ...) - ircd-ircu (Version affected not yet in unstable, maintainer informed) CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote attack ...) NOT-FOR-US: mirc/winamp CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote attack ...) NOT-FOR-US: mirc CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC Integrati ...) NOT-FOR-US: mirc CVE-2007-4400 (CRLF injection vulnerability in the included media script in Konversat ...) - konversation 1.0.1-4 (low; bug #439837) [etch] - konversation (minor issue) [sarge] - konversation (minor issue) CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allo ...) NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package) CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...) - irssi-scripts 20070925 (low; bug #439840) - weechat-scripts 20070425-0.1 (low; bug #439839) [etch] - irssi-scripts (minor issue) [etch] - weechat-scripts (minor issue) [sarge] - irssi-scripts (minor issue) CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMM ...) NOT-FOR-US: various IRC now_playing scripts CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33t ...) - irssi-scripts 20070925 (low; bug #439840) [etch] - irssi-scripts (minor issue) [sarge] - irssi-scripts (minor issue) NOTE: weechat-scripts does not include the mentioned scripts CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...) NOT-FOR-US: Sun Solaris 8 CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the fi ...) NOT-FOR-US: findutils-locate on SUSE Linux CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 place ...) NOT-FOR-US: oracle CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service (prog ...) NOT-FOR-US: winamp CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...) NOT-FOR-US: kakadu CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, o ...) NOT-FOR-US: BlueCat CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...) NOT-FOR-US: 2wire CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17. ...) NOT-FOR-US: 2wire CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...) NOT-FOR-US: 2wire CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows rem ...) NOT-FOR-US: GetMyOwnArcade CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input valid ...) NOT-FOR-US: Stinger CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...) NOT-FOR-US: Stephane Pineau VOTE CVE-2007-4383 NOT-FOR-US: Trackeur CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote atta ...) NOT-FOR-US: CounterPath X-Lite CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun JD ...) - sun-java5 1.5.0-10-1 CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8. ...) NOT-FOR-US: Altiris Deployment Solution CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Babo Violent CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and e ...) NOT-FOR-US: Babo Violent CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k allow ...) NOT-FOR-US: SurgeMail CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...) NOT-FOR-US: Szymon Kosok Best Top List CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 Profes ...) NOT-FOR-US: Diskeeper CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat me ...) NOT-FOR-US: Babo Violent CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly imp ...) NOT-FOR-US: Babo Violent CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 20 ...) NOT-FOR-US: SurgeMail CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions] - libpam-usb 0.4.1-1 (medium) NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel CVE-2007-XXXX [lwat sometimes logs passwords in access.log] - lwat 0.15-2 (low) CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...) NOT-FOR-US: Neuron Blog CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer 0. ...) NOT-FOR-US: Racer CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4. ...) NOT-FOR-US: SOTEeSKLEP CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) W ...) NOT-FOR-US: IBM Rational ClearQuest (CQ) CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code vi ...) NOT-FOR-US: Opera CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service (d ...) - wengophone 2.1.1.dfsg0-3 (bug #438419) CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...) NOT-FOR-US: eXV2 CMS CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain authentic ...) NOT-FOR-US: Fedora Commons CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the nodereferen ...) NOT-FOR-US: Drupal Content Construction Kit (CCK) CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...) NOT-FOR-US: Prozilla Webring CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...) NOT-FOR-US: ReadyNAS RAIDiator CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with fi ...) NOT-FOR-US: Dell CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems J ...) NOT-FOR-US: JobLister3 CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Zoidcom CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof t ...) - mozilla-firefox (unimportant) - mozilla (unimportant) - iceweasel (unimportant) - iceape (unimportant) CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML fil ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...) NOT-FOR-US: AIX CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...) NOT-FOR-US: AIX CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...) NOT-FOR-US: AIX CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...) {DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1} - poppler 0.6.2-1 (medium; bug #450628) - kdegraphics 4:3.5.8-2 (medium; bug #450630) [etch] - kdegraphics (Vulnerable code not used) - xpdf 3.02-1.3 (medium; bug #450629) - koffice 1:1.6.3-4 (medium; bug #450631) - cupsys 1.1.22-7 - cups 1.1.22-7 - gpdf - pdftohtml [etch] - pdftohtml 0.36-13etch1 - tetex-bin 3.0-12 NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed NOTE: cups uses xpdf-utils and poppler-utils since version 1.1.22-7 - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - swftools 0.9.2+ds1-2 CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...) {DSA-1407-1 DTSA-81-1} - cupsys 1.3.4-1 (medium; bug #448866) - cups 1.3.4-1 (medium; bug #448866) [sarge] - cupsys (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise) CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface i ...) NOT-FOR-US: HP SiteScope CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...) NOT-FOR-US: HP OpenView Report CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tiv ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...) NOT-FOR-US: Job Engine CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for Windo ...) NOT-FOR-US: Job Engine CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail S ...) NOT-FOR-US: IMail Client CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...) NOT-FOR-US: ACDSee CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-ass ...) NOT-FOR-US: IrfanView CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral L ...) NOT-FOR-US: PHPCentral CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in Om ...) NOT-FOR-US: Omnistar Lib2 PHP CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 a ...) NOT-FOR-US: phpDVD CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...) NOT-FOR-US: PHPCentral Poll Script CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 al ...) NOT-FOR-US: Family Connections CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in l ...) {DSA-1683-1} - streamripper 1.62.2-1 (low) CVE-2007-4336 (Buffer overflow in the Live Picture Corporation DXSurface.LivePicture. ...) NOT-FOR-US: Microsoft CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik WinGa ...) NOT-FOR-US: Qbik WinGate CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1 ...) NOT-FOR-US: Php-stats CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in A ...) NOT-FOR-US: Article Dashboard CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when ...) NOT-FOR-US: Article Dashboard CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...) NOT-FOR-US: FindNix CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1. ...) NOT-FOR-US: Shoutbox CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 all ...) NOT-FOR-US: Web News CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Gal ...) NOT-FOR-US: Bilder Galerie CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader 1. ...) NOT-FOR-US: File Uploader CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader ...) NOT-FOR-US: Bilder Uploader CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...) NOT-FOR-US: Gaestebuch CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other version ...) - flashplugin-nonfree 9.0.115.0.1 [etch] - flashplugin-nonfree 9.0.115.0.1~etch1 [sarge] - flashplugin-nonfree (Non-free not supported) CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows rem ...) - denyhosts 2.6-2.1 (bug #438162; medium) [etch] - denyhosts 2.6-1etch1 CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftp ...) NOT-FOR-US: BlockHosts CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...) {DSA-1456-1} - fail2ban 0.8.0-4 (bug #438187; medium) CVE-2007-4320 (PHP remote file inclusion vulnerability in admin/addons/archive/archiv ...) NOT-FOR-US: Ncaster CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...) NOT-FOR-US: Zyxel CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the man ...) NOT-FOR-US: Zyxel CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...) NOT-FOR-US: Zyxel CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...) NOT-FOR-US: Zyxel CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows loca ...) NOT-FOR-US: ATI CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the readin ...) NOT-FOR-US: Pixlie CVE-2007-4313 (PHP remote file inclusion vulnerability in public_includes/pub_blocks/ ...) NOT-FOR-US: Php Blue Dragon CMS CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...) NOT-FOR-US: Php Blue Dragon CMS CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...) {DSA-1503-2 DSA-1503-1} - linux-2.6 (buffer is local to the function that uses sizeof on it) CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remot ...) NOT-FOR-US: Solaris CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenti ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI la ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1} - linux-2.6 2.6.22-4 (medium; bug #443694) CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 a ...) NOT-FOR-US: Storesprite CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...) - phpmyadmin (unimportant) [sarge] - phpmyadmin NOTE: It seems that this requires knowledge of a unguessable session token. NOTE: Confirmed by upstream. Sarge is not affected at all. CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...) NOT-FOR-US: NetBSD and OpenBSD CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...) NOT-FOR-US: CerbNG for FreeBSD CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...) NOT-FOR-US: CerbNG for FreeBSD CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic So ...) NOT-FOR-US: Generic Software Wrappers Toolkit CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: WebCart CVE-2007-4300 RESERVED CVE-2007-4299 RESERVED CVE-2007-4298 RESERVED CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...) NOT-FOR-US: Modulu CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (A ...) NOT-FOR-US: Anti-Spam SMTP Proxy Server CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...) NOT-FOR-US: Cisco CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...) NOT-FOR-US: Cisco CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote atta ...) NOT-FOR-US: Cisco CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco CVE-2007-4290 NOT-FOR-US: Guestbook Script CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT style ...) NOT-FOR-US: Sun Java System Portal Server CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted ...) NOT-FOR-US: Microsoft CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...) NOT-FOR-US: FishCart CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionali ...) NOT-FOR-US: Cisco CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12. ...) NOT-FOR-US: Cisco CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified M ...) NOT-FOR-US: Cisco CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Co ...) NOT-FOR-US: Coppermine Photo Gallery (CPG) CVE-2007-4282 (The "Extended properties for entries" (entryproperties) plugin in sere ...) - serendipity 1.1.4-1 [etch] - serendipity (introduced in 1.1.x) CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...) - knowledgetree CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in FrontAccounti ...) NOT-FOR-US: FrontAccounting CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE servi ...) NOT-FOR-US: ESRI ArcSDE CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Tr ...) NOT-FOR-US: Trend Micro AntiVirus CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) NOT-FOR-US: IBM DB2 CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...) NOT-FOR-US: IBM DB2 CVE-2007-4274 REJECTED CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local us ...) NOT-FOR-US: IBM DB2 CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...) NOT-FOR-US: IBM DB2 CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 an ...) NOT-FOR-US: IBM DB2 CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...) NOT-FOR-US: IBM DB2 CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 th ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2007-4266 RESERVED CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3 ...) NOT-FOR-US: VisionProject CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...) NOT-FOR-US: snif CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...) - asterisk 1:1.4.10~dfsg-1 NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-019.htm [sarge] - asterisk (not affected according to advisory) [etch] - asterisk (not affected according to advisory) CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP) ...) NOT-FOR-US: Cisco CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earli ...) NOT-FOR-US: EZPhotoSales CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the ...) NOT-FOR-US: EZPhotoSales CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default "admin" account for galle ...) NOT-FOR-US: EZPhotoSales CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download arb ...) NOT-FOR-US: EZPhotoSales CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site Dire ...) NOT-FOR-US: Prozilla CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user ...) NOT-FOR-US: Live for Speed CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...) NOT-FOR-US: YNP Portal System CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-depe ...) - php5 (unimportant) - php4 (unimportant) NOTE: Only exploitable by malicious script CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...) NOT-FOR-US: Microsoft CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in Envol ...) NOT-FOR-US: Envolution CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: CHILKAT ASP String CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...) - openoffice.org (unimportant) NOTE: Only a crasher with malformed documents CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.3 ...) NOT-FOR-US: Advanced Searchbar CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...) NOT-FOR-US: ExportNation toolbar CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolb ...) NOT-FOR-US: Toolbar Gaming toolbar CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem I ...) NOT-FOR-US: Justsystem Ichitaro CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTE ...) NOT-FOR-US: DiMeMa CONTENTdm CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! Reactions ...) NOT-FOR-US: Joomla! CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Ga ...) NOT-FOR-US: Astaro Security Gateway CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform vir ...) NOT-FOR-US: Astaro Security Gateway CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisc ...) NOT-FOR-US: Hewlett-Packard CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl) ...) NOT-FOR-US: Help Center Live CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp i ...) NOT-FOR-US: C-SAM oneWallet CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, ...) NOT-FOR-US: AIX CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...) NOT-FOR-US: AIX CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows l ...) NOT-FOR-US: AIX CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow re ...) NOT-FOR-US: VietPHP CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote atta ...) NOT-FOR-US: Camera Life CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow a ...) NOT-FOR-US: Camera Life CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...) NOT-FOR-US: PHPNews CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...) NOT-FOR-US: PhpHostBot CVE-2007-4230 NOT-FOR-US: BellaBiblio CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows re ...) - kdebase (unimportant) NOTE: Browser DoS not treated as vulnerabilities CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ( ...) NOT-FOR-US: AIX CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...) NOT-FOR-US: BlueCat Networks Proteus IPAM appliance CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote a ...) - kdebase 4:3.5.7-3 (bug #433072; low) [sarge] - kdebase (Minor issue) [etch] - kdebase (Minor issue) CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address b ...) - kdebase 4:3.5.7-3 (bug #433072; low) [sarge] - kdebase (Minor issue) [etch] - kdebase (Minor issue) CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an u ...) NOT-FOR-US: Microsoft Sysinternals DebugView CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in ...) NOT-FOR-US: IBM Lotus Notes CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Wi ...) NOT-FOR-US: Motorola Timbuktu CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6. ...) NOT-FOR-US: Motorola Timbuktu CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as u ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) i ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...) NOT-FOR-US: IBM AIX CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.3 ...) NOT-FOR-US: ZoneAlarm CVE-2007-4215 RESERVED CVE-2007-4214 RESERVED CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote at ...) NOT-FOR-US: Palm OS CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search Modu ...) NOT-FOR-US: PHP-Nuke CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated use ...) - dovecot 1:1.0.3-2 (low) [etch] - dovecot (minor issue) [sarge] - dovecot (minor issue) CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...) NOT-FOR-US: LANAI CMS CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows ...) NOT-FOR-US: Aceboard forum CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio Manag ...) NOT-FOR-US: Next Gen Portfolio Manager CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...) NOT-FOR-US: Gallery In A Box CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets inc ...) NOT-FOR-US: Kaspersky Anti-Spam CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2 ...) NOT-FOR-US: BlueCat Networks Adonis CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collabo ...) NOT-FOR-US: Hitachi Groupmax Collaboration CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attack ...) NOT-FOR-US: Mambo CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...) NOT-FOR-US: Guidance Software EnCase CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...) NOT-FOR-US: Guidance Software EnCase CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 int ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted re ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sle ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL poin ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth K ...) - sleuthkit 2.09-1 (unimportant) NOTE: Labelling this as a security problem is a bit far-fetched. CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to ...) NOT-FOR-US: Guidance Software EnCase CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...) NOT-FOR-US: DVD Rental System CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD R ...) NOT-FOR-US: DVD Rental System CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's in ...) NOT-FOR-US: Panda Antivirus CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) al ...) NOT-FOR-US: Joomla! CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...) NOT-FOR-US: Joomla! CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...) NOT-FOR-US: Joomla! CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...) NOT-FOR-US: Joomla! addon CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Joomla! CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...) NOT-FOR-US: Joomla! CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earli ...) NOT-FOR-US: paBugs CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1 ...) NOT-FOR-US: WikiWebWeaver CVE-2007-4181 NOT-FOR-US: Pluck CVE-2007-4180 NOT-FOR-US: Pluck CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HPUX CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2 ...) NOT-FOR-US: Webdirector CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...) NOT-FOR-US: Interact CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...) NOT-FOR-US: EQDKP Plus CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...) NOT-FOR-US: Openrat CMS CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly re ...) - tor 0.1.2.16-1 (medium) CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...) NOT-FOR-US: Hunkaray Okul Portali CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (O ...) NOT-FOR-US: Openwebmail CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for au ...) NOT-FOR-US: Aura CMS CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 al ...) NOT-FOR-US: AL-Athkar CVE-2007-4169 NOT-FOR-US: vgallite CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in AL-Carica ...) NOT-FOR-US: AL-Caricatier CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed t ...) NOT-FOR-US: Xu Yiyang CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue Memo ...) - wordpress (Wordpress doesn't ship this theme) CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java Syste ...) NOT-FOR-US: IndexScript CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 befo ...) NOT-FOR-US: IndexScript CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integr ...) NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...) NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...) NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...) NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5 ...) NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with insuff ...) NOT-FOR-US: PHPBlogger CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote attack ...) NOT-FOR-US: wolioCMS CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - vmware-package 0.16 CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows r ...) {DSA-1564-1} - wordpress 2.2.2-1 CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...) {DSA-1564-1} - wordpress 2.2.2-1 (low) NOTE: see issue 4690 and 4691 in wordpress trac CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...) NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ( ...) NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX befo ...) NOT-FOR-US: Interspire ArticleLive NX CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2 ...) NOT-FOR-US: WebEvent CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX con ...) NOT-FOR-US: BlueSkychat CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in sample-forms/simple-contac ...) NOT-FOR-US: MitriDAT eMail Form Processor Pro CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote authe ...) NOT-FOR-US: Billing Control Panel in phpCoupon CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...) NOT-FOR-US: IBM Lotus Sametime Server CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain se ...) NOT-FOR-US: OpenRat CMS CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows use ...) NOT-FOR-US: Live for Speed CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads edit ...) NOT-FOR-US: Temporary Uploads CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...) - samba 3.0.26-1 [etch] - samba (Vulnerable code was introduced in 3.0.25) [sarge] - samba (Vulnerable code was introduced in 3.0.25) CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...) {DSA-1426-1} - qt-x11-free 3:3.3.7-8 (medium; bug #442780) - qt4-x11 (Not exploitable according to upstream) CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ca ...) NOT-FOR-US: Conga CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle re ...) - libnfsidmap 0.18-0 (low; bug #442935) NOTE: https://issues.rpath.com/browse/RPL-1731 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 a ...) - star 1.5a67-1.1 (bug #440100; low) [etch] - star (Minor issue) CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions i ...) {DSA-1504-1 DSA-1381-2} - linux-2.6 2.6.20-1 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 al ...) NOT-FOR-US: Red Hat Satellite Server CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) {DSA-1438-1} - tar 1.18-2 (medium; bug #439335) CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RH ...) - linux-2.6 2.6.12-1 (low) NOTE: a fix is included in 2.6, see line 854 mempolicy.c NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git NOTE: which I can see and ships the fix CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a sy ...) - coolkey 1.1.0-3 CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...) NOT-FOR-US: com_gmaps for Joomla! CVE-2007-4127 NOT-FOR-US: Ralf Image Gallery CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...) NOT-FOR-US: Sun Solaris CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX CVE-2007-4124 (The session failover function in Cosminexus Component Container in Cos ...) NOT-FOR-US: Cosminexus CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax ...) NOT-FOR-US: Hitachi Groupmax CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) ...) NOT-FOR-US: Hitachi Hierarchical Viewer CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scr ...) NOT-FOR-US: E-Commerce Scripts Shopping Cart Script CVE-2007-4120 NOT-FOR-US: vBulletin CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Zi ...) NOT-FOR-US: Defteri CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php ...) NOT-FOR-US: phpVoter CVE-2007-4117 NOT-FOR-US: phpVoter CVE-2007-XXXX [teamspeak-server arbitrary file disclosure] - teamspeak-server 2.0.23.19-1 (bug #435707; medium) CVE-2007-XXXX [tor insufficient authentication on control port] - tor 0.1.2.16-1 CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum Por ...) NOT-FOR-US: Metyus Forum Portal CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...) NOT-FOR-US: IT!CMS (itcms) CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygula ...) NOT-FOR-US: SuskunDuygular Uyelik Sistemi CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) be ...) NOT-FOR-US: Advanced Webhost Billing System (AWBS) CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing Sys ...) NOT-FOR-US: Advanced Webhost Billing System (AWBS) CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...) NOT-FOR-US: Real Estate listing website CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / Threade ...) NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...) NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template) CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...) NOT-FOR-US: WebEvents (Online Event Registration Template) CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...) NOT-FOR-US: phpMyForum CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Tim ...) NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...) NOT-FOR-US: Baidu Soba Search Bar CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStat ...) NOT-FOR-US: WP-FeedStats plugin for WordPress CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2. ...) - asterisk 1:1.4.9~dfsg-1 [etch] - asterisk (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected) [sarge] - asterisk (1.0 not affected) CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...) NOT-FOR-US: sBlog CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 a ...) NOT-FOR-US: Madoa Poll CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_in ...) - mldonkey 2.9.0-1 (bug #435439) [etch] - mldonkey (Minor issue) CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ne ...) - tor 0.1.2.15-1 CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from diff ...) - tor 0.1.2.15-1 CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for te ...) - tor 0.1.2.15-1 CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, a ...) - tor 0.1.2.15-1 CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...) NOT-FOR-US: BSM Store Dependent Forums CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ID ...) NOT-FOR-US: IDevSpot PhpHostBot CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web r ...) NOT-FOR-US: Minb Is Not a Blog (minb) CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and earl ...) NOT-FOR-US: iFoto CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...) {DSA-1360-1} - rsync 2.6.9-5 (bug #438125; medium) CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...) NOT-FOR-US: Vikingboard CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Vikingboard CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...) NOT-FOR-US: Vikingboard CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain se ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enter ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow r ...) NOT-FOR-US: AlstraSoft AskMe Pro CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) NOT-FOR-US: AlstraSoft Affiliate Network CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskM ...) NOT-FOR-US: AlstraSoft AskMe Pro CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php AlstraS ...) NOT-FOR-US: AlstraSoft Article Manager Pro CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...) NOT-FOR-US: AlstraSoft Affiliate Network Pro CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Fri ...) NOT-FOR-US: AlstraSoft CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...) NOT-FOR-US: AlstraSoft CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...) NOT-FOR-US: AlstraSoft CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Vide ...) NOT-FOR-US: AlstraSoft CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris Sites ...) NOT-FOR-US: Alisveris Sitesi Scripti CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sit ...) NOT-FOR-US: Alisveris Sitesi Scripti CVE-2007-4074 (The default configuration of Centre for Speech Technology Research (CS ...) - festival 1.96~beta-6 (bug #435445; low) [etch] - festival (Minor issue) CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a fri ...) NOT-FOR-US: Webbler CMS CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within HT ...) NOT-FOR-US: Webbler CMS CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in uploader/index. ...) NOT-FOR-US: Webbler CMS CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun S ...) - lbxproxy CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ear ...) NOT-FOR-US: IndexScript CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote at ...) NOT-FOR-US: Webyapar CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav Ac ...) NOT-FOR-US: Clever Internet ActiveX Suite CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow con ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780 CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 a ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780 CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...) - drupal 4.7.7-1 (low) - drupal5 5.2-1 (low) [sarge] - drupal (Only Drupal 5.x is affected) CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...) - drupal5 5.2-1 (low) NOTE: DRUPAL-SA-2007-017 CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vuln ...) - nessus-core (Windows only) CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in Ness ...) - nessus-core (Windows only) CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...) NOT-FOR-US: corehttp CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - vmware-package 0.16 CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - vmware-package 0.16 CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...) NOT-FOR-US: Neocrome Seditio CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult Directo ...) NOT-FOR-US: Adult Directory CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allo ...) NOT-FOR-US: SimpleBlog CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...) NOT-FOR-US: PHP123 Top Sites CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA 1. ...) NOT-FOR-US: LinPHA CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in nuk ...) NOT-FOR-US: nukedit CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag 1. ...) NOT-FOR-US: UltraDefrag CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...) NOT-FOR-US: ADempiere Bazaar CVE-2007-4049 REJECTED CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2. ...) {DTSA-58-1} - phpsysinfo 2.5.1-6.1 (unimportant; bug #435935) - phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685) [etch] - phpgroupware (Affected code is not used in phpgroupware) - egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937) NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) del ...) NOT-FOR-US: geoBlog CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery (com_pony ...) NOT-FOR-US: Pony Gallery CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other Linu ...) - cupsys 1.2 - cups 1.2 NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable CVE-2007-4044 REJECTED CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...) NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 al ...) NOT-FOR-US: Netscape Navigator CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) {DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1} - iceweasel 2.0.0.6-1 - xulrunner 1.8.1.9-1 - iceape 1.1.5-1 CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and Outlo ...) NOT-FOR-US: Micrsoft Outlook CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...) - icedove (Windows-specific) CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, wh ...) {DSA-1338-1} - iceweasel 2.0.0.5-1 CVE-2007-4037 NOT-FOR-US: Guidance Software CVE-2007-4036 NOT-FOR-US: Guidance Software CVE-2007-4035 NOT-FOR-US: Guidance Software CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Ins ...) NOT-FOR-US: Yahoo! Widgets CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/ ...) {DSA-1390-1} - t1lib 5.1.0-3 (bug #439927) NOTE: originally posted as a php vuln, actually in libt1 NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions) CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...) NOT-FOR-US: CrystalPlayer CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in Ness ...) NOT-FOR-US: Nessus ActiveX control CVE-2007-4030 RESERVED CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows cont ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 (medium; bug #437916) NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780 CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...) NOT-FOR-US: WebSPELL CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...) NOT-FOR-US: Areca CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...) NOT-FOR-US: epesi CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server ...) NOT-FOR-US: Sun Java System Application Server CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W ...) NOT-FOR-US: W1L3D4 CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in A ...) NOT-FOR-US: Aruba Mobility Controller CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/change ...) NOT-FOR-US: cPanel CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Br ...) NOT-FOR-US: Brain Book Software Secure CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Ad ...) NOT-FOR-US: AdMan CVE-2007-4019 REJECTED CVE-2007-5645 REJECTED CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows at ...) NOT-FOR-US: Citrix CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based admin ...) NOT-FOR-US: Citrix CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access Ga ...) NOT-FOR-US: Citrix CVE-2007-4015 REJECTED CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php instal ...) NOT-FOR-US: Blix themes for WordPress CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6La ...) NOT-FOR-US: Citrix CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...) NOT-FOR-US: Cisco CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...) NOT-FOR-US: Cisco CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and disa ...) - php5 (Windows-specific issue) CVE-2007-4009 (PHP remote file inclusion vulnerability in admin/business_inc/saveserv ...) NOT-FOR-US: SWSoft Confixx CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...) NOT-FOR-US: Entertainment CMS CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article Direct ...) NOT-FOR-US: Article Directory CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unkno ...) NOT-FOR-US: Mike Dubman Windows RSH daemon CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1 ...) NOT-FOR-US: Mike Dubman Windows RSH daemon CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...) NOT-FOR-US: IBM AIX CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...) NOT-FOR-US: IBM AIX CVE-2007-4002 RESERVED CVE-2007-4001 RESERVED CVE-2007-4000 (The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy. ...) - krb5 1.6.dfsg.1-7 (high) [etch] - krb5 (Vulnerable code not present) [sarge] - krb5 (Vulnerable code not present) CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in li ...) {DSA-1368-1 DSA-1367-1} - librpcsecgss 0.14-3 - krb5 1.6.dfsg.1-7 (high) [sarge] - krb5 (Vulnerable code not present) CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, d ...) {DSA-1578-1 DSA-1444-1 DTSA-61-1} - php5 5.2.4-1 (low) - php4 (low) NOTE: this applies to php4 as well NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c NOTE: so maybe this is already fixed in 5.2.3, not sure NOTE: fixed in php5/etch svn NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64 CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...) - php5 5.2.4-1 (unimportant) - php4 (unimportant) NOTE: only exploitable by malicious script CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (bug #443456; medium) - libwmf (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) NOTE: Debian's PHP packages are linked dynamically against libgd NOTE: see http://www.php.net/releases/5_2_4.php CVE-2007-3995 RESERVED CVE-2007-3994 RESERVED CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...) NOT-FOR-US: Kerio MailServer CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...) NOT-FOR-US: iExpress Property Pro CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp c ...) NOT-FOR-US: Asp cvmatik CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...) NOT-FOR-US: Dora Emlak CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) NOT-FOR-US: Dora Emlak CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System (VHCS ...) NOT-FOR-US: Virtual Hosting Control System CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, wh ...) NOT-FOR-US: ImageRacer CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...) NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing Secu ...) NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms cl ...) NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics DDActiveRep ...) NOT-FOR-US: ActiveReports CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ActiveRepor ...) NOT-FOR-US: ActiveReports CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition al ...) NOT-FOR-US: WSN Links CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameS ...) NOT-FOR-US: RCMS Pro RGameScript Pro CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...) NOT-FOR-US: BlogSite Professional CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to hi ...) NOT-FOR-US: bwired CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote attac ...) NOT-FOR-US: bwired CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote attac ...) NOT-FOR-US: bwired CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1 ...) NOT-FOR-US: Elite Forum CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...) NOT-FOR-US: JBlog CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...) NOT-FOR-US: JBlog CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote a ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote att ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote attac ...) NOT-FOR-US: Panda Antivirus CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...) NOT-FOR-US: dirLIST CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...) NOT-FOR-US: dirLIST CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ex ...) NOT-FOR-US: Munch Pro CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...) NOT-FOR-US: uFMOD CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote atta ...) NOT-FOR-US: Itaka CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, an ...) NOT-FOR-US: UseBB CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...) NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib b ...) NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM WebSphere CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...) NOT-FOR-US: Ipswitch Collaboration Suite (ICS) CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attacker ...) NOT-FOR-US: Nipun Jain xserver CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...) - teamspeak-server 2.0.23.19-1 (bug #435707) CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in Li ...) NOT-FOR-US: LinkedIn Toolbar CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) NOT-FOR-US: Microsoft CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...) NOT-FOR-US: Norman Antivirus CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...) NOT-FOR-US: Norman Antivirus CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote attack ...) NOT-FOR-US: Norman Antivirus CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...) - lighttpd 1.4.16-1 (low; bug #434888) CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #428368) [etch] - libghttpd (Accidentally omitted in DSA, but doesn't warrant another update itself) CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attacke ...) {DSA-1362-1} - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly u ...) NOT-FOR-US: Rule Set Based Access Control (RSBAC) CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular Ex ...) NOT-FOR-US: MobileSafari CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows r ...) NOT-FOR-US: Infinite Responder CVE-2007-3942 NOT-FOR-US: Simple Machines Forum CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...) NOT-FOR-US: Jasmine CMS CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...) NOT-FOR-US: QuickerSite CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Ma ...) NOT-FOR-US: Vivvo Article Management CMS CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...) NOT-FOR-US: MAXdev MDPro (MD-Pro) CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allo ...) NOT-FOR-US: A-shop CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0 ...) NOT-FOR-US: A-shopA-shop CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the SupaNa ...) NOT-FOR-US: SupaNav CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php i ...) NOT-FOR-US: BBS E-Market CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and ...) NOT-FOR-US: QuickEStore CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component fo ...) NOT-FOR-US: Expose RC35 for Joomla CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation s ...) NOT-FOR-US: Samsung SCX-4200 Driver installation script CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and DocuWi ...) NOT-FOR-US: Microsoft CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...) NOT-FOR-US: Opera CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...) NOT-FOR-US: Ipswitch IMail Server CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to c ...) NOT-FOR-US: Ipswitch IMail Server CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitc ...) NOT-FOR-US: Ipswitch IMail Server CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) NOT-FOR-US: Microsoft CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...) NOT-FOR-US: Cisco CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...) - sun-java5 1.5.0-12-2 [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-02-1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files v ...) {DSA-1402-1} - gforge 4.6.99+svn6169-1 CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...) {DTSA-75-1} [etch] - gnome-screensaver (Affected Compiz not present in Etch version) [etch] - xorg-server (Affected Compiz not present in Etch version) - gnome-screensaver 2.20.0-1.1 - xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium) CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local user ...) {DSA-1395-1} - xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044) - xen-3 3.1.2-1 (low) CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in GFor ...) {DSA-1383-1} - gforge 4.6.99+svn6094-1 CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before ...) {DSA-1386-1} - wesnoth 1.2.7-1 CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...) - skktools 1.2+0.20061004-3 (low) [sarge] - skktools (Minor issue) [etch] - skktools (Minor issue) CVE-2007-3915 (Mondo 2.24 has insecure handling of temporary files. ...) - mondo 2.24-2 (low) CVE-2007-3914 RESERVED CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote attacke ...) {DSA-1369-1 DTSA-57-1} - gforge 4.6.99+svn6086-1 CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain ...) {DSA-1527-1} - debian-goodies 0.34 (bug #440411; medium) CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka sche ...) NOT-FOR-US: BakBone NetVault Reporter CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows re ...) - bandersnatch (low; bug #435709) CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remot ...) - bandersnatch (low; bug #435709) CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Ent ...) NOT-FOR-US: HP ServiceGuard CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...) NOT-FOR-US: LedgerSMB CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point Fire ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...) {DSA-1389-2 DSA-1389-1} - zoph 0.7.0.2-1 (bug #435711) CVE-2007-3904 REJECTED CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in mshtml ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3900 REJECTED CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, a ...) NOT-FOR-US: Microsoft Word CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 S ...) NOT-FOR-US: Microsoft Windows CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...) NOT-FOR-US: Outlook Express CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft Wind ...) NOT-FOR-US: Windows CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 throu ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3894 REJECTED CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) NOT-FOR-US: Internet Explorer CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Internet Explorer CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows ...) NOT-FOR-US: Windows Vista CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, an ...) NOT-FOR-US: Microsoft CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...) NOT-FOR-US: Insanely Simple Blog CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...) NOT-FOR-US: Insanely Simple Blog CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...) NOT-FOR-US: ASP Ziyaretci Defteri CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...) NOT-FOR-US: Element CMS CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in hu ...) NOT-FOR-US: husrevforum CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0. ...) NOT-FOR-US: husrevforum CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earl ...) NOT-FOR-US: Data Dynamics ActiveBar ActiveX control CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows remo ...) NOT-FOR-US: Expert Advisor CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture R ...) NOT-FOR-US: Pictures Rating CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) Ne ...) NOT-FOR-US: Net Connect CVE-2007-3879 RESERVED CVE-2007-3878 RESERVED CVE-2007-3877 RESERVED CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows lo ...) NOT-FOR-US: SMB (Apple Mac OS X) CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...) NOT-FOR-US: CA Anti-Virus CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE s ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI En ...) NOT-FOR-US: SSAPI Engine CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service (OVT ...) NOT-FOR-US: HP OpenView CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...) NOT-FOR-US: Stampit CVE-2007-XXXX [dokuwiki XSS in spellchecker] - dokuwiki 0.0.20070626b-1 (unimportant; bug #434134) NOTE: IE browser bug are not treated as security issues in packages applications CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management c ...) NOT-FOR-US: Oracle CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship Mana ...) NOT-FOR-US: Oracle CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSo ...) NOT-FOR-US: Oracle CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...) NOT-FOR-US: Oracle CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10. ...) NOT-FOR-US: Oracle CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...) NOT-FOR-US: Oracle CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10. ...) NOT-FOR-US: Oracle CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application S ...) NOT-FOR-US: Oracle CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly Orac ...) NOT-FOR-US: Oracle CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component f ...) NOT-FOR-US: Oracle CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...) NOT-FOR-US: Oracle CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...) NOT-FOR-US: Oracle CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for Orac ...) NOT-FOR-US: Oracle CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...) NOT-FOR-US: Oracle CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...) NOT-FOR-US: Oracle CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...) NOT-FOR-US: Oracle CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp ...) - sysstat (We have our own init script not prone to this vulnerability) CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...) {DSA-1356-1} - linux-2.6 2.6.22-4 CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on Pow ...) - linux-2.6 (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES) CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intru ...) NOT-FOR-US: RedHat Advanced Intrusion Detection Environment CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send arbi ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1} - linux-2.6 2.6.22-4 CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Ap ...) - apache2 2.2.6-1 (bug #441845; low) [etch] - apache2 2.2.3-4+etch3 (bug #441845; low) - apache (unimportant) NOTE: Apache 1.3 is non-threaded, therefore unimportant CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...) NOT-FOR-US: TortoiseSVN on Windows CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x be ...) {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1} - iceweasel 2.0.0.6-1 (medium) - xulrunner 1.8.1.6-1 (medium) - iceape 1.1.3-2 (medium) - icedove 2.0.0.6-1 (medium) NOTE: MFSA2007-27 CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...) {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1} - iceweasel 2.0.0.6-1 (medium) - xulrunner 1.8.1.6-1 (medium) - iceape 1.1.3-2 (medium) - icedove 2.0.0.6-1 (medium) NOTE: MFSA2007-26 CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable fo ...) {DSA-1363-1} - linux-2.6 2.6.23-1 (bug #446073) CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise F ...) NOT-FOR-US: 8e6 R3000 Enterprise Filter CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux al ...) NOTE: this information is based upon a vague advisory by a vulnerability NOTE: information sales organization that does not coordinate with vendors or NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is NOTE: not disclosed it would be hard to fix and track it. CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...) NOT-FOR-US: Traffic Stats CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...) NOT-FOR-US: TBDev.NET CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...) NOT-FOR-US: TBDev.NET CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC serve ...) NOT-FOR-US: HydraIRC CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote attacker ...) NOT-FOR-US: HydraIRC CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...) NOT-FOR-US: Ex Libris MetaLib CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...) NOT-FOR-US: Ex Libris ALEPH CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios T ...) NOT-FOR-US: Trillian CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...) NOT-FOR-US: Trillian CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5 ...) NOT-FOR-US: ISS Proventia Network IPS CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...) NOT-FOR-US: ISS Proventia Network IPS CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player 2.60.1 ...) NOT-FOR-US: InterActual Player CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows re ...) NOT-FOR-US: Apple Mac OS X CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka " ...) NOTE: Unreproducible for upstream NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097 CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attacker ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ale ...) NOT-FOR-US: CA Alert Notification Server CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows r ...) NOT-FOR-US: MzK Blog CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows rem ...) NOT-FOR-US: IPSwitch WS_FTP CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7 ...) NOT-FOR-US: Webcit CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...) NOT-FOR-US: Webcit CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in th ...) NOT-FOR-US: Opera CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5 ...) NOT-FOR-US: LoginToboggan CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4 ...) NOT-FOR-US: LoginToboggan CVE-2007-3816 NOT-FOR-US: JWIG CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike Sloveni ...) NOT-FOR-US: Poslovni informator Republike Slovenije CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...) NOT-FOR-US: MKPortal CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the NoB ...) NOT-FOR-US: NoBoard BETA module for MKPortal CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...) NOT-FOR-US: CMScout CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote attac ...) NOT-FOR-US: eSyndiCat CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...) NOT-FOR-US: Realtor 747 CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script al ...) NOT-FOR-US: Prozilla Directory Script CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 all ...) NOT-FOR-US: paFileDB CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...) NOT-FOR-US: SiteScape Forum CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to c ...) {DSA-1578-1 DSA-1572-1 DTSA-61-1} - php5 5.2.4-1 (medium; bug #441433) - php4 [etch] - php5 (requires malicious script) [etch] - php4 (requires malicious script) [sarge] - php4 (requires malicious script) CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80. ...) NOT-FOR-US: Clavister CorePlus CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81 ...) NOT-FOR-US: Clavister CorePlus CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does n ...) NOT-FOR-US: Clavister CorePlus CVE-2007-3802 REJECTED CVE-2007-3801 REJECTED CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...) NOT-FOR-US: Symantec CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...) {DSA-1578-1 DSA-1444-1 DTSA-61-1} NOTE: this does not affect default installs, only those who have written NOTE: custom session handlers (which isn't *that* uncommon though), and NOTE: also may not work if other cookie values are set. NOTE: fix sneaked into php 5.2.3 sans-mention: NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2 NOTE: fixed in php4/etch, php5/etch, php4/sarge svn - php4 (low) - php5 5.2.4-1 (low; bug #441433) CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...) {DSA-1353-1} - tcpdump 3.9.5-3 (bug #434030) CVE-2007-3797 RESERVED CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for M ...) NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...) NOT-FOR-US: Hitachi CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit fo ...) NOT-FOR-US: Hitachi CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/N ...) NOT-FOR-US: Job Management Partner CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...) NOT-FOR-US: AzDG Dating Gold CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha a ...) {DSA-1361-1} - postfix-policyd 1.80-2.2 (bug #435735) CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ...) - php5 (com_print_typeinfo is a windows only func) - php4 (com_print_typeinfo is a windows only func) CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...) NOT-FOR-US: Inmostore CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within th ...) NOT-FOR-US: eSoft InstaGate CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old p ...) NOT-FOR-US: eSoft InstaGate CVE-2007-3786 NOT-FOR-US: eSoft InstaGate CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: EldoS SecureBlackbox CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F ...) NOT-FOR-US: Belkin CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...) NOT-FOR-US: enVivo!CMS CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.42 [sarge] - mysql-dfsg (Vulnerable functionality was introduced in 5.0) [sarge] - mysql-dfsg-4.1 (Vulnerable functionality was introduced in 5.0) CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...) {DSA-1451-1} - mysql-dfsg-5.0 5.0.45-1 [etch] - mysql-dfsg-5.0 (Minor issue, too intrusive to backport) [sarge] - mysql-dfsg (Minor issue, too intrusive to backport) [sarge] - mysql-dfsg-4.1 (Minor issue, too intrusive to backport) CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.44 [sarge] - mysql-dfsg (Introduced with SSL support in 4.1) CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PG ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelma ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edit ...) NOT-FOR-US: Grisoft AVG Anti-Virus CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...) NOT-FOR-US: Cisco CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...) NOT-FOR-US: Cisco CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with i ...) NOT-FOR-US: Dvbbs CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...) NOT-FOR-US: Generic YouTube Clone Script CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 allow ...) NOT-FOR-US: PsNews CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect featur ...) NOT-FOR-US: Symantec Antivirus CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce Te ...) {DSA-1393-1} - xfce4-terminal 0.2.6-3 (bug #437454) CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server manage ...) NOT-FOR-US: SurgeFTP CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FT ...) NOT-FOR-US: SurgeFTP CVE-2007-3767 RESERVED CVE-2007-3766 RESERVED CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW be ...) - asterisk 1:1.4.8~dfsg-1 (bug #433681) [sarge] - asterisk (1.0.x not affected) [etch] - asterisk (1.2.x not affected) NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-017.htm CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...) {DSA-1358-1} - asterisk 1:1.4.8~dfsg-1 NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-016.htm CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4. ...) {DSA-1358-1} - asterisk 1:1.4.8~dfsg-1 NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-015.htm CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...) {DSA-1358-1} - asterisk 1:1.4.8~dfsg-1 (high) NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-014.htm CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...) - kdebase 4:3.5.7-3 (bug #433072; low) [sarge] - kdebase (Minor issue) [etch] - kdebase (Minor issue) NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2 CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...) NOT-FOR-US: Safari CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...) NOT-FOR-US: Safari CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, do ...) NOT-FOR-US: Safari CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) NOT-FOR-US: Safari CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...) NOT-FOR-US: Safari CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) NOT-FOR-US: Safari CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to fo ...) NOT-FOR-US: Aplle iPhone CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user whe ...) NOT-FOR-US: Aplle iPhone CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximat ...) NOT-FOR-US: Aplle iPhone CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote at ...) NOT-FOR-US: iTunes CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime bef ...) NOT-FOR-US: Apple QuickTime CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the c ...) NOT-FOR-US: Apple Mac OS X CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...) NOT-FOR-US: iChat on Apple Mac OS X CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...) NOT-FOR-US: Apple Mac OS X CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...) NOT-FOR-US: Apple Mac OS X CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 c ...) NOT-FOR-US: Apple Mac OS X CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device St ...) NOT-FOR-US: Apple Mac OSX CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 Bet ...) NOT-FOR-US: Apple Safari CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1 ...) NOT-FOR-US: Apple Safari CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) - gimp 2.2.17-1 (unimportant) NOTE: Only DoS by memleaks or double-frees, not treated as security problems CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix exten ...) {DSA-1504-1 DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.22 CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...) {DSA-1504-1 DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.20-1 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...) {DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceape 1.1.3-1 (medium) - xulrunner 1.8.1.5-1 (medium) - iceweasel 2.0.0.5-1 (medium) NOTE: MFSA2007-25 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbi ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) - iceweasel 2.0.0.5-1 (high) NOTE: MFSA2007-21 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.5-1 (high) - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-19 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...) {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1} - iceweasel 2.0.0.5-1 (high) - icedove 2.0.0.6-1 (low) NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-18 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1} - iceweasel 2.0.0.5-1 (high) - icedove 2.0.0.6-1 (high; bug #444010) - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-18 CVE-2007-3733 RESERVED CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...) - linux-2.6 2.6.23-1 NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1) CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...) {DSA-1378-2 DSA-1378-1} - linux-2.6 2.6.23-1 CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) NOT-FOR-US: HP OpenVMS CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) NOT-FOR-US: HP OpenVMS CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and S ...) - silc-toolkit 1.1.2-1 [etch] - silc-toolkit (Only the 1.1.x branch is affected) NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2 CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have unkno ...) NOT-FOR-US: WebMatic CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in unr ...) - unrar-nonfree 3.7.3-1.1 (low; bug #437703) [etch] - unrar-nonfree (Non-free not supported) [sarge] - unrar-nonfree (Non-free not supported) - rar 1:3.7b1-1 (low; bug #437704) [etch] - rar (Vulnerable code was fixed already) [sarge] - rar (Non-free not supported) CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows u ...) {DSA-1340-1 DTSA-43-1} - clamav 0.91-1 [sarge] - clamav (Vulnerable code was introduced in 0.9x) CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...) NOT-FOR-US: Microsoft Windows XP CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of t ...) NOT-FOR-US: Solaris CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling b ...) - kfreebsd-5 (low) [etch] - kfreebsd-5 (kfreebsd not supported) CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to "i ...) - kfreebsd-5 (low) [etch] - kfreebsd-5 (kfreebsd not supported) CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling base ...) - linux-2.6 (There's a separate ID for 2.6, see CVE-2007-3719) CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to " ...) - linux (unimportant) - linux-2.6 (unimportant) NOTE: This is the existing default behaviour of the scheduler, can be tuned NOTE: to suit individual needs CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in Appl ...) NOT-FOR-US: Apple Safari CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...) NOT-FOR-US: Sun Solaris CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 bef ...) - sun-java6 6-02-1 (medium) - openjdk-6 6b08-1 (bug #566766) CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 befo ...) NOT-FOR-US: Sun Java System Application Server and Web Server CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 a ...) NOT-FOR-US: Ada Image Server CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...) {DSA-1433-1 DTSA-55-1} - centericq 4.22.1-2.1 (bug #438511; medium) - centerim 4.22.1-2.1 (medium) CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ...) NOT-FOR-US: HiddenChest CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...) NOT-FOR-US: TippingPoint IPS CVE-2007-3710 (PHP remote file inclusion vulnerability in example/gamedemo/inc.functi ...) NOT-FOR-US: PHP Comet-Server CVE-2007-3709 (CRLF injection vulnerability in the redirect function in url_helper.ph ...) - codeigniter (bug #471583) CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 2 ...) - codeigniter (bug #471583) CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 be ...) - codeigniter (bug #471583) CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 al ...) - codeigniter (bug #471583) CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...) NOT-FOR-US: FuseTalk CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...) NOT-FOR-US: Entertainment CMS CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...) NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3702 (Directory traversal vulnerability in the load function in cgi-bin/mail ...) NOT-FOR-US: Mail Machine CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a hex-encode ...) NOT-FOR-US: TippingPoint IPS CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...) NOT-FOR-US: Sun Java System Access Manager CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote a ...) NOT-FOR-US: Symantec CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...) - sun-java5 1.5.0-12-1 - sun-java6 6-02-1 [etch] - sun-java5 1.5.0-14-1etch1 - openjdk-6 6b08-1 (bug #566766) CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashB ...) NOT-FOR-US: FlashBB CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model Validator ...) NOT-FOR-US: CA ERwin Data Model Validator CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly A ...) NOT-FOR-US: CA ERwin CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project ...) NOT-FOR-US: Broadcast Machine CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...) NOT-FOR-US: gobi CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI Do ...) NOT-FOR-US: EZFactory KDDI Download CGI CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial ...) NOT-FOR-US: AV Tutorial CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal al ...) NOT-FOR-US: Forward module for Drupal CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allo ...) NOT-FOR-US: Print module for Drupal CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...) NOT-FOR-US: DotClear CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...) NOT-FOR-US: Inferno Technologies CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...) NOT-FOR-US: Unobtrusive Ajax Star Rating Bar CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Aja ...) NOT-FOR-US: Unobtrusive Ajax Star Rating Bar CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...) NOT-FOR-US: Unobtrusive Ajax Star Rating Bar CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earl ...) NOT-FOR-US: Aigaion CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier a ...) NOT-FOR-US: OpenLD CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in Wi ...) NOT-FOR-US: WinPcap CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm i ...) NOT-FOR-US: IBM AIX CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or ...) NOT-FOR-US: Citrix CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...) NOT-FOR-US: QuarkXPress CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow r ...) NOT-FOR-US: Maxsi eVisit Analyst CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...) NOT-FOR-US: IBM DB2 CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan A ...) NOT-FOR-US: Kaspersky Online Scanner CVE-2007-3674 RESERVED CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...) NOT-FOR-US: Symantec AntiVirus CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotCle ...) NOT-FOR-US: DotClear CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) NOT-FOR-US: Microsoft Windows CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) - iceweasel (Only affects Firefox/Thunderbird on Windows) - icedove (Only affects Firefox/Thunderbird on Windows) NOTE: MFSA2007-23 CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP Inn ...) NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVD ...) NOT-FOR-US: NMSDVDXLib CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...) NOT-FOR-US: ActiveReportsExcelReport CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 all ...) NOT-FOR-US: Symantec Ghost CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Nor ...) NOT-FOR-US: Symantec Ghost CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService Act ...) NOT-FOR-US: Eltima Software CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user ...) NOT-FOR-US: guliverkli Media Player Classic CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attacke ...) NOT-FOR-US: guliverkli Media Player Classic CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DL ...) NOT-FOR-US: Eltima Software CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...) NOT-FOR-US: Nonnoi CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allo ...) NOT-FOR-US: FreeWRL CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...) NOT-FOR-US: Microsoft CVE-2007-3657 NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not pe ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.5-1 (high) - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-24 CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...) - sun-java5 1.5.0-12-1 [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-02-1 CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2 ...) NOT-FOR-US: NetBSD CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (a ...) NOT-FOR-US: Farsi Script CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka FaS ...) NOT-FOR-US: Farsi Script CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...) NOT-FOR-US: Farsi Script CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive i ...) NOT-FOR-US: myWebland myBloggie CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly oth ...) NOT-FOR-US: WebMatic CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...) NOT-FOR-US: phpTrafficA CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ea ...) NOT-FOR-US: FlashGameScript CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...) {DSA-1455-1} - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...) {DSA-1455-1} - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges whe ...) NOT-FOR-US: AV Arcade CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c i ...) {DSA-1356-1} - linux-2.6 2.6.22-2 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) {DSA-1455-1} - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent at ...) NOT-FOR-US: Adobe Apollo CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...) {DSA-1564-1} - wordpress 2.2.2-1 CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...) NOT-FOR-US: MKPortal CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelma ...) NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...) NOT-FOR-US: Chilkat Software CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...) NOTE: Moodle contains a copy of the files, but not the string NOTE: "homedir", so it is not affected. CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 a ...) NOT-FOR-US: GameSiteScript CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require a ...) NOT-FOR-US: AV Tutorial CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allo ...) NOT-FOR-US: Levent Veysi Portal CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR St ...) NOT-FOR-US: Structures-DataGrid-DataSource-MDB2 CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...) NOT-FOR-US: PHP Lite Calender Express CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...) NOT-FOR-US: Hitachi CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients f ...) NOT-FOR-US: Citrix CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message S ...) NOT-FOR-US: SAP CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...) NOT-FOR-US: Hitachi CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon b ...) NOT-FOR-US: MDaemon CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3 ...) NOT-FOR-US: AsteriDex CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 a ...) NOT-FOR-US: Maia Mailguard CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...) NOT-FOR-US: Maia Mailguard CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service (nsre ...) NOT-FOR-US: EMC Software NetWorker CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply s ...) NOT-FOR-US: vtiger CRM CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) NOT-FOR-US: vtiger CRM CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...) NOT-FOR-US: SAP CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB We ...) NOT-FOR-US: SAP DB Web Server CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Inte ...) NOT-FOR-US: SAP CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...) NOT-FOR-US: Visual IRC CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not r ...) NOT-FOR-US: VRNews CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 all ...) NOT-FOR-US: phpVID CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating Softw ...) NOT-FOR-US: eMeeting CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...) NOT-FOR-US: SAP CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...) NOT-FOR-US: SAP CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX cont ...) NOT-FOR-US: SAP CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX cont ...) NOT-FOR-US: SAP CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...) NOT-FOR-US: vtiger CRM CVE-2007-3603 (SQL injection vulnerability in the dashboard (include/utils/SearchUtil ...) NOT-FOR-US: vtiger CRM CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that au ...) NOT-FOR-US: vtiger CRM CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...) NOT-FOR-US: vtiger CRM CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...) NOT-FOR-US: vtiger CRM CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import an ...) NOT-FOR-US: vtiger CRM CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) NOT-FOR-US: vtiger CRM CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows re ...) NOT-FOR-US: Zen Cart CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...) NOT-FOR-US: phpVideoPro CVE-2007-3595 REJECTED CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet Manag ...) NOT-FOR-US: ManageEngine OpManager CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ne ...) NOT-FOR-US: ManageEngine NetflowAnalyzer CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticat ...) NOT-FOR-US: Elite Bulletin Board CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board befor ...) NOT-FOR-US: Elite Bulletin Board CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...) NOT-FOR-US: b1gBB CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote at ...) NOT-FOR-US: b1gbb CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...) NOT-FOR-US: VBZooM CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...) NOT-FOR-US: MyCMS CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 a ...) NOT-FOR-US: MyCMS CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 an ...) NOT-FOR-US: MyCMS CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earl ...) NOT-FOR-US: PNphpBB2 CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 an ...) NOT-FOR-US: Girlserv ads CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event Calend ...) NOT-FOR-US: SuperCali PHP Event Calendar CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which m ...) NOT-FOR-US: Jedox CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as d ...) NOT-FOR-US: PHPIDS CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text prop ...) NOT-FOR-US: PHPIDS CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic express ...) NOT-FOR-US: PHPIDS CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr meth ...) NOT-FOR-US: PHPIDS CVE-2007-3576 NOT-FOR-US: Microsoft CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...) NOT-FOR-US: FreeDomain.co.nr Clone CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on th ...) NOT-FOR-US: Linksys CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote atta ...) NOT-FOR-US: AkoComment CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in th ...) NOT-FOR-US: Yoggie CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allo ...) NOT-FOR-US: Novell CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Relea ...) NOT-FOR-US: Novell CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...) NOT-FOR-US: Oliver Library Management System CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows context-depen ...) - imlib 1.9.15-3 (bug #437708; low) [sarge] - imlib (Minor issue, just a crash) [etch] - imlib (Minor issue, just a crash) CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...) NOT-FOR-US: MysqlDumper CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) NOT-FOR-US: Borland InterBase CVE-2007-3565 RESERVED CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does no ...) {DSA-1333-1} - curl 7.16.4-1 (low) CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1 ...) NOT-FOR-US: AV Arcade CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ear ...) NOT-FOR-US: PHP Director CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...) NOT-FOR-US: Efendy Blog CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have u ...) NOT-FOR-US: Esqlanelapse CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/s ...) NOT-FOR-US: PHP-Fusion CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1 ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...) NOT-FOR-US: Wheatblog CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) NOT-FOR-US: Liesbeth CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) {DSA-1691-1} - moodle 1.8.2-1 (low; bug #432264) CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) NOT-FOR-US: HP CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server i ...) NOT-FOR-US: Oracle CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...) NOT-FOR-US: bbs100 CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...) NOT-FOR-US: bbs100 CVE-2007-3550 NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allo ...) NOT-FOR-US: Buddy Zone CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...) NOT-FOR-US: W3Filer CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...) NOT-FOR-US: QuickTicket CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...) NOT-FOR-US: Nessus Windows GUI CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remot ...) NOT-FOR-US: Warzone CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.p ...) - wordpress 2.2.2-1 [etch] - wordpress (Vulnerable code not present) CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and W ...) - wordpress 2.2.1-1 [etch] - wordpress (Vulnerable code not present) CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...) NOT-FOR-US: Pluxml CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...) NOT-FOR-US: Kurinton sHTTPd CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...) NOT-FOR-US: rwAuction CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:200706 ...) NOT-FOR-US: QuickTicket CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...) NOT-FOR-US: QuickTalk CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...) NOT-FOR-US: IBM OS/400 CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX cont ...) NOT-FOR-US: AMX NetLinx VNC CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...) NOT-FOR-US: GL-SH Deaf Forum CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...) NOT-FOR-US: WebChat CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attacker ...) NOT-FOR-US: 3Com CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14. ...) - nvidia-kernel-common 20051028+1-0.1 (bug #434398; low) [sarge] - nvidia-kernel-common (Contrib and non-free not supported) [etch] - nvidia-kernel-common (Contrib and non-free not supported) CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) - nvclock 0.8b-1 (low) CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and passwor ...) NOT-FOR-US: PHPDirector CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...) NOT-FOR-US: PHPDirector CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptogra ...) - dar 2.3.3-1 (low; bug #425335) [etch] - dar (Minor issue) [sarge] - dar (Minor issue) CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users t ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier a ...) NOT-FOR-US: Buddy Zone CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to obta ...) NOT-FOR-US: Ripe Website Manager CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website Man ...) NOT-FOR-US: Ripe Website Manager CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...) NOT-FOR-US: XCMS CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 all ...) NOT-FOR-US: sPHPell CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 a ...) NOT-FOR-US: ArcadeBuilder Game Portal Manager CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...) NOT-FOR-US: Easybe CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0. ...) NOT-FOR-US: phpEventCalendar CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...) NOT-FOR-US: HispaH YouTube Clone Script CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...) NOT-FOR-US: Claroline CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Go ...) NOT-FOR-US: Gorki Online Santrac Sitesi CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 a ...) NOT-FOR-US: TotalCalendar CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows re ...) NOT-FOR-US: Apple Safari CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kerne ...) {DSA-1356-1} - linux-2.6 2.6.22-1 NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3 NOTE: in Linus' tree. CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...) NOT-FOR-US: Lhaca CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (bug #438873; low) - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-32 CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 F ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exe ...) NOT-FOR-US: Symantec CVE-2007-3508 - glibc 2.6-2 (unimportant; bug #431858) NOTE: Not security-relevant CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...) - flac123 0.0.11-1 (low; bug #432008) [etch] - flac123 (Minor issue) CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...) - freetype 2.3.4 (bug #432013) [sarge] - freetype (Vulnerable code introduced in 2.3.x) [etch] - freetype (Vulnerable code introduced in 2.3.x) [lenny] - freetype (Vulnerable code introduced in 2.3.x) CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 al ...) NOT-FOR-US: QuickTalk forum CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun Jav ...) - sun-java5 NOTE: Sun Alert ID 102957 says issue is Windows only CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML ...) [etch] - sun-java5 1.5.0-14-1etch1 - sun-java5 1.5.0-12-1 [etch] - sun-java6 (non-free) - sun-java6 6-01-1 (bug #432006) - openjdk-6 6b08-1 (bug #566766) CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration syste ...) NOT-FOR-US: Kaspersky Anti-Spam CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...) NOT-FOR-US: DirectAdmin CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a modifie ...) NOT-FOR-US: Xeweb XEForum CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as eviden ...) NOT-FOR-US: SlackRoll CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php ...) NOT-FOR-US: HTML Purifier CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD ...) NOT-FOR-US: SAP Web Dynpro Java CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP Interne ...) NOT-FOR-US: SAP Internet Communication Framework CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges w ...) NOT-FOR-US: Papoo CMS CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTA ...) NOT-FOR-US: NCTAudioStudio CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a denia ...) NOT-FOR-US: Conti FtpServer CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0 ...) NOT-FOR-US: Progress Software OpenEdge CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote at ...) NOT-FOR-US: Microsoft Excel 2003 SP2 CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in th ...) NOT-FOR-US: Check Point VPN-1 Edge X CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony Netwo ...) NOT-FOR-US: Sony Network Camera SNC-P5 1.0 CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0 ...) NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine al ...) NOT-FOR-US: AltaVista CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server a ...) NOT-FOR-US: Yandex.Server CVE-2007-3484 NOT-FOR-US: Google Custom Search Engine CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows re ...) NOT-FOR-US: Apple Safari CVE-2007-3481 NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...) NOT-FOR-US: PCSoft WinDEV CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows us ...) NOT-FOR-US: PCSoft WinDEV CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in th ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: this is a crash, and does not seem to be attacker controlled. CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) - libwmf (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) NOTE: CPU consumption DoS CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) - libwmf (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable. CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted rem ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: out-of-band memory read, does not appear attacker controlled. CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD Graph ...) NOTE: appears to be prophylactic dup of CVE-2007-3476. CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) befor ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: this is only a NULL deref crash (same as CVE-2007-3472) CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...) - libgd2 2.0.35.dfsg-1 (unimportant) NOTE: this is only a NULL deref crash. CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) Sess ...) NOT-FOR-US: Sun Solaris dtsession CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun ...) NOT-FOR-US: Sun Solaris CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...) NOT-FOR-US: Sun Solaris CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attac ...) {DSA-1332-1} - vlc 0.8.6.c.debian-1 (bug #429726) CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN V ...) {DSA-1332-1} - vlc 0.8.6.c-1 (bug #429726) CVE-2007-3466 RESERVED CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...) NOT-FOR-US: Check Point SofaWare Safe CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...) NOT-FOR-US: Check Point SofaWare Safe CVE-2007-3463 NOT-FOR-US: Microsoft Windows XP SP2 CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point SofaWar ...) NOT-FOR-US: Check Point SofaWare Safe CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...) NOT-FOR-US: elkagroup Image Gallery CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in EV ...) NOT-FOR-US: EVA-Web CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vect ...) NOT-FOR-US: Civitech Avax Vector CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...) NOT-FOR-US: Sun Solaris libsldap CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...) - flashplugin-nonfree 9.0.48.0.1 [sarge] - flashplugin-nonfree (non-free not supported) [etch] - flashplugin-nonfree (non-free not supported) CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allo ...) - flashplugin-nonfree 9.0.48.0.1 [sarge] - flashplugin-nonfree (non-free not supported) [etch] - flashplugin-nonfree (non-free not supported) CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corpora ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Tre ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...) NOT-FOR-US: Papoo CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...) NOT-FOR-US: eDocStore CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...) NOT-FOR-US: 6ALBlog CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...) NOT-FOR-US: 6ALBlog CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...) NOT-FOR-US: 6ALBlog CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopp ...) NOT-FOR-US: BugMall Shopping Cart CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier a ...) NOT-FOR-US: BugMall Shopping Cart CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" an ...) NOT-FOR-US: BugMall Shopping Cart CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mo ...) NOT-FOR-US: SJphone CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows r ...) NOT-FOR-US: BlackBerry 7270 CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...) NOT-FOR-US: BlackBerry 7270 CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...) NOT-FOR-US: BlackBerry 7270 CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with firmwar ...) NOT-FOR-US: Aastra 9112i SIP Phone CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC Clie ...) NOT-FOR-US: Nortel PC Client SIP Soft Phone CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...) NOT-FOR-US: AOL Instant Messenger CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to c ...) NOT-FOR-US: Microsoft CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain Acti ...) NOT-FOR-US: BarCodeAx.dll CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...) NOT-FOR-US: Pharmacy System CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...) NOT-FOR-US: Pharmacy System CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...) NOT-FOR-US: Pluxml CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...) NOT-FOR-US: Dagger CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...) NOT-FOR-US: Simple Invoices CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...) NOT-FOR-US: e107 CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...) NOT-FOR-US: phpTrafficA CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earl ...) NOT-FOR-US: phpTrafficA CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1 ...) NOT-FOR-US: phpTrafficA CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 an ...) NOT-FOR-US: phpTrafficA CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.or ...) NOT-FOR-US: WebAPP CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...) NOT-FOR-US: WebAPP CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP b ...) NOT-FOR-US: WebAPP CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...) NOT-FOR-US: WebAPP CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in c ...) NOT-FOR-US: WebAPP CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org We ...) NOT-FOR-US: WebAPP CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-ap ...) NOT-FOR-US: WebAPP CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib ...) NOT-FOR-US: WebAPP CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: WebAPP CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...) NOT-FOR-US: phpRaider CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...) NOT-FOR-US: access2asp CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.5 ...) NOT-FOR-US: bosDataGrid CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGal ...) NOT-FOR-US: ClickGallery Server CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server 5 ...) NOT-FOR-US: ClickGallery Server CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue ...) - helix-player (Debian versions of Helix player not affected according to maintainer) CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...) {DSA-1515-1} - libnet-dns-perl 0.60-1 (low) CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspe ...) - dia (Windows packaging with bundled FreeType libs) CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ob ...) NOT-FOR-US: Simple HTTPD CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...) NOT-FOR-US: Lebisoft zdefter CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3. ...) NOT-FOR-US: SiteDepth CMS CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...) NOT-FOR-US: dreamLog CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows remot ...) NOT-FOR-US: pagetool CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...) NOT-FOR-US: B1GBB CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as d ...) NOT-FOR-US: NCTAudioEditor2 ActiveX control CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power Phlog ...) NOT-FOR-US: Power Phlogger CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service (hang ...) NOT-FOR-US: LiveWEB CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before 6.0 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...) NOT-FOR-US: KeyFocus CVE-2007-3395 REJECTED CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote a ...) NOT-FOR-US: eNdonesia CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdata ...) {DSA-1426-1} - qt-x11-free 3:3.3.7-6 - qt4-x11 (This problem is not present in any version of Qt 4) NOTE: http://web.archive.org/web/20080206133848/http://trolltech.com:80/company/newsroom/announcements/press.2007-07-27.7503755960 CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in x ...) {DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1} - poppler 0.5.4-6.1 (bug #435460) - gpdf - xpdf 3.02-1.1 (bug #435462) - kdegraphics 4:3.5.7-3 - koffice 1:1.6.3-2 - pdftohtml [etch] - pdftohtml 0.36-13etch1 - tetex-bin 3.0-12 NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed - cupsys (unimportant; bug #436099) - cups (unimportant; bug #436099) NOTE: cups uses xpdf-utils - pdfkit.framework 0.8-4 NOTE: links to poppler since 0.8-4, thus marking as fixed - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - ipe (Does not include the vulnerable code) - swftools 0.9.2+ds1-2 CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet f ...) {DSA-1447-1} - tomcat5.5 5.5.25-1 CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) {DSA-1453-1 DSA-1447-1} - tomcat5.5 5.5.25-1 - tomcat5 CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servle ...) NOT-FOR-US: tomcat 3.3 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the exa ...) - tomcat4 (low) [sarge] - tomcat4 (Contrib not supported) NOTE: affects example app in tomcat4-webapps CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) {DSA-1453-1 DSA-1447-1} - tomcat5.5 5.5.25-1 - tomcat5 CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x b ...) - gdm 2.18.4-1 (low) [sarge] - gdm (Minor issue) [etch] - gdm (Minor issue) CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ke ...) - linux-2.6 2.6.23-1 [etch] - linux-2.6 (Vulnerable code not present) CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (R ...) - linux-2.6 (Red Hat-specific vulnerability) CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...) - php4 (unimportant) - php5 5.2.4-1 (unimportant) CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predic ...) {DSA-1515-1} - libnet-dns-perl 0.60-1 (low) CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-as ...) NOT-FOR-US: Apple Safari CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows ...) NOT-FOR-US: Lhaca CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluste ...) - redhat-cluster (Just relevant in newer versions, we don't ship this file) CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...) - redhat-cluster (Just relevant in newer versions, we don't ship this file) CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...) - wireshark 0.99.6pre1-1 [etch] - wireshark (Only affected 0.99.5) - ethereal (Vulnerable code not present) CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain sys ...) {DSA-1322-1} - wireshark 0.99.6pre1-1 - ethereal (Vulnerable code not present) CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service ...) - wireshark 0.99.6pre1-1 [etch] - wireshark (Only affected 0.99.5) - ethereal (Vulnerable code not present) CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...) {DSA-1322-1} - wireshark 0.99.6pre1-1 - ethereal (Vulnerable code not present) CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99. ...) {DSA-1322-1} - wireshark 0.99.6pre1-1 - ethereal (Vulnerable code not present) CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a de ...) {DSA-1690-1} - avahi 0.6.20-2 (low) [etch] - avahi (Minor issue, only affects local users) CVE-2007-3371 (PHP remote file inclusion vulnerability in plugins/widgets/htmledit/ht ...) NOT-FOR-US: Powl CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.0 ...) NOT-FOR-US: Sun Board CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootRO ...) NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SI ...) NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...) NOT-FOR-US: cPanel CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwr ...) NOT-FOR-US: cPanel CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase characte ...) NOT-FOR-US: MyServer CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sam ...) NOT-FOR-US: MyServer CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 al ...) NOT-FOR-US: AGEphone CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC Hy ...) NOT-FOR-US: AGEphone CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remot ...) NOT-FOR-US: Nortel PC Client SIP Soft Phone CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitr ...) - ircii-pana (medium; bug #432120) NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120 CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...) NOT-FOR-US: SerWeb CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in SerWe ...) NOT-FOR-US: SerWeb CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain sensi ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2007-3353 NOT-FOR-US: MyEvent CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in Stephe ...) NOT-FOR-US: Stephen Ostermiller Contact Form CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...) NOT-FOR-US: SJPhone SIP CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...) NOT-FOR-US: AIM CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1 ...) NOT-FOR-US: Aastra 9112i SIP Phone CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a de ...) NOT-FOR-US: D-Link DPH-540/DPH-541 phone CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are ...) NOT-FOR-US: D-Link DPH-540/DPH-541 phone CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 allo ...) NOT-FOR-US: PHPAccounts CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...) NOT-FOR-US: PHPAccounts CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01 ...) NOT-FOR-US: netjukebox CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...) NOT-FOR-US: RaidenHTTPD CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (M ...) NOT-FOR-US: Movable Type CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft Inter ...) NOT-FOR-US: Microsoft CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ca ...) NOT-FOR-US: HTTP Server 1.6.2 CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in forum/include/e ...) NOT-FOR-US: ColdFusion CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 9 ...) NOT-FOR-US: Ingres CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...) NOT-FOR-US: Ingres CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server ...) NOT-FOR-US: Ingres CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho C ...) NOT-FOR-US: PHPEcho CMS CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...) NOT-FOR-US: Ingres CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 al ...) NOT-FOR-US: IBM AIX CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for P ...) NOT-FOR-US: Satel Lite for PhpNuke CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...) NOT-FOR-US: STphp EasyNews PRO CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 all ...) NOT-FOR-US: STphp EasyNews PRO CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) get_inter_ ...) NOT-FOR-US: Xvid CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 be ...) NOT-FOR-US: Interact CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sens ...) NOT-FOR-US: HTTP Server 1.6.2 CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...) NOT-FOR-US: vBulletin CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN Man ...) NOT-FOR-US: LAN Management System CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7 ...) NOT-FOR-US: Comersus Cart CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in Comer ...) NOT-FOR-US: Comersus Shop Cart CVE-2007-4168 REJECTED CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...) NOT-FOR-US: Avaya IP Phone CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access C ...) NOT-FOR-US: Avaya one-X Desktop Edition CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...) NOT-FOR-US: Avaya one-X Desktop Edition CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC Medi ...) {DSA-1332-1} - vlc 0.8.6.c-1 (medium; bug #429726) CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...) NOT-FOR-US: YourFreeScreamer CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant Salamande ...) NOT-FOR-US: Altap Servant Salamander CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...) NOT-FOR-US: Jasmine CMS CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in Jasmi ...) NOT-FOR-US: Jasmine CMS CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and earl ...) NOT-FOR-US: Articles CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...) NOT-FOR-US: TDizin CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...) NOT-FOR-US: Simple Machines Forum CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ins ...) NOT-FOR-US: Simple Machines Forum CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1. ...) NOT-FOR-US: Solar Empire CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...) NOT-FOR-US: MiniBill CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1 ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, al ...) - apache (low) - apache2 2.2.4-2 (low) [etch] - apache2 2.2.3-4+etch2 [sarge] - apache2 2.0.54-5sarge2 (low) [etch] - apache 1.3.34-4.1+etch1 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...) - apache2 (unimportant) NOTE: If you can execute arbitrary code, a DoS is not a problem. CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3. ...) NOT-FOR-US: CA CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in Fu ...) NOT-FOR-US: FuseTalk CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) NOT-FOR-US: F-Secure CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...) - awffull 3.7.4final-1 (unimportant) NOTE: awffull (a webalizer fork) does not have any cookie based authentication NOTE: or other sensitive data that could be leaked through this CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote attacke ...) NOT-FOR-US: Spey CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...) NOT-FOR-US: Musoo CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbo ...) NOT-FOR-US: Web Thunderbolt CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) NOT-FOR-US: YaBB CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension fo ...) - php5 (unimportant) NOTE: Only exploitable by malicious script CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlie ...) NOT-FOR-US: LiveCMS CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allo ...) NOT-FOR-US: LiveCMS CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier al ...) NOT-FOR-US: LiveCMS CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ob ...) NOT-FOR-US: LiveCMS CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...) NOT-FOR-US: WiwiMod for XOOPS CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automa ...) NOT-FOR-US: skeltoac stats plugin for WordPress CVE-2007-3287 RESERVED CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM objec ...) NOT-FOR-US: Avaya IP Softphone CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote att ...) - iceweasel (Affects only Firefox in Windows) NOTE: MFSA2007-22 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...) NOT-FOR-US: Apple Safari CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root i ...) - xscreensaver (Not a security issue: works as documented) CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX o ...) NOT-FOR-US: Microsoft Office CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting B ...) NOT-FOR-US: Php Hosting Biller CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements functi ...) - postgresql-8.1 (Neither PL/pgsql nor dblink are enabled by default) - postgresql-8.2 (Neither PL/pgsql nor dblink are enabled by default) CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql ...) - postgresql-8.1 (Neither PL/pgsql nor dblink are enabled by default) - postgresql-8.2 (Neither PL/pgsql nor dblink are enabled by default) CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust authentic ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.1 (local trust authentication is not enabled in Debian) - postgresql-8.2 (local trust authentication is not enabled in Debian) CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for WI ...) NOT-FOR-US: localization module for WIKINDX CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ( ...) NOT-FOR-US: Site CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active Director ...) NOT-FOR-US: MailWasher Server CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...) NOT-FOR-US: Apple Safari CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...) NOT-FOR-US: FuseTalk CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...) NOT-FOR-US: MiniBB CVE-2007-3271 (PHP remote file inclusion vulnerability in templates/2blue/bodyTemplat ...) NOT-FOR-US: YourFreeScreamer CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...) NOT-FOR-US: phpMyInventory CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...) NOT-FOR-US: Papoo Light CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS Depl ...) NOT-FOR-US: IBM Tivoli Provisioning Manager CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) NOT-FOR-US: Fuzzylime Forum CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows r ...) NOT-FOR-US: WEBIF CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in I ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM We ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM We ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...) NOT-FOR-US: dKret CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...) NOT-FOR-US: HP System Management Homepage CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive in ...) NOT-FOR-US: Calendarix CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to obt ...) NOT-FOR-US: Calendarix CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...) {DSA-1325-1 DSA-1321-1} - evolution 2.12.0-1 - evolution-data-server 1.10.2-2 (bug #429876) [sarge] - evolution-data-server (Vulnerable code present in a different source package) CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and p ...) NOT-FOR-US: Xythos Enterprise Document Manager CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos E ...) NOT-FOR-US: Xythos Enterprise Document Manager CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterpri ...) NOT-FOR-US: Xythos Enterprise Document Manager CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...) NOT-FOR-US: Astaro Security Gateway CVE-2007-3252 (PortalApp stores sensitive information under the web root with insuffi ...) NOT-FOR-US: PortalApp CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...) NOT-FOR-US: e-Vision CMS CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before 200 ...) NOT-FOR-US: Elxis CMS CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...) NOT-FOR-US: Letterman Subscriber CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...) NOT-FOR-US: Sun Solaris CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...) NOT-FOR-US: VirtueMart CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...) NOT-FOR-US: IRC Services CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote atta ...) NOT-FOR-US: IRC Services CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...) NOT-FOR-US: bbPress CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0. ...) NOT-FOR-US: bbPress CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9. ...) NOT-FOR-US: WebAPP CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the cordob ...) NOT-FOR-US: cordobo-green-park theme for WordPress CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Li ...) NOT-FOR-US: Vistered-Little theme for WordPress CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the Andy ...) NOT-FOR-US: AndyBlue theme for WordPress CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the defau ...) {DSA-1502-1} - wordpress 2.2.2-1 (low) CVE-2007-3237 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...) NOT-FOR-US: XOOPS CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...) NOT-FOR-US: XOOPS CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) NOT-FOR-US: Fuzzylime Forum CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows r ...) NOT-FOR-US: Fuzzylime Forum CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 all ...) NOT-FOR-US: TEC-IT CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password fo ...) NOT-FOR-US: IBM CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack vec ...) - mecab 0.95-1.1 (bug #429174; low) [etch] - mecab (Minor issue) [sarge] - mecab (Minor issue) CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer P ...) NOT-FOR-US: PHP::HTML CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain sensi ...) NOT-FOR-US: Singapore Gallery CVE-2007-3228 (PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/ ...) NOT-FOR-US: Sitellite CMS CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...) - rails 1.2.5-1 (bug #429177) CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...) NOT-FOR-US: dotProject CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...) NOT-FOR-US: Sun Java System Directory Server CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server (sla ...) NOT-FOR-US: Sun Java System Directory Server CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before 2 ...) NOT-FOR-US: Sun Solaris CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...) NOT-FOR-US: XOOPS CVE-2007-3221 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...) NOT-FOR-US: XOOPS CVE-2007-3220 (PHP remote file inclusion vulnerability in admin/editor2/spaw_control. ...) NOT-FOR-US: XOOPS CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in Invis ...) NOT-FOR-US: Invision Power Board (IPB) CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3 ...) NOT-FOR-US: PHP Live! CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...) NOT-FOR-US: Prototype of an PHP application CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer As ...) NOT-FOR-US: CA BrightStor products CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote attacker ...) {DSA-1315-1} - libphp-phpmailer 1.73-4 (high; bug #429179) - flyspray 0.9.8-12 (bug #429191; bug #429195) [etch] - flyspray (Vulnerable code not) [sarge] - flyspray (Vulnerable code not included) - moodle 1.8.2-2 (bug #429190) - owl-dms 0.94-2 (bug #429197) - knowledgeroot 0.9.8.2-2 (bug #429196) [etch] - knowledgeroot (Vulnerable code not used) [etch] - owl-dms (Vulnerable code not used) - ipplan 4.85-2 (bug #429193) - glpi 0.68.3.2-1 (bug #429192) [etch] - glpi (Vulnerable code not used) - wordpress 2.2.1-1 (bug #429194) [etch] - wordpress (Vulnerable code not present) - mahara 1.0.5-2 (bug #504253) [lenny] - mahara 1.0.4-3 [etch] - phpgroupware (bug #504255; Vulnerable code not used) - phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255) - egroupware (bug #504283; Vulnerable code not used) CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earl ...) NOT-FOR-US: e-Vision CMS CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...) NOT-FOR-US: Sporum Forum CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in Be ...) NOT-FOR-US: Beehive Forum CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain Technolo ...) NOT-FOR-US: Domain Technologie Control (DTC) CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Obj ...) NOT-FOR-US: Cellosoft Tokens Object CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...) - mail-notification 4.0.dfsg.1-2 (low; bug #428157) [sarge] - mail-notification (Only affects 3.x and 4.x) [etch] - mail-notification (Minor issue, needs proper documentation in errata) CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...) NOT-FOR-US: YaBB CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6 ...) NOT-FOR-US: Novell NetWare CVE-2007-3206 RESERVED CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, ...) - php4 (unimportant) - php5 (unimportant) NOTE: That's by design CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network Manage ...) NOTE: This is an jffnms ID, which has been wrongly reported by an external party, NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192 CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602P ...) NOT-FOR-US: 602Pro LAN SUITE CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in We ...) NOT-FOR-US: Webwiz CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...) NOT-FOR-US: Windows Privacy Tray (WinPT) CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ear ...) NOT-FOR-US: Novell CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form 3. ...) NOT-FOR-US: Link Request Contact Form CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...) NOT-FOR-US: Maran PHP Blog CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1 ...) NOT-FOR-US: vBulletin CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated Ti ...) NOT-FOR-US: VBulletin CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1. ...) NOT-FOR-US: ERFAN WIKI CVE-2007-3194 NOT-FOR-US: myBloggie CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configurati ...) {DSA-1371-1} - phpwiki 1.3.12p3-6.1 (low; bug #429201) CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8 ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 (medium) NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include NOTE: a note about the CVE id. CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote at ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun Net ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun N ...) {DSA-1374-1} - jffnms 0.8.3dfsg.1-4 CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...) NOT-FOR-US: Fullaspsite GeometriX Download Portal CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...) NOT-FOR-US: Apple CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...) NOT-FOR-US: Apple CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote attacker ...) NOT-FOR-US: Apple CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, all ...) NOT-FOR-US: Cisco CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, whe ...) NOT-FOR-US: Calendarix CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7. ...) NOT-FOR-US: Calendarix CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (medium) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 (medium) NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code NOTE: in the pool to check and since this version is in testing and unstable... CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...) NOT-FOR-US: HP CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle Blo ...) NOT-FOR-US: Particle Blogger CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1 ...) NOT-FOR-US: Sistemi CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to b ...) NOT-FOR-US: Ingate Firewall / SIParator CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before 4.5. ...) NOT-FOR-US: Ingate Firewall / SIParator CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow rem ...) NOT-FOR-US: W2B Online Banking CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Ban ...) NOT-FOR-US: W2B Online Banking CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an ...) NOT-FOR-US: Almnzm CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau W ...) NOT-FOR-US: UebiMiau CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: UebiMiau CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmai ...) NOT-FOR-US: Uebimiau CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office Viewe ...) NOT-FOR-US: EDraw Office Viewer Component CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component (edrawo ...) NOT-FOR-US: EDraw Office Viewer Component CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...) NOT-FOR-US: Vivotek CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remot ...) NOT-FOR-US: Qualcomm Eudora CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is ...) - tor 0.1.2.14-1 (medium) CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentic ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico Cal ...) - moin 1.5.8-4.1 (unimportant; bug #429205) - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204) - karrigell (unimportant; bug #429207) NOTE: This is only exploitable on NTFS filesystems NOTE: Given the state of Linux' NTFS support it seems highly unlikely NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based NOTE: web server with NTFS CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX contro ...) NOT-FOR-US: Internet Download Accelerator CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote F ...) NOT-FOR-US: Ace-FTP Client CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP Rea ...) NOT-FOR-US: PHP Real Estate Classifieds Premium Plus CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...) NOT-FOR-US: MiniWeb CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to r ...) NOT-FOR-US: ASP Folder Gallery CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12 ...) NOT-FOR-US: SafeNET CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi i ...) - webmin CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown i ...) - egroupware 1.2.107-2.dfsg-1 (bug #429208) CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltip ...) NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware NOTE: of any security problem, see #429215, #429209, #429214, #429213 CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other tha ...) NOT-FOR-US: c-ares CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number gene ...) NOT-FOR-US: c-ares CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper 7 ...) NOT-FOR-US: Packeteer PacketShaper CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute arbitr ...) NOT-FOR-US: Google Desktop CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...) - sudo (Not linked with krb5) CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr. ...) NOT-FOR-US: Yahoo! Webcam Viewer CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl. ...) NOT-FOR-US: Yahoo! Webcam Upload CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...) NOT-FOR-US: Zen Help Desk CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote attacker ...) - galeon (unimportant; bug #429216) NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date NOTE: phishing protections anyway CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote attack ...) NOTE: Minor issue, exact details unknown to upstream CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote attac ...) - kdebase 4:3.5.7-3 (low) [sarge] - kdebase (Minor issue) [etch] - kdebase (Minor issue) NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3 CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...) NOT-FOR-US: Opera CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...) NOT-FOR-US: phpWebThings CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...) - wordpress 2.2.1-1 (bug #428073) [etch] - wordpress (Doesn't affect 2.0.x branch) CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default userna ...) NOT-FOR-US: Quick.Cart CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution Quick. ...) NOT-FOR-US: Quick.Cart CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in W ...) NOT-FOR-US: WmsCMS CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in new ...) NOT-FOR-US: newsSync CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...) NOT-FOR-US: Atom Photoblog CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.p ...) NOT-FOR-US: Atom PhotoBlog CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 all ...) NOT-FOR-US: W1L3D4 CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ea ...) NOT-FOR-US: Symantec Ghost CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light B ...) NOT-FOR-US: Light Blog CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (fo ...) NOT-FOR-US: OpenWiki CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News P ...) NOT-FOR-US: Utopia News Pro CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when magic ...) NOT-FOR-US: WSPortal CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...) NOT-FOR-US: WSPortal CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a denia ...) - gimp 2.8.22-1 (unimportant; bug #885382) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=773233 NOTE: https://git.gnome.org/browse/gimp/commit/?id=46bcd82800e37b0f5aead76184430ef2fe802748 (master) NOTE: https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7 (gimp-2-8) CVE-2007-3125 REJECTED CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...) NOT-FOR-US: FreeVMS CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 a ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 all ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the z ...) - zvbi 0.2.25-1 (bug #429221; unimportant) NOTE: Only exploitable through malformed closed captions NOTE: Malicious TV networks have more subtle methods to control people... CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php i ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (a ...) NOT-FOR-US: Kartli Alisveris Sistemi CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...) NOT-FOR-US: Kravchuk letter CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...) NOT-FOR-US: ADPLAN CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...) {DSA-1319-1} - maradns 1.2.12.06-1 [sarge] - maradns (1.0.x branch not affected) CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...) {DSA-1319-1} - maradns 1.2.12.06-1 [sarge] - maradns (1.0.x branch not affected) CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...) {DSA-1319-1} - maradns 1.2.12.05-1 [sarge] - maradns (1.0.x branch not affected) CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...) {DSA-1954-1} - cacti 0.8.6j-1.1 (low; bug #429224) [sarge] - cacti (Minor issue, would only be run within authentication) [etch] - cacti (Minor issue, would only be run within authentication) CVE-2007-3112 (graph_image.php in Cacti 0.8.6i, and possibly other versions, allows r ...) {DSA-1954-1} - cacti 0.8.6j-1.1 (low; bug #429224) [sarge] - cacti (Minor issue, would only be run within authentication) [etch] - cacti (Minor issue, would only be run within authentication) CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ISSCamCont ...) NOT-FOR-US: Provideo Camimage CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...) NOT-FOR-US: Andy Frank Beatnik CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage all ...) NOT-FOR-US: Microsoft FrontPage CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9. ...) {DSA-1571-1} - openssl 0.9.8e-6 (bug #438142; low) - openssl097 (bug #438180) [sarge] - openssl (Not exploitable in a real-world scenario) [etch] - openssl097 (Not exploitable in a real-world scenario) CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including 2.6.2 ...) - linux-2.6 2.6.22-1 (unimportant) NOTE: Not reproducibly reliably by an attacker, mostly a bug NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914 NOTE: in Linus' tree. CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2. ...) {DSA-1471-1} - libvorbisidec 1.0.2+svn16259-2 (bug #669196) - libvorbis 1.2.0.dfsg-1 (medium) CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) imple ...) {DSA-1504-1 DSA-1363-1} - linux-2.6 2.6.22-4 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...) {DSA-1428-1} - linux-2.6 2.6.22-4 (low) CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux d ...) {DSA-1342-1} - xfs 1:1.0.8-2.1 (low) NOTE: i've checked 1.0.8, and this problem is no longer present CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...) - openssh (This is a redhat/fedora specific issue) NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch) NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on: NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF app ...) NOT-FOR-US: Apache MyFaces Tomahawk CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-8 ...) {DSA-1314-1} - open-iscsi 2.0.865-1 (low; bug #429225) CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...) {DSA-1314-1} - open-iscsi 2.0.865-1 (medium; bug #429225) CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc b ...) NOT-FOR-US: Castle Rock Computing SNMPc CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...) NOT-FOR-US: F5 Firepass 4100 SSL VPN CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16 ...) NOT-FOR-US: PBLang (PBL) CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...) NOT-FOR-US: Symantec Reporting Server CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris M ...) NOT-FOR-US: Solaris Management Console CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris Manageme ...) NOT-FOR-US: Solaris Management Console CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...) NOT-FOR-US: MSIE6 CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3090 REJECTED CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...) {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.5-1 (low; bug #427691) - iceape 1.1.3-1 (low) - xulrunner 1.8.1.5-1 (low) NOTE: MFSA2007-20 CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote a ...) NOT-FOR-US: Comicsense CVE-2007-3087 (Peercast places a cleartext password in a query string, which might al ...) NOT-FOR-US: PeerCast CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4. ...) NOT-FOR-US: Outpost Firewall PRO CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow rem ...) NOT-FOR-US: PBSite CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...) NOT-FOR-US: Comdev Web Blogger CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with insuff ...) NOT-FOR-US: Z-Blog CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...) NOT-FOR-US: Sendcard CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in Comd ...) NOT-FOR-US: Comdev eCommerce CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1 ...) NOT-FOR-US: Hunkaray Okul Portaly CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...) NOT-FOR-US: EQdkp CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...) NOT-FOR-US: Aigaion CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earl ...) NOT-FOR-US: EQdkp CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allo ...) NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer allow ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read fi ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1} - iceweasel 2.0.0.4-1 (low) - iceape 1.0.9-1 (low) - xulrunner 1.8.1.4-1 (low) CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earli ...) NOTE: Duplicate of CVE-2008-4067 CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...) - iceweasel (Only affects Windows versions of Firefox) CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX co ...) NOT-FOR-US: eSellerate CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...) NOT-FOR-US: BDigital Web Solutions WebStudio CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session w ...) NOT-FOR-US: Sun Solaris CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows re ...) NOT-FOR-US: DVD X Player CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key Tra ...) NOT-FOR-US: EQdkp CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2 ...) NOT-FOR-US: IBM DB2 CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...) NOT-FOR-US: Particle Gallery CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook a ...) NOT-FOR-US: My Datebook CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...) NOT-FOR-US: My Datebook CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP System Management Homepage CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web roo ...) NOT-FOR-US: Cactushop CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) NOT-FOR-US: PHP Live! CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: SendCard CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...) NOT-FOR-US: Madirish Webmail CVE-2007-3057 (PHP remote file inclusion vulnerability in include/wysiwyg/spaw_contro ...) NOT-FOR-US: XOOPS CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...) - websvn 1.61-22.3 (unimportant; bug #439337) NOTE: Websvn does not have cookie based authentication by itself. NOTE: I therefore don't think this is serious enough for a stable update. CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib Linke ...) NOT-FOR-US: Codelib Linker CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib Link ...) NOT-FOR-US: Codelib Linker CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier al ...) NOT-FOR-US: Calimero CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earl ...) NOT-FOR-US: PostNuke CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft Revok ...) NOT-FOR-US: RevokeSoft RevokeBB CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...) NOT-FOR-US: chameleon cms CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...) NOT-FOR-US: Buttercup BWFM CVE-2007-3048 - screen (not reproducible) CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...) NOT-FOR-US: Vonage CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library be ...) NOT-FOR-US: Advanced Software Production Line Vortex Library CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/ ...) NOT-FOR-US: Hitachi TP1 CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi X ...) NOT-FOR-US: Hitachi CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File Shari ...) NOT-FOR-US: Hitachi Collaboration CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows re ...) NOT-FOR-US: Meneame CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for Inter ...) NOT-FOR-US: Microsoft CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Ag ...) NOT-FOR-US: Windows CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) se ...) NOT-FOR-US: Windows CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...) NOT-FOR-US: Microsoft CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attack ...) NOT-FOR-US: Microsoft CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...) NOT-FOR-US: Windows Services for UNIX CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10 ...) NOT-FOR-US: Microsoft CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering En ...) NOT-FOR-US: Microsoft CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlin ...) NOT-FOR-US: Microsoft CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...) NOT-FOR-US: Microsoft CVE-2007-3031 REJECTED CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows u ...) NOT-FOR-US: Microsoft Excel CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 all ...) NOT-FOR-US: Microsoft Excel CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows re ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...) NOT-FOR-US: Panda CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0 ...) - clamav (Solaris-specific bug) CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 use ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not proper ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.3-1 CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...) NOT-FOR-US: Symantec CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...) NOT-FOR-US: Symantec CVE-2007-3020 RESERVED CVE-2007-3019 RESERVED CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-cr ...) NOT-FOR-US: activeWeb contentserver CMS CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.29 ...) NOT-FOR-US: activeWeb contentserver CMS CVE-2007-3016 RESERVED CVE-2007-3015 RESERVED CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb conte ...) NOT-FOR-US: activeWeb contentserver CMS CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...) NOT-FOR-US: activeWeb contentserver CMS CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch B ...) NOT-FOR-US: Fujitsu-Siemens CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens C ...) NOT-FOR-US: Fujitsu-Siemens CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterpris ...) NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...) NOT-FOR-US: Mbedthis AppWeb CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...) NOT-FOR-US: Mbedthis AppWeb CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode rest ...) - php5 5.2.3-1 (unimportant) CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted r ...) NOT-FOR-US: Acoustica MP3 CD Burner CVE-2007-3005 REJECTED CVE-2007-3004 REJECTED CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...) NOT-FOR-US: myBloggie CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive info ...) NOT-FOR-US: PHP JackKnife CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ( ...) NOT-FOR-US: PHP JackKnife CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...) NOT-FOR-US: PHP JackKnife CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect fo ...) NOT-FOR-US: Microsoft CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS f ...) NOT-FOR-US: OpenVMS CVE-2007-2997 NOT-FOR-US: SalesCart Shopping Cart CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...) NOT-FOR-US: IBM AIX CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3 ...) NOT-FOR-US: IBM AIX CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...) NOT-FOR-US: DGNews CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...) NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka O ...) NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in E ...) NOT-FOR-US: Evenzia CMS CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 a ...) NOT-FOR-US: Sun Solaris CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic e ...) NOT-FOR-US: Sun Solaris CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...) NOT-FOR-US: Inout Meta Search Engine CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...) NOT-FOR-US: Zenturi ProgramChecker CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...) NOT-FOR-US: AdminBot CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...) NOT-FOR-US: Pheap CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group CD ...) NOT-FOR-US: Media Technology Group CDPass CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business C ...) NOT-FOR-US: British Telecommunications Business Connect CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies LEAD ...) NOT-FOR-US: LeadTools CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS L ...) NOT-FOR-US: LeadTools CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive infor ...) NOT-FOR-US: Techno Dreams Web Directory / Search Engine CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows rem ...) NOT-FOR-US: eggblog CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in th ...) NOT-FOR-US: DOMjudge CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet Service ...) NOT-FOR-US: Centrinity CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier (forme ...) NOT-FOR-US: Ignite Realtime CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...) NOT-FOR-US: Avira Antivirus CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to c ...) NOT-FOR-US: Avira Antivirus CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 a ...) NOT-FOR-US: Avira Antivirus CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earl ...) NOT-FOR-US: gCards CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi i ...) NOT-FOR-US: 8e6 R3000 Internet Filter CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in WAnewslet ...) NOT-FOR-US: WAnewsletter CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...) NOT-FOR-US: cpCommerce CVE-2007-XXXX [webpy HTTP response splitting vulnerability] - webpy 0.210-1 (bug #427715; unimportant) NOTE: This is not a vulnerability, but an additional precaution function for NOTE: a development framework. If someone wants to have this updated in Etch, this NOTE: needs to go through a point update CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) NOT-FOR-US: F-Secure CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure anti-vi ...) NOT-FOR-US: F-Secure CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in multi ...) NOT-FOR-US: F-Secure CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and e ...) NOT-FOR-US: F-Secure CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...) NOT-FOR-US: Invision Power Board CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle Gal ...) NOT-FOR-US: Particle Gallery CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 allo ...) NOT-FOR-US: FileCloset CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 a ...) NOT-FOR-US: Scallywag CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before 1 ...) NOT-FOR-US: cpCommerce CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...) - sylpheed-claws 1.0.5-5.2 (low; bug #441854) [etch] - sylpheed-claws (Minor issue) [sarge] - sylpheed-claws (Minor issue) - sylpheed 2.4.5-1 (low) [etch] - sylpheed (Minor issue) [sarge] - sylpheed (Minor issue) NOTE: the cvs referenced in redhat bugzilla is not available anymore however NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...) NOT-FOR-US: McAfee on Solaris CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...) NOT-FOR-US: Qtpfsgui and pfstools CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in multi ...) NOT-FOR-US: Norton Antivirus/Internet Security/System Works CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...) NOT-FOR-US: Novell Client CVE-2007-2953 (Format string vulnerability in the helptags_one function in src/ex_cmd ...) {DSA-1364-2 DSA-1364-1} - vim 1:7.1-056+1 (low) CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka k9fil ...) NOT-FOR-US: Blue Coat K9 Web Protection CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3 ...) - kvirc 2:3.2.4-5 (bug #434419; medium) CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara ...) NOT-FOR-US: Centennial CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the p ...) {DSA-1335-1} - gimp 2.2.16-1 (medium) - ingimp 2.2.16.20070710-1 NOTE: http://secunia.com/secunia_research/2007-63/advisory CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlay ...) {DSA-1313-1} - mplayer 1.0~rc1-14 CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0 ...) NOT-FOR-US: OpenBASE Alpha CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster Dialo ...) NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) CVE-2007-2945 (RMForum stores sensitive information under the web root with insuffici ...) NOT-FOR-US: RMForum CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with insuff ...) NOT-FOR-US: WabCMS CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis ...) NOT-FOR-US: Webavis CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ear ...) NOT-FOR-US: My Little Forum CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in v ...) NOT-FOR-US: vBulletin Google Yahoo Site Map CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 B ...) NOT-FOR-US: FlaP CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...) NOT-FOR-US: Mazen's PHP Chat CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBas ...) NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...) NOT-FOR-US: TROforum CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock ...) NOT-FOR-US: Frequency Clock CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remo ...) NOT-FOR-US: Fundanemt CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered ...) NOT-FOR-US: Vistered Little CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form (com_phila ...) NOT-FOR-US: Phil-a-Form CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...) NOT-FOR-US: BoastMachine CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7. ...) NOT-FOR-US: MSN Messenger CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...) - bind (bug #442910) [etch] - bind (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing) [sarge] - bind (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing) CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...) NOT-FOR-US: IBM Lenovo Access Support CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...) NOT-FOR-US: IBM Lenovo Access Support CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter dri ...) NOT-FOR-US: Windows Atheros drivers CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...) {DSA-1341-2} - bind9 1:9.4.1-P1-1 CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ...) - bind9 1:9.4.1-P1-1 (medium) [etch] - bind9 (Only 9.4.x and 9.5.x are affected) [sarge] - bind9 (Only 9.4.x and 9.5.x are affected) CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...) NOT-FOR-US: RealNetworks GameHouse CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...) NOT-FOR-US: LocalExec ActiveX control CVE-2007-2922 RESERVED CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx Active ...) NOT-FOR-US: Corel CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX co ...) NOT-FOR-US: Zoomify Viewer CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX co ...) NOT-FOR-US: FViewerLoading CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...) NOT-FOR-US: Logitech CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...) NOT-FOR-US: Authentium CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...) NOT-FOR-US: GMTT Music Distro CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows re ...) NOT-FOR-US: RM EasyMail Plus CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0 ...) NOT-FOR-US: PsychoStats CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...) NOT-FOR-US: ClonusWiki CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unau ...) NOT-FOR-US: Jelsoft vBulletin CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...) NOT-FOR-US: Jelsoft vBulletin CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...) NOT-FOR-US: Jelsoft vBulletin CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...) NOT-FOR-US: Jelsoft vBulletin CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...) NOT-FOR-US: vBulletin CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote ...) NOT-FOR-US: SSL-Explorer CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denia ...) NOT-FOR-US: Java Embedding Plugin for Mac OS X CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...) NOT-FOR-US: 2z Project CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...) NOT-FOR-US: Sun Java System Messaging Server CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 C ...) NOT-FOR-US: Microsoft Office ActiveX control CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8 ...) NOT-FOR-US: Dokeos CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 an ...) NOT-FOR-US: Dokeos CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-0 ...) NOT-FOR-US: Scallywag CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in NavB ...) NOT-FOR-US: Navboard CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...) NOT-FOR-US: 2z Project CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote attack ...) NOT-FOR-US: Microsoft IIS CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...) NOT-FOR-US: Symantec CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...) NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...) - bochs (unimportant) CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iode ...) {DSA-1351-1} - bochs 2.3+20070705-1 (low; bug #427144) NOTE: kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730 CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...) NOT-FOR-US: ASP-Nuke CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 a ...) NOT-FOR-US: FirmWorX CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ea ...) NOT-FOR-US: cpCommerce CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 ...) NOT-FOR-US: Dokeos CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows ...) NOT-FOR-US: UltraISO CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yo ...) NOT-FOR-US: WIYS CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in Enterp ...) NOT-FOR-US: Nortel CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in ...) NOT-FOR-US: Microsoft Visual Database Tools CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allo ...) NOT-FOR-US: Microsoft Visual Basic CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier store ...) NOT-FOR-US: Credant CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 th ...) NOT-FOR-US: Sun Solaris CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support (sock ...) NOT-FOR-US: Sun Java Web Proxy Server CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 all ...) NOT-FOR-US: Digirez CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Po ...) NOT-FOR-US: GNUTurk CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run o ...) {DSA-1479-1} - linux-2.6 2.6.21-3 CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 al ...) NOTE: Not a security issue; Windows-only anyway. CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conn ...) {DSA-1356-1} - linux-2.6 2.6.21-5 (medium) CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kerne ...) {DSA-1363-1} - linux-2.6 2.6.21-5 (medium) CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in wp ...) - wpasupplicant (Fedora-only issue) CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...) - spamassassin 3.2.1-1 (low) [sarge] - spamassassin (Only obscure setups affected, only locally exploitable) [etch] - spamassassin 3.1.7-2etch1 NOTE: Minor issue fixed in etch r6 point update NOTE: Only obscure setups affected, only locally exploitable CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...) - php5 5.2.3-1 (unimportant) NOTE: Only triggerable by malicious script NOTE: Fix from 5.2.3 was ineffective CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-17 - iceweasel 2.0.0.4-1 (low) - iceape 1.1.2-1 (low) [sarge] - mozilla (Mozilla products from Sarge no longer supported) - xulrunner 1.8.1.4-1 (low) CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-16 - iceweasel 2.0.0.4-1 (medium) - iceape 1.1.2-1 (medium) [sarge] - mozilla (Mozilla products from Sarge no longer supported) - xulrunner 1.8.1.4-1 (medium) CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12 ...) {DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1} NOTE: MFSA2007-13 - iceweasel 2.0.0.4-1 - iceape 1.1.2-1 - mozilla - xulrunner 1.8.1.4-1 CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...) {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-12 - iceweasel 2.0.0.4-1 (high) - iceape 1.1.2-1 (high) [sarge] - mozilla (Mozilla products from Sarge no longer supported) - icedove 2.0.0.4-1 (low) - xulrunner 1.8.1.4-1 (high) [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5. ...) {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-12 - iceweasel 2.0.0.4-1 (high) - iceape 1.1.2-1 (high) [sarge] - mozilla (Mozilla products from Sarge no longer supported) - icedove 2.0.0.4-1 (low) - xulrunner 1.8.1.4-1 (high) [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) CVE-2007-2866 (Multiple SQL injection vulnerabilities in modules/admin/modules/galler ...) NOT-FOR-US: PHPEcho CMS CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...) {DSA-1693-1} - phppgadmin 4.1.2-1 (low; bug #427151) [sarge] - phppgadmin (Vulnerable code not present) NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content up ...) NOT-FOR-US: CA Anti-Virus CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content up ...) NOT-FOR-US: CA Anti-Virus CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...) NOT-FOR-US: CubeCart CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple Accessibl ...) NOT-FOR-US: SAXON CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated user ...) NOT-FOR-US: BoastMachine CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 al ...) NOT-FOR-US: SimpGB CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the IP-T ...) NOT-FOR-US: IP-Tracking Mod for phpBB CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Exc ...) NOT-FOR-US: ABC Excel Parser Pro CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression Ac ...) NOT-FOR-US: Dart Communications PowerTCP CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5. ...) NOT-FOR-US: Dart ZipLite CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in BtiTra ...) NOT-FOR-US: BtiTracker CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD ...) NOT-FOR-US: Virtual CD CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2 ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ( ...) NOT-FOR-US: LeadTools CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...) NOT-FOR-US: Citrix CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) befo ...) - knowledgetree (bug #432123) CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...) NOT-FOR-US: Sky Software CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...) NOT-FOR-US: HLstats CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Ma ...) NOT-FOR-US: Avast CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Ma ...) NOT-FOR-US: Avast CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...) - php5 (Multi-threaded operation not supported in Debian) - php4 (Multi-threaded operation not supported in Debian) CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attacke ...) NOT-FOR-US: Apple Safari NOTE: Does not seem to work with Konqueror. CVE-2007-2842 RESERVED CVE-2007-2841 REJECTED CVE-2007-2840 RESERVED CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files insecur ...) {DSA-1329-1} - gfax 0.6 (bug #431893; low) NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 a ...) {DSA-1327-1} - gsambad 0.1.6-2 (bug #431331) CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in fir ...) {DSA-1326-1} - fireflier 1.1.7 CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...) {DSA-1324-1} - hiki 0.8.7-1 (bug #430691; medium) [sarge] - hiki (Vulnerable code not present) CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_p ...) {DSA-1328-1} - unicon 3.0.4-12 (bug #431336) CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3 ...) {DSA-1375-1} - openoffice.org 2.2.1-9 (medium) [sarge] - openoffice.org 1.1.3-9sarge8 CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ( ...) {DSA-1316-1} - emacs21 21.4a+1-5.1 (bug #408929; low) - emacs-snapshot NOTE: The bug is not present in emacs22 22.2+1-1. It was probably NOTE: fixed before the first emacs22 upload. CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application firewa ...) NOT-FOR-US: Cisco CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee ...) - madwifi 1:0.9.3-2 (high; bug #425738) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch1 CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 a ...) - madwifi 1:0.9.3-2 (medium; bug #425738) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch1 CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi befo ...) - madwifi 1:0.9.3-2 (medium; bug #425738) [etch] - madwifi 1:0.9.2+r1842.20061207-2etch1 CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php ...) NOT-FOR-US: AdSense-Deluxe CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...) NOT-FOR-US: LeadTools CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in Madi ...) NOT-FOR-US: Madirish Webmail CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in ...) NOT-FOR-US: @Mail CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...) NOT-FOR-US: AlstraSoft E-Friends CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...) NOT-FOR-US: HT Editor CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...) NOT-FOR-US: TutorialCMS CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...) {DSA-1502-1} - wordpress 2.2-1 (high) NOTE: seems present in etch even though admin-ajax.php was not shipped yet CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX C ...) NOT-FOR-US: KSign CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3. ...) NOT-FOR-US: Track+ CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSof ...) NOT-FOR-US: Parodia CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 al ...) NOT-FOR-US: ol'bookmarks CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7 ...) NOT-FOR-US: ol'bookmarks CVE-2007-2815 (The "hit-highlighting" functionality in webhits.dll in Microsoft Inter ...) NOT-FOR-US: Microsoft IIS CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX co ...) NOT-FOR-US: Pegasus ImagN' CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL sup ...) NOT-FOR-US: Cisco CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...) NOT-FOR-US: HLstats CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and ...) NOT-FOR-US: OSK Advance-Flow CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal ...) NOT-FOR-US: Gazi Download Portal CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for Windo ...) NOT-FOR-US: Opera CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4. ...) {DSA-1486-1} - gnatsweb 4.00-1.1 (low; bug #427156) CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1. ...) {DSA-1826-1 DSA-1448-1} - eggdrop 1.6.18-1.1 (medium; bug #427157) CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ga ...) NOT-FOR-US: GaliX CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...) NOT-FOR-US: ClientExec CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodLis ...) NOT-FOR-US: CandyPress Store CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Site ...) NOT-FOR-US: Vizayn Urun Tanitim Sitesi CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in ...) NOT-FOR-US: RM EasyMail Plus CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTi ...) NOT-FOR-US: eTicket CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ob ...) NOT-FOR-US: eTicket CVE-2007-2799 (Integer overflow in the "file" program 4.20, when running on 32-bit sy ...) {DSA-1343-2 DSA-1343-1} - file 4.21-1 (medium; bug #428293) CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...) {DSA-1323-1} - krb5 1.6.dfsg.1-5 (high; bug #430785) CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7] - mantis 1.0.7+dfsg-1 [sarge] - mantis 0.19.2-5sarge5 NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities" CVE-2007-XXXX [NTFS driver for FUSE unspecified issue] - ntfs-3g 1:1.516-1 NOTE: local root exploit CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...) - xterm (Debian uses safe compile-time settings) CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Arris Cadant CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remot ...) NOT-FOR-US: Ipswitch IMail CVE-2007-2794 RESERVED CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in Gee ...) NOT-FOR-US: Geeklog CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component (a ...) NOT-FOR-US: com_yanc for Mambo NOTE: com_yanc component not in Mambo Debian package CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5 ...) NOT-FOR-US: HP Tru64 CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11 ...) - sun-java5 1.5.0-11-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-01-1 (bug #422403) - openjdk-6 6b08-1 (bug #566766) CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...) - sun-java5 1.5.0-11-1 (medium) [etch] - sun-java5 1.5.0-14-1etch1 - sun-java6 6-01-1 (bug #422403) - openjdk-6 6b08-1 (bug #566766) CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) lttmb ...) NOT-FOR-US: LeadTools Raster Thumbnail Object Library CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote at ...) NOT-FOR-US: ircd-ratbox CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to crea ...) NOT-FOR-US: eSyndiCat Pro CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1. ...) NOT-FOR-US: Globus Toolkit CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 an ...) NOT-FOR-US: Rational Soft Hidden Administrator CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence n ...) NOT-FOR-US: Packeteer PacketShaper CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in include/sessionRegister.ph ...) NOT-FOR-US: WikyBlog CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensi ...) NOT-FOR-US: PsychoStats CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in Libstat ...) NOT-FOR-US: Libstats CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allo ...) NOT-FOR-US: MolyX BOARD CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in A ...) NOT-FOR-US: AlstraSoft Template Seller Pro CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to th ...) NOT-FOR-US: AlstraSoft Template Seller Pro CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but d ...) NOT-FOR-US: AlstraSoft Live Support CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...) NOT-FOR-US: SunLight CMS CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...) NOT-FOR-US: Zomplog CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and r ...) NOT-FOR-US: CA BrightStor Backup CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 20 ...) NOT-FOR-US: LeadTools JPEG 2000 CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...) NOT-FOR-US: Eudora CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...) NOT-FOR-US: OPeNDAP CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...) - openssh (bug #436571; unimportant) [etch] - openssh (Minor issue) [sarge] - openssh (Minor issue) NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279 CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) be ...) NOT-FOR-US: OPeNDAP CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQ ...) - backup-manager 0.7.6-1 (low) [sarge] - backup-manager (Minor issue) [etch] - backup-manager 0.7.5-5 CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemo ...) NOT-FOR-US: BlockHosts CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches bef ...) NOT-FOR-US: Sun-Brocade SilkWorm CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules subsy ...) NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast (b ...) NOT-FOR-US: Build it Fast CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allo ...) NOT-FOR-US: MagicISO CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 d ...) NOT-FOR-US: Adempiere CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the V ...) NOT-FOR-US: Adempiere CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted rem ...) NOT-FOR-US: WinImage CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 al ...) NOT-FOR-US: Redoable CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted attack ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low) [etch] - libgd (Minor issue) [sarge] - libgd (Minor issue) [etch] - libgd2 (Minor issue) [sarge] - libgd2 (Minor issue) NOTE: https://web.archive.org/web/20090212193455/http://bugs.libgd.org/?do=details&task_id=86 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll ...) NOT-FOR-US: PrecisionID CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and e ...) {DSA-1334-1 DSA-1302-1} - freetype 2.2.1-6 (bug #425625) [sarge] - freetype 2.1.7-8 CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the we ...) NOT-FOR-US: RunawaySoft CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...) NOT-FOR-US: RunawaySoft CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 a ...) NOT-FOR-US: PHPGlossar CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and earli ...) NOT-FOR-US: SimpNews CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and e ...) NOT-FOR-US: FAQEngine CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows context-depe ...) - php4 (Debian shipped the correct fix from the beginning) - php5 (Debian shipped the correct fix from the beginning) CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...) NOT-FOR-US: rdiffWeb CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...) NOT-FOR-US: Plain Black WebGUI CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webma ...) NOT-FOR-US: vDesk Webmail CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX con ...) NOT-FOR-US: PrecisionID CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in GlossWor ...) NOT-FOR-US: GlossWord CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 B ...) NOT-FOR-US: w2box CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows re ...) - lcms 1.15-1 (medium) CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...) - php-xajax 0.2.5-1 (bug #426103; unimportant) NOTE: This issue was created because of an upstream changelog entry, which however NOTE: was meant for the XSS, which is the general issue. CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...) {DSA-1692-1} - php-xajax 0.2.5-1 (bug #426103; low) CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...) NOT-FOR-US: Glossaire for Xoops CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 modul ...) NOT-FOR-US: MyConference for Xoops CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...) NOT-FOR-US: Achievo CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 an ...) NOT-FOR-US: ResManager for Xoops CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width an ...) NOT-FOR-US: 3Com TippingPoint IPS CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote aut ...) NOT-FOR-US: Jetbox CMS CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...) NOT-FOR-US: Jetbox CMS CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might a ...) NOT-FOR-US: Jetbox CMS CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test fo ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...) NOT-FOR-US: Comodo Personal Firewall CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...) - php5 5.2.3-1 (low) [etch] - php5 (Version from 5.2.0 correctly uses rand()) - php4 (no soap functions in php4) CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4 ...) [etch] - php5 (Version from 5.2.0 correctly uses rand()) - php5 5.2.2-1 (low) NOTE: Code not present in PHP 4. CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: BitsCast CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...) NOT-FOR-US: DeWizardX CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...) NOT-FOR-US: fotolog CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...) NOT-FOR-US: guliverkli Media Player Classic CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers t ...) NOT-FOR-US: NewzCrawler CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG- ...) {DSA-2036-1} - jasper 1.900.1-6 (medium; bug #413033; bug #528543) NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543 - ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188) - gs-gpl (medium; bug #561717) NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...) NOT-FOR-US: Group-Office CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in Stal ...) NOT-FOR-US: Stalker CommuniGate Pro CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...) NOT-FOR-US: iGeneric (iG) Shop CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c an ...) NOT-FOR-US: EQdkp CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to cha ...) NOT-FOR-US: Snaps! Gallery CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet bef ...) - wordpress 2.2-1 NOTE: See http://plugins.trac.wordpress.org/changeset/12812/akismet/trunk/akismet.php CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...) NOT-FOR-US: iFdate CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ha ...) NOT-FOR-US: MH Software Connect Daily Web Calendar CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remot ...) NOT-FOR-US: TinyIdentD CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...) NOT-FOR-US: NagiosQL CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...) NOT-FOR-US: NagiosQL CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt Com ...) NOT-FOR-US: News-Script CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php i ...) NOT-FOR-US: Linksnet Newsfeed CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...) NOT-FOR-US: Geeklog CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA WebL ...) NOT-FOR-US: BEA WebLogic Integration CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...) NOT-FOR-US: BEA WebLogic Server CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...) NOT-FOR-US: BEA WebLogic Portal CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...) NOT-FOR-US: BEA WebLogic Portal CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...) NOT-FOR-US: BEA WebLogic CVE-2007-2700 (The WLST script generated by the configToScript command in BEA WebLogi ...) NOT-FOR-US: BEA WebLogic CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...) NOT-FOR-US: BEA WebLogic CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show plainte ...) NOT-FOR-US: BEA WebLogic CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7 ...) NOT-FOR-US: BEA WebLogic CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6 ...) NOT-FOR-US: BEA WebLogic CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express an ...) NOT-FOR-US: BEA WebLogic CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Ex ...) NOT-FOR-US: BEA WebLogic CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT p ...) - mysql-dfsg-5.0 (Only MySQL 5.1 affected) [sarge] - mysql-dfsg-4.1 (Only MySQL 5.1 affected) [sarge] - mysql-dfsg (Only MySQL 5.1 affected) CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x be ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.42 (bug #424778) [sarge] - mysql-dfsg-4.1 (Vulnerable functionality not implemented) [sarge] - mysql-dfsg (Vulnerable functionality not implemented) NOTE: http://bugs.mysql.com/bug.php?id=28499 CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830) CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...) NOT-FOR-US: ISS CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain full-wid ...) NOT-FOR-US: Check Point CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...) NOT-FOR-US: Cisco CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.E ...) NOT-FOR-US: MicroWorld CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2. ...) NOT-FOR-US: Jetbox CMS CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...) NOT-FOR-US: Jetbox CMS CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Jetbox CMS CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute arbit ...) - mutt 1.5.15+20070608-1 (low; bug #426116) [etch] - mutt (Minor issue, hardly exploitable) [sarge] - mutt (Minor issue, hardly exploitable) CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as u ...) NOT-FOR-US: Adobe CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution 1. ...) - b2evolution (unimportant) NOTE: This is a register_globals=on issue. NOTE: More than just blogs/index.php is affected (that file isn't NOTE: installed by the Debian package). CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface i ...) NOT-FOR-US: Canon CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...) NOT-FOR-US: Simple PHP Scripts CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...) NOT-FOR-US: Netsprint CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess Communi ...) NOT-FOR-US: phpChess CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open Tr ...) NOT-FOR-US: Open Translation Engine CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...) NOT-FOR-US: Pre Classifieds Listings CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 all ...) NOT-FOR-US: Pre Shopping Mall CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura 1 ...) NOT-FOR-US: Censura CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allo ...) NOT-FOR-US: PHP Coupon Script CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of s ...) - iceweasel (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the install ...) NOT-FOR-US: PHPChain CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 an ...) NOT-FOR-US: PHPChain CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execut ...) NOT-FOR-US: webdesproxy CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...) NOT-FOR-US: VImpX CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...) NOT-FOR-US: notepad++ CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0 ...) NOT-FOR-US: PhpFirstPost CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...) NOT-FOR-US: Yaap CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...) NOT-FOR-US: Beacon CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attack ...) NOT-FOR-US: EfesTECH CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remot ...) NOT-FOR-US: BlogMe CVE-2007-2660 NOT-FOR-US: PhpConcept CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced Transfe ...) NOT-FOR-US: PHP Advanced Transfer Manager (phpATM) CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...) NOT-FOR-US: ID Automation CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX contr ...) NOT-FOR-US: PrecisionID CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview Active ...) NOT-FOR-US: HP CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...) NOT-FOR-US: NetWin CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure pe ...) - xfsdump 2.2.45-1 (bug #417894; low) [etch] - xfsdump (Minor issue) CVE-2007-2653 REJECTED CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow rem ...) NOT-FOR-US: Free-SA CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow re ...) NOT-FOR-US: VooDoo cIRCle CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...) {DSA-1320-1 DTSA-43-1} - clamav 0.90.2-1 CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for i ...) NOT-FOR-US: Speedport W 700v CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 Active ...) NOT-FOR-US: Clever Database Comparer CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php i ...) NOT-FOR-US: MonAlbum CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted re ...) NOT-FOR-US: yEnc32 CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in exif-dat ...) {DSA-1487-1} - libexif 0.6.15-1 (bug #424775) CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3. ...) NOT-FOR-US: Morovia CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...) NOT-FOR-US: maGAZIn CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 al ...) NOT-FOR-US: R2K Gallery CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0. ...) NOT-FOR-US: W1L3D4 CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid "trivial ...) NOT-FOR-US: LibTMCG CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote atta ...) NOT-FOR-US: TFTPDWIN CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...) NOT-FOR-US: eFileCabinet CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...) {DSA-1514-1} - moin 1.5.7-2 (low) CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote attack ...) NOT-FOR-US: phpTodo CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote at ...) - interchange 5.4.2-1 (low) CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in aFor ...) NOT-FOR-US: aForum CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows re ...) NOT-FOR-US: H-Sphere CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...) NOT-FOR-US: phpMUR CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8- ...) NOTE: Duplicate of CVE-2007-2589 CVE-2007-2630 (Incomplete blacklist vulnerability in filemanager/browser/default/conn ...) - moin 1.5.8-4.1 (unimportant) - karrigell (Vulnerable php code not present) - knowledgeroot 0.9.8.2-2 (unimportant) CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) allow ...) NOT-FOR-US: Bradford CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in Justi ...) NOT-FOR-US: PHPSecurityAdmin CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...) - wordpress 2.2.2-1 (low) [etch] - wordpress (Vulnerable code not present) CVE-2007-2626 NOT-FOR-US: SchoolBoard CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in shared/code/cp_authorizati ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-2624 (Dynamic variable evaluation vulnerability in shared/config/cp_config.p ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1. ...) NOT-FOR-US: Remote Display Dev kit CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier a ...) NOT-FOR-US: TaskDriver CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 al ...) NOT-FOR-US: Thyme Calendar CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...) NOT-FOR-US: Jakub Steiner (aka jimmac) original CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login creden ...) NOT-FOR-US: Symantec pcAnywhere CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows re ...) NOT-FOR-US: Drake CMS CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core p ...) NOT-FOR-US: Sun Solaris CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE servic ...) NOT-FOR-US: Novell NetMail CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLoja ...) NOT-FOR-US: PHPLojaFacil CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in php ...) NOT-FOR-US: phpHtmlLib CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared vir ...) NOT-FOR-US: WikkaWiki CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikk ...) NOT-FOR-US: WikkaWiki CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 all ...) NOT-FOR-US: CGX CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1 ...) NOT-FOR-US: OpenLD CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 all ...) NOT-FOR-US: gnuedu CVE-2007-2608 (PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.p ...) NOT-FOR-US: Miplex2 CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...) NOT-FOR-US: LaVague CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger m ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976) [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) [sarge] - firebird2 (low) NOTE: Minor issue, because conffile is restricted CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ISoftomat ...) NOT-FOR-US: Brujula Toolbar CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows remo ...) NOT-FOR-US: FlexLabel CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...) NOT-FOR-US: Audio CD Ripper CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows att ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith Playe ...) NOT-FOR-US: GDivX Zenith Player CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (ak ...) NOT-FOR-US: TutorialCMS CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop T ...) NOT-FOR-US: TutorialCMS CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL all ...) NOT-FOR-US: PHP SimpleNEWS CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1 ...) NOT-FOR-US: telltarget CMS CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum 1 ...) NOT-FOR-US: aForum CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...) NOT-FOR-US: RSAuction CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in php ...) NOT-FOR-US: phpMyPortal CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...) NOT-FOR-US: Microsoft CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisy ...) NOT-FOR-US: Nokia CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0. ...) NOT-FOR-US: Nokia CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possi ...) NOT-FOR-US: Nokia CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...) {DSA-1290-1} - squirrelmail 2:1.4.10a-1 (low) NOTE: CVE id has later been assigned to a part of this issue CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa ...) NOT-FOR-US: Office Viewer OCX ActiveX CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authen ...) NOT-FOR-US: Cisco CVE-2007-2586 (The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check ...) NOT-FOR-US: Cisco CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz A ...) NOT-FOR-US: BarCodeWiz ActiveX control CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSu ...) NOT-FOR-US: Subscription Manager ActiveX control CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 ...) {DSA-1413-1} - mysql-dfsg-5.0 5.0.41-1 (low; bug #426353) [sarge] - mysql-dfsg (Vulnerable functionality not implemented) NOTE: [sarge] Not affected, test case doesn't crash the daemon CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) servi ...) NOT-FOR-US: IBM DB2 CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windo ...) NOT-FOR-US: Microsoft CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...) NOT-FOR-US: Safari CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...) NOT-FOR-US: ACP3 CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in AC ...) NOT-FOR-US: ACP3 CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...) NOT-FOR-US: ACP3 CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 Active ...) NOT-FOR-US: advdaudio.ocx ActiveX control CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm (ak ...) NOT-FOR-US: vm watermark 0.4.1 mod for Gallery CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog 0.9 ...) NOT-FOR-US: Archangel Weblog CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in P ...) NOT-FOR-US: PHPtree CVE-2007-2572 (PHP remote file inclusion vulnerability in modules/noevents/templates/ ...) NOT-FOR-US: NoAh (aka PHP Content Architect, phparch) CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...) NOT-FOR-US: wfquotes module for XOOPS CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in W ...) NOT-FOR-US: Wikivi5 CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 a ...) NOT-FOR-US: Friendly CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assis ...) NOT-FOR-US: VCDGear CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Cod ...) NOT-FOR-US: Taltech Tal Bar Code ActiveX control CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control a ...) NOT-FOR-US: Taltech Tal Bar Code ActiveX control CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...) NOT-FOR-US: Cdelia Software ImageProcessing CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music Ment ...) NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...) NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...) NOT-FOR-US: Kayako eSupport CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...) NOT-FOR-US: fipsCMS CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 an ...) NOT-FOR-US: ACGVannu CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart 3. ...) NOT-FOR-US: american cart CVE-2007-2558 NOT-FOR-US: pfa CMS CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, whic ...) NOT-FOR-US: Mambo CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attacker ...) NOT-FOR-US: Nuked-klaN CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...) NOT-FOR-US: Podium CMS CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...) NOT-FOR-US: Newspower CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 all ...) NOT-FOR-US: WikkaWiki CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaW ...) NOT-FOR-US: WikkaWiki CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 a ...) NOT-FOR-US: CubeCart CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...) NOT-FOR-US: TurnkeyWebTools CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shop ...) NOT-FOR-US: TurnkeyWebTools CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebToo ...) NOT-FOR-US: TurnkeyWebTools CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 an ...) NOT-FOR-US: SMF CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9. ...) NOT-FOR-US: Persism CVE-2007-2544 (PHP remote file inclusion vulnerability in templates/default/tpl_messa ...) NOT-FOR-US: TopTree BBS CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...) NOT-FOR-US: XOOPS CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench sur ...) NOT-FOR-US: workbench survival guide CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php i ...) NOT-FOR-US: Versado CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and e ...) NOT-FOR-US: PMECMS CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote atta ...) NOT-FOR-US: RunCms CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms 1. ...) NOT-FOR-US: RunCms CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 an ...) NOT-FOR-US: NPDS CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...) NOT-FOR-US: Picozip CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...) NOT-FOR-US: WinAce CVE-2007-2534 NOT-FOR-US: phpHoo3 CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Sec ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duo ...) NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in Ber ...) NOT-FOR-US: Berylium2 CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowel ...) NOT-FOR-US: Tropicalm CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 b ...) NOT-FOR-US: Solaris 10 CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD befor ...) NOT-FOR-US: DynamicPAD CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewe ...) NOT-FOR-US: VNC Viewer ActiveX control CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1} - linux-2.6 2.6.22-1 NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in NOTE: Linus' tree. CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Re ...) {DSA-1298-1} - otrs2 2.1.1-1 (bug #423524) NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070 ...) NOT-FOR-US: CA Anti-Virus CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA Anti-Vi ...) NOT-FOR-US: CA Anti-Virus CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! befor ...) NOT-FOR-US: E-GADS! CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when magic_qu ...) NOT-FOR-US: MyNews CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...) - php5 5.2.3-1 (unimportant; bug #441433) - php4 (unimportant) NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't NOTE: cross trust boundaries CVE-2007-2518 REJECTED CVE-2007-2517 RESERVED CVE-2007-2516 RESERVED CVE-2007-2515 RESERVED CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple product ...) NOT-FOR-US: Symantec CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 pos ...) NOT-FOR-US: Novell GroupWise CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and l ...) NOT-FOR-US: Alcatel-Lucent CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP befo ...) {DTSA-39-1} - php5 5.2.2-1 NOTE: Only triggerable by malicious script CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before 5 ...) {DSA-1295-1 DTSA-39-1} - php5 5.2.2-1 (low) CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...) {DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1} - php5 5.2.2-1 (low) - php4 4.4.7-1 (low) CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.5 ...) NOT-FOR-US: Trend Micro CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble D ...) NOT-FOR-US: Treble Designs 1024 CMS CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...) NOT-FOR-US: OpenEdge WebSpeed CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 all ...) NOT-FOR-US: MailCOPA CVE-2007-2504 NOT-FOR-US: PHP Turbulence CVE-2007-2503 NOT-FOR-US: PHP Turbulence CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with so ...) NOT-FOR-US: HP ProCurve 9300m Series switches CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before 0.9 ...) NOT-FOR-US: CodePress CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player ...) {DTSA-48-1} - gnash 0.7.2+cvs20070518.1557-1 (bug #423433) CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and e ...) NOT-FOR-US: DVDdb CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote a ...) NOT-FOR-US: Winamp CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a den ...) NOT-FOR-US: RealPlayer NOTE: helix-player not affected CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote at ...) NOT-FOR-US: WordViewer.ocx CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...) NOT-FOR-US: ExcelViewer .ocx CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX con ...) NOT-FOR-US: PowerPointViewer .ocx CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ & RU ...) NOT-FOR-US: FAQ & RULES module for mxBB CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...) NOT-FOR-US: v4bJournal module for PostNuke CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.3 ...) NOT-FOR-US: EMC VMware CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows rem ...) NOT-FOR-US: LiveData Server CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and o ...) NOT-FOR-US: LiveData Protocol Server CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ex ...) NOT-FOR-US: AtomixMP3 CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and 1 ...) NOT-FOR-US: Motobit CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the m ...) NOT-FOR-US: myflash plugin for WordPress CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in th ...) NOT-FOR-US: wp-Table plugin for WordPress CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the wp-T ...) NOT-FOR-US: wp-Table plugin for WordPress CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the wordTu ...) NOT-FOR-US: wordTube plugin for WordPress CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...) NOT-FOR-US: wordTube plugin for WordPress CVE-2007-XXXX [schroot may use outdated configuration information] - schroot (Upstream: "This bug was never present in a Debian release.") CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does n ...) {DSA-1358-1} - asterisk 1:1.4.5~dfsg-1 (low) NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line NOTE: could just as well hang-up NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-013.htm CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.2 ...) - linux-2.6 2.6.22-1 (medium) CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers t ...) NOT-FOR-US: Cerulean Trillian CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...) NOT-FOR-US: Cerulean Trillian CVE-2007-2477 NOT-FOR-US: phpMyChat CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0 ...) NOT-FOR-US: Novell CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogi ...) NOT-FOR-US: Novell CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...) NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...) NOT-FOR-US: CMS Made Simple CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3 ...) NOT-FOR-US: Sendcard CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...) NOT-FOR-US: Sendcard CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...) NOT-FOR-US: FileRun CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier al ...) NOT-FOR-US: FileRun CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 an ...) NOT-FOR-US: HP OpenVMS CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) f ...) NOT-FOR-US: Sun Java System Directory Server CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM ...) NOT-FOR-US: Sun Solaris CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...) NOT-FOR-US: Cisco CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...) NOT-FOR-US: Cisco CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...) NOT-FOR-US: Cisco CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PI ...) NOT-FOR-US: Cisco CVE-2007-2460 (PHP remote file inclusion vulnerability in modules/admin/include/confi ...) NOT-FOR-US: FireFly CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl mo ...) {DSA-1498-1} - libimager-perl 0.58-1 (bug #421582) CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...) NOT-FOR-US: Pixaria Gallery CVE-2007-2457 (PHP remote file inclusion vulnerability in resources/includes/class.Sm ...) NOT-FOR-US: Pixaria Gallery CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 a ...) NOT-FOR-US: FireFly CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual mac ...) NOT-FOR-US: Parallels CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...) NOT-FOR-US: Parallels CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2. ...) {DSA-1356-1} - linux-2.6 2.6.21-5 (low) CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in locate/ ...) - findutils 4.2.31-1 (low; bug #426862) [sarge] - findutils (Not vulnerable in default configuration, minor issue) [etch] - findutils 4.2.28-1etch1 (low) CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES i ...) - linux-2.6 2.6.21-3 [etch] - linux-2.6 (Vulnerable code not present, introduced in 2.6.20) CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...) {DSA-1468-1} - tomcat4 (low) - tomcat5 (low) - tomcat5.5 5.5.25-1 (low) [sarge] - tomcat4 (Contrib not supported) CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP fil ...) - tomcat4 (unimportant) - tomcat5 (unimportant) - tomcat5.5 5.5.25-1 (unimportant) NOTE: Only present in the examples, not in production code CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial ...) - subversion 1.4.4dfsg1-1 (bug #428194; low) [etch] - subversion (Minor issue) [sarge] - subversion (Minor issue) CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allo ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 (high) CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in Sam ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 (high) CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) [etch] - libgd2 2.0.33-5.2etch1 (low) - libpng 1.2.15~beta5-2 - libpng3 [etch] - libpng 1.2.15~beta5-1+etch2 NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in svc_a ...) {DSA-1323-1} - krb5 1.6.dfsg.1-5 (bug #430787; medium) CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...) {DSA-1323-1} - krb5 1.6.dfsg.1-5 (bug #430787; high) CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) NOT-FOR-US: Caucho Resin Professional CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 a ...) NOT-FOR-US: Caucho Resin Professional CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) NOT-FOR-US: Caucho Resin Professional CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...) {DSA-1364-2 DSA-1364-1} - vim 1:7.1-022+1 (bug #435401; low) [sarge] - vim (Vulnerable code not present) NOTE: Exploitable through modelines, needs to be used with care in any case CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, an ...) - xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936) NOTE: etch vulnerable (patch below applies) NOTE: git url to fix the issue NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9 NOTE: Not considered a security problem, only exploitable by authenticated users NOTE: If an attacker convinces such a user to run his exploit code blindly she could NOTE: just as well provide a binary which does more harm CVE-2007-2436 REJECTED CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...) - sun-java5 1.5.0-11-1 (medium; bug #423062) [etch] - sun-java5 1.5.0-14-1etch1 CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remot ...) NOT-FOR-US: Aventail Connect CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...) NOT-FOR-US: Ariadne CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in nu ...) NOT-FOR-US: Nukedit CVE-2007-2431 (Dynamic variable evaluation vulnerability in shared/config/tce_config. ...) NOT-FOR-US: TCExam CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote at ...) NOT-FOR-US: TCExam CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to obta ...) NOT-FOR-US: ManageEngine PasswordManager Pro (PMP) CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp ...) NOT-FOR-US: Ahhp-Portal CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 modul ...) NOT-FOR-US: pnFlashGames CVE-2007-2426 (PHP remote file inclusion vulnerability in myfunctions/mygallerybrowse ...) NOT-FOR-US: myGallery CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 all ...) NOT-FOR-US: Imageview CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The Merch ...) NOT-FOR-US: The Merchant CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5. ...) {DSA-1514-1} - moin 1.5.7-3 (medium; bug #422408) CVE-2007-2422 NOT-FOR-US: Comdev One Admin CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07- ...) NOT-FOR-US: Hitachi Groupmax CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...) NOT-FOR-US: Burak Yilmaz Blog CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macro ...) NOT-FOR-US: Macrovision CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging an ...) NOT-FOR-US: Cerulean Trillian CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software Progre ...) NOT-FOR-US: Progress Software Progress and OpenEdge CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote attack ...) NOT-FOR-US: E-Annu CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...) NOT-FOR-US: Pi3Web Web Server CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: MyServer CVE-2007-2413 REJECTED CVE-2007-2412 NOT-FOR-US: Seir Anphin CVE-2007-2411 NOT-FOR-US: Sphider CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of cer ...) NOT-FOR-US: Mac OS X CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10. ...) NOT-FOR-US: Mac OS X CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly re ...) NOT-FOR-US: Apple Safari CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows fi ...) - samba (MacOS/Apple-specific vulnerability) CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certai ...) NOT-FOR-US: Mac OS X CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allow ...) NOT-FOR-US: Mac OS X CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Mac OS X CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly valid ...) NOT-FOR-US: Mac OS X CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform suff ...) NOT-FOR-US: Apple Quicktime CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4 ...) NOT-FOR-US: Apple CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Window ...) NOT-FOR-US: Apple CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1 ...) NOT-FOR-US: Apple CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...) NOT-FOR-US: Apple Safari CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly che ...) NOT-FOR-US: Apple Quicktime CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before 7. ...) NOT-FOR-US: Apple Quicktime CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...) NOT-FOR-US: Apple Quicktime CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...) NOT-FOR-US: Apple Quicktime CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-a ...) NOT-FOR-US: Apple Quicktime CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 fo ...) NOT-FOR-US: Apple CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows re ...) NOT-FOR-US: Apple CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...) NOT-FOR-US: Apple CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not proper ...) NOT-FOR-US: Apple CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...) NOT-FOR-US: Apple CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 a ...) NOT-FOR-US: Apple mDNSResponder CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object Notatio ...) - yui (unimportant; bug #557745) - bcfg2 (present in source but not included in any binary files) - serendipity 1.5.3-1 (low; bug #557746) - moodle (uses system libjs-yui) - jifty 0.91117-1 (low; bug #557748) - webgui (uses system libjs-yui) - loggerhead (uses system libjs-yui) NOTE: see https://web.archive.org/web/20071105202514/http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object N ...) NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...) {DSA-1952-1} - prototypejs (fixed before initial upload) - auth2db 0.2.5-2+dfsg-1 (low; bug #555217) - asterisk 1:1.6.2.0~rc3-1 (low; bug #555220) [etch] - asterisk (minor issue) [lenny] - asterisk (minor issue) - libaws 2.7-1 (low; bug #555221) [etch] - libaws (minor issue) [lenny] - libaws (minor issue) - libjson-ruby (has prototype.js >= 1.5.1) - lucene2 2.9.1+ds1-2 (low; bug #555225) [etch] - lucene2 (prototype.js not present) [lenny] - lucene2 (minor issue) - glpi 0.72.3-1 (low; bug #555228) [etch] - glpi (minor issue) [lenny] - glpi (minor issue) - knowledgeroot 0.9.9.5-1 (low; bug #555229) [etch] - knowledgeroot (minor issue) [lenny] - knowledgeroot (Uses the prototype.js copy from scriptaculous) - mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231) [etch] - mt-daapd (minor issue) - mediatomb 0.11.0-3 (low; bug #555232) - op-panel 0.30~dfsg-1 (low; bug #555234) - ebug-http 0.31-2.1 (low; bug #555235) [lenny] - ebug-http (Minor issue) - poker-network 1.7.6-1 (low; bug #555237) [etch] - poker-network (minor issue) - webhelpers (fixed since initial inclusion) - qwik (low; bug #555240) [etch] - qwik (minor issue) [lenny] - qwik (minor issue) - wordpress (fixed since initial inclusion) - exaile (fixed since initial inclusion) - hobix 0.5~svn20070319-4 (low; bug #555246) [lenny] - hobix (minor issue) - pixelpost 1.7.1-6 (low; bug #555248) [lenny] - pixelpost (minor issue) - symfony 1.0.21-1.1 (low; bug #555250) [lenny] - symfony (minor issue) - jscropperui 1.2.1-1 (low; bug #555255) [lenny] - jscropperui (minor issue) - rt-extension-emailcompletion (fixed since initial inclusion) - scriptaculous (fixed since initial inclusion) - activeldap (fixed since initial inclusion) - mantis (fixed since initial inclusion) - otrs2 (fixed since initial inclusion) - webcalendar 1.2~b1-2 (low; bug #555268) [lenny] - webcalendar (prototype.js not present) - plone3 (low; bug #555274) - wesnoth (fixed since initial inclusion) - libhtml-prototype-perl 1.48-3 (low; bug #558977) [etch] - libhtml-prototype-perl (minor issue) [lenny] - libhtml-prototype-perl (minor issue) NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ( ...) NOT-FOR-US: Moo.fx framework NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...) NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf NOTE: This allows to steal data from affected websites. Therefore web applications should NOTE: only be considered vunerabile if they process confidential data. NOTE: The frameworks should be fixed in any case. CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object N ...) NOT-FOR-US: Microsoft Atlas CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ( ...) - jquery (unimportant) NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself. NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...) - gwt (unimportant; bug #563542) NOTE: javascript security guidelines provided to developers to avoid these issues NOTE: https://developers.google.com/web-toolkit/articles/security_for_gwt_applications CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...) NOT-FOR-US: Getahead Direct Web Remoting CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation (JS ...) NOT-FOR-US: Dojo CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security Man ...) NOT-FOR-US: Symantec CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 20 ...) NOT-FOR-US: Microsoft CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1 ...) NOT-FOR-US: WF-Links (wflinks) module for XOOPS CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...) NOT-FOR-US: phpMyNewsletter CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ear ...) NOT-FOR-US: phpMyNewsletter CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 an ...) NOT-FOR-US: Jobs module for XOOPS CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 a ...) NOT-FOR-US: WebSPELL CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...) NOT-FOR-US: WebSPELL CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4. ...) NOT-FOR-US: Wserve HTTP Server (whttp) CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted rem ...) NOT-FOR-US: Corel CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0 ...) NOT-FOR-US: Adobe CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...) NOT-FOR-US: burnCMS CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted rem ...) NOT-FOR-US: IrfanView CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...) {DSA-1434-1 DTSA-36-1} - mydns 1:1.1.0-8 [sarge] - mydns (Vulnerable code not present) CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, ...) NOT-FOR-US: Symantec CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, ...) NOT-FOR-US: Symantec CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton G ...) NOT-FOR-US: Symantec CVE-2007-2358 - b2evolution (Debian's version does not contain the affected variables) CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in Si ...) NOT-FOR-US: SineCms CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in sunras. ...) {DSA-1301-1} - gimp 2.2.14-2 CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...) NOT-FOR-US: OPeNDAP CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Progress Webspeed Messenger CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ...) - axis (unimportant) NOTE: only path disclosure CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote at ...) NOT-FOR-US: AFFLIB CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4. ...) NOT-FOR-US: HP Power Manager Remote Agent CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows r ...) NOT-FOR-US: freePBX CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.B ...) NOT-FOR-US: Invision Power Board CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell met ...) - lftp 3.5.9-1 (unimportant) NOTE: Non-issue, also already documented as potentially risky CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...) NOT-FOR-US: OneClick CMS CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...) NOT-FOR-US: PHP-Generics CVE-2007-2345 (PHP remote file inclusion vulnerability in include/include_stream.inc. ...) NOT-FOR-US: phpBrowse CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight In ...) NOT-FOR-US: Enterasys CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys NetSig ...) NOT-FOR-US: Enterasys CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...) NOT-FOR-US: CreaScripts Creadirectory CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in phpBandM ...) NOT-FOR-US: phpBandManager CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in inc/include_all. ...) NOT-FOR-US: phporacleview CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow r ...) NOT-FOR-US: Phorum CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in include/admin/banli ...) NOT-FOR-US: Phorum CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0. ...) NOT-FOR-US: Exponent CMS CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 200 ...) NOT-FOR-US: NaviCOPA HTTP Server CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader functi ...) NOT-FOR-US: Lunascape CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...) NOT-FOR-US: Nortel CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...) NOT-FOR-US: Nortel CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_ ...) NOT-FOR-US: Nortel CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...) NOT-FOR-US: Shop-Script CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in Dyn ...) NOT-FOR-US: DynaTracker CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in Searchacti ...) NOT-FOR-US: Searchactivity CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...) NOT-FOR-US: phpMYTGP CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...) NOT-FOR-US: HTMLeditbox CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...) - smarty (unimportant; bug #488523) - moodle 1.8.2-2 (unimportant; bug #488525) - gallery2 2.2.5-2 (unimportant; bug #488527) NOTE: this is a non-issue NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory NOTE: (should be the case for embedded copies), however NOTE: additionally this relies on register_globals being switched on. CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups ...) NOT-FOR-US: MyNewsGroups CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows r ...) NOT-FOR-US: JulmaCMS CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...) NOT-FOR-US: InterVideo CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remo ...) NOT-FOR-US: Nero CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...) NOT-FOR-US: SilverStripe CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier a ...) NOT-FOR-US: Papoo CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and earli ...) NOT-FOR-US: AutoStand CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 allo ...) - filezilla 3.0.0~beta2-3 (bug #421776) NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558 CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...) NOT-FOR-US: MiniBB CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business Managem ...) NOT-FOR-US: Open Business Management CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to caus ...) NOT-FOR-US: MiniShare CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...) NOT-FOR-US: Crea-Book CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the Shotcas ...) NOT-FOR-US: Shotcast module for mxBB CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...) NOT-FOR-US: Virtual War (VWar) CVE-2007-2311 NOT-FOR-US: BlooFoxCMS CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...) NOT-FOR-US: BloofoxCMS CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...) NOT-FOR-US: FloweRS CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...) NOT-FOR-US: FloweRS CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in We ...) NOT-FOR-US: WebKalk2 CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...) NOT-FOR-US: Virtual War (VWar) CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick an ...) NOT-FOR-US: QDBlog CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ( ...) NOT-FOR-US: QDBlog CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News Manag ...) NOT-FOR-US: NMDeluxe CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...) NOT-FOR-US: Expow CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0 ...) NOT-FOR-US: audioCMS CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...) NOT-FOR-US: phpwebnews CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier a ...) NOT-FOR-US: CMS Frogss CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 a ...) NOT-FOR-US: Garennes CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...) {DSA-1358-1} - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820) [sarge] - asterisk (correctly logs a warning) CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quickt ...) NOT-FOR-US: Apple QuickTime CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...) NOT-FOR-US: Apple QuickTime CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...) {DSA-1358-1} - asterisk 1:1.4.3~dfsg-1 (low) NOTE: Etch and Sarge affected NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-012.htm CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in c ...) - asterisk 1:1.4.3~dfsg-1 (high) [sarge] - asterisk (1.0.x not affected) [etch] - asterisk (1.2.x not affected) [lenny] - asterisk (vulnerable code not present) NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-010.htm CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (low) - xulrunner 1.8.1.9-1 - iceape 1.1.5 CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and Ne ...) NOT-FOR-US: B2 Weblog NOTE: Debian's b2evolution does not contain the string "b2inc", NOTE: and does not seem to suffer from this vulnerability. CVE-2007-2289 (PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs ...) NOT-FOR-US: Download-Engine CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net do ...) NOT-FOR-US: doruk100net CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 Fin ...) NOT-FOR-US: comus CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...) NOT-FOR-US: Built2Go CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...) NOT-FOR-US: Jack Slocum Ext CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote a ...) NOT-FOR-US: ABC-View Manager CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote attacke ...) NOT-FOR-US: Fresh View CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6. ...) NOT-FOR-US: Cisco CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ser ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundat ...) NOT-FOR-US: Symantec CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...) NOT-FOR-US: DCP-Portal CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to h ...) NOT-FOR-US: Plogger CVE-2007-2276 NOT-FOR-US: TippingPoint IPS CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced Edi ...) NOT-FOR-US: HP StorageWorks CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...) NOT-FOR-US: Opera CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in Ales ...) NOT-FOR-US: wavewoo CVE-2007-2272 (PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.p ...) NOT-FOR-US: Advanced Webhost Billing System CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Dist ...) NOT-FOR-US: TotaRam CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a denia ...) NOT-FOR-US: Linksys CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for Wind ...) NOT-FOR-US: Plesk CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for Windo ...) NOT-FOR-US: Plesk CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 b ...) NOT-FOR-US: Sun Cluster CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, m ...) NOT-FOR-US: Progress Webspeed Messenger CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...) NOT-FOR-US: YA Book CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...) NOT-FOR-US: RealPlayer CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and ...) NOT-FOR-US: RealPlayer CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in html/php/detail. ...) NOT-FOR-US: jmuffin CVE-2007-2261 (PHP remote file inclusion vulnerability in espaces/communiques/annotat ...) NOT-FOR-US: C-Arbre CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...) NOT-FOR-US: bibtex mase CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...) NOT-FOR-US: EsForum CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in PH ...) NOT-FOR-US: PHPMyBibli CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...) NOT-FOR-US: Fully Modded phpBB2 CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 al ...) NOT-FOR-US: TJSChat CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) NOT-FOR-US: Download-Engine CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in P ...) NOT-FOR-US: PHP Classifieds CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtai ...) NOT-FOR-US: Exponent CMS CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS 0. ...) NOT-FOR-US: Exponent CMS CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earl ...) NOT-FOR-US: Xaraya CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain th ...) NOT-FOR-US: Phorum CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...) NOT-FOR-US: Phorum CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Ph ...) NOT-FOR-US: Phorum CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...) NOT-FOR-US: phpMySpace CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running s ...) NOT-FOR-US: HP-UX CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.1-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2007-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b4134b65a7e7ed355121b6c2db9ea6c9624509bc CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...) NOT-FOR-US: Adobe Photoshop CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...) - openssh (bug #436571; unimportant) [etch] - openssh (Minor issue) [sarge] - openssh (Minor issue) CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...) {DSA-1356-1} - linux-2.6 2.6.21-1 (low; bug #421595) - kfreebsd-5 (low) [etch] - kfreebsd-5 (No security support for KFreeBSD) NOTE: This should be off by default, tweakable by a simple knob. NOTE: (FreeBSD has it turned on for hosts, too.) CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ...) - bind9 1:9.4.1-1 (medium) [etch] - bind9 (Only 9.4/9.5 branches affected) [sarge] - bind9 (Only 9.4/9.5 branches affected) CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...) NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera C ...) NOT-FOR-US: AXIS Camera Control CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components A ...) NOT-FOR-US: Whale Client Components ActiveX control CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...) NOT-FOR-US: Microsoft CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to incl ...) NOT-FOR-US: PunBB CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 an ...) NOT-FOR-US: PunBB CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly handl ...) NOT-FOR-US: PunBB CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authen ...) NOT-FOR-US: CoSign CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...) NOT-FOR-US: CoSign CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dove ...) {DSA-1359-1} - dovecot 1.0.rc29-1 [sarge] - dovecot (Vulnerable code not present) CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote aut ...) NOT-FOR-US: CA Clever Path CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for unspecif ...) NOT-FOR-US: Microsoft CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, ...) NOT-FOR-US: Windows CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...) NOT-FOR-US: Microsoft CVE-2007-2226 REJECTED CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...) NOT-FOR-US: Microsoft CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft Wi ...) NOT-FOR-US: Microsoft CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote atta ...) NOT-FOR-US: Microsoft XML CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2 ...) NOT-FOR-US: Microsoft CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft W ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2220 REJECTED CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...) NOT-FOR-US: Microsoft CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...) NOT-FOR-US: Microsoft CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...) NOT-FOR-US: Kodak Image Viewer CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2215 REJECTED CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...) NOT-FOR-US: DmCMS CVE-2007-2213 (Unspecified vulnerability in the Initialize function in NetscapeFTPHan ...) NOT-FOR-US: WS_FTP CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka My ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoa ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...) NOT-FOR-US: Netsprint CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft Im ...) NOT-FOR-US: AccuSoft CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3 ...) NOT-FOR-US: Extreme PHPBB2 CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website Manag ...) NOT-FOR-US: Ripe Website Manager CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...) NOT-FOR-US: Ripe Website Manager CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...) NOT-FOR-US: LAN Management System CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (G ...) NOT-FOR-US: GPL PHP Board CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...) NOT-FOR-US: Big Blue Guestbook CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...) NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...) NOT-FOR-US: Post Revolution CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in Pag ...) NOT-FOR-US: Pagode CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcl ...) NOT-FOR-US: Joomla! CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System (LMS ...) NOT-FOR-US: LAN Management System CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2. ...) NOT-FOR-US: NeatUpload CVE-2007-2196 NOT-FOR-US: Jambook module for Mambo and Joomla CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...) - amsn (Appears bogus, no such port is opened; bug #557754) CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remo ...) NOT-FOR-US: XnView CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...) NOT-FOR-US: ACDSee CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remot ...) NOT-FOR-US: Photofiltre CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x a ...) NOT-FOR-US: freePBX CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php i ...) NOT-FOR-US: Eba News CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php i ...) NOT-FOR-US: mxBB Smartor Album CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka transact ...) NOT-FOR-US: eXtremail CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remo ...) NOT-FOR-US: eXtremail CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Foxit Reader CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b a ...) NOT-FOR-US: Supasite CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...) NOT-FOR-US: jchit CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System (a ...) NOT-FOR-US: PHP-Ring Webring System CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...) NOT-FOR-US: Maran PHP Forum CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...) NOT-FOR-US: WEBInsta CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote att ...) NOT-FOR-US: Nullsoft Winamp CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in XceddZipL ...) NOT-FOR-US: RaidenFTPD CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...) NOT-FOR-US: Sharity CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...) NOT-FOR-US: Microgaming Download Helper CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers t ...) NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ot ...) NOT-FOR-US: Apple QuickTime CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Eng ...) NOT-FOR-US: ZoneAlarm CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) cou ...) NOT-FOR-US: Gentoo's packaging of courier CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 cau ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1} - linux-2.6 2.6.21-1 (medium) CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in GWINTER.e ...) NOT-FOR-US: Novell GroupWise CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not c ...) NOT-FOR-US: Oracle E-Business Suite CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem 1. ...) NOT-FOR-US: Mozzers SubSystem CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...) NOT-FOR-US: AimStats CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 all ...) NOT-FOR-US: AimStats CVE-2007-2166 (PHP remote file inclusion vulnerability in administration/user/lib/gro ...) NOT-FOR-US: OpenSurveyPilot CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous au ...) - proftpd 1.3.0-24 (low) [sarge] - proftpd (Minor issue) - proftpd-dfsg 1.3.0-24 (low) [etch] - proftpd-dfsg 1.3.0-19etch1 NOTE: Minor issue Fixed in 4.0r4 point release CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...) - kdelibs (unimportant) NOTE: Browser crashes are not treated as security problems CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service (bro ...) NOT-FOR-US: Apple Safari CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...) - iceweasel (unimportant) NOTE: Browser crashes are not treated as security problems CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Data ...) NOT-FOR-US: dba module for Drupal CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database Ad ...) NOT-FOR-US: dba module for Drupal CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 a ...) NOT-FOR-US: jGallery CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in Zomp ...) NOT-FOR-US: Zomplog CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...) NOT-FOR-US: Rezervi Generic CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber TopSi ...) NOT-FOR-US: phpFaber TopSites CVE-2007-2154 (PHP remote file inclusion vulnerability in services/samples/inclusionS ...) NOT-FOR-US: Cabron Connector CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 al ...) NOT-FOR-US: @Mail CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterpris ...) NOT-FOR-US: McAfee VirusScan Enterprise CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...) NOT-FOR-US: McAfee CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allo ...) NOT-FOR-US: BlueArc CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores userna ...) NOT-FOR-US: Chatness CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in Stephe ...) NOT-FOR-US: Chatness CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...) NOT-FOR-US: Chatness CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...) NOT-FOR-US: MiniGal CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...) NOT-FOR-US: MiniGal CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...) NOT-FOR-US: JoomlaPack CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 t ...) NOT-FOR-US: Be2004-2 template for Joomla CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php all ...) NOT-FOR-US: AjPortal2Php CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...) NOT-FOR-US: ShoutPro CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...) NOT-FOR-US: Flip-search-add-on CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA (fo ...) NOT-FOR-US: CA BrightStor CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...) NOT-FOR-US: Tivoli CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol Perform ...) NOT-FOR-US: BMC Patrol PerformAgent CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...) NOT-FOR-US: Oracle CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards Ente ...) NOT-FOR-US: Oracle CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital M ...) NOT-FOR-US: Oracle CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...) NOT-FOR-US: Oracle CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle Dat ...) NOT-FOR-US: Oracle CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...) NOT-FOR-US: Oracle CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle E-B ...) NOT-FOR-US: Oracle CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...) NOT-FOR-US: Oracle CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has un ...) NOT-FOR-US: Oracle CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle Collabo ...) NOT-FOR-US: Oracle CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...) NOT-FOR-US: Oracle CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...) NOT-FOR-US: Oracle CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle Applicat ...) NOT-FOR-US: Oracle CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle App ...) NOT-FOR-US: Oracle CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10 ...) NOT-FOR-US: Oracle CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...) NOT-FOR-US: Oracle CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...) NOT-FOR-US: Oracle CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in Ora ...) NOT-FOR-US: Oracle CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component i ...) NOT-FOR-US: Oracle CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...) NOT-FOR-US: Oracle CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_U ...) NOT-FOR-US: Oracle CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle D ...) NOT-FOR-US: Oracle CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracl ...) NOT-FOR-US: Oracle CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle Datab ...) NOT-FOR-US: Oracle CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) NOT-FOR-US: Oracle CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages] - mixmaster 3.0b2-5 (low; bug #418662) [etch] - mixmaster 3.0b2-4.etch1 [sarge] - mixmaster (Code generation in Sarge pads over this) CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names] [etch] - git-core (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30) - git-core 1:1.5.1.2-1 (low) NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f NOTE: http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...) {DSA-1311-1 DSA-1309-1} - postgresql-8.2 8.2.4-1 - postgresql-8.1 8.1.9-1 - postgresql-7.4 1:7.4.17-1 CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...) NOT-FOR-US: Rha7 Downloads CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content Manageme ...) NOT-FOR-US: Kai Content Management System CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0 ...) NOT-FOR-US: Monkey CMS CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow re ...) NOT-FOR-US: iXon CMS CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...) NOT-FOR-US: my little forum CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...) NOT-FOR-US: my little weblog CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root wit ...) NOT-FOR-US: FAC Guestbook CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...) NOT-FOR-US: FAC Guestbook CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConc ...) NOT-FOR-US: OpenConcept Back-End CMS CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...) NOT-FOR-US: Wabbit PHP Gallery CVE-2007-2097 NOT-FOR-US: OpenConcept Back-End CMS CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) NOT-FOR-US: PHPHD Download System CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 al ...) NOT-FOR-US: MySpeach CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia 0.5 ...) NOT-FOR-US: Anthologia CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft Gu ...) NOT-FOR-US: Limesoft Guestbook CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft Gu ...) NOT-FOR-US: Limesoft Guestbook CVE-2007-2091 (PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_bloc ...) NOT-FOR-US: tsdisplay4xoops CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evol ...) NOT-FOR-US: TuMusika Evolution CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx Developme ...) NOT-FOR-US: Jx Development Article component for Mambo and Joomla CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 an ...) - sitebar 3.3.8-7 (low) NOTE: this was register globals only and is fixed in Debian anyway CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, wh ...) NOT-FOR-US: CNStats CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allo ...) NOT-FOR-US: CNStats CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...) NOT-FOR-US: oe2edit CMS CVE-2007-2084 NOT-FOR-US: MobilePublisherphp CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in My ...) NOT-FOR-US: MyBlog CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authenticat ...) NOT-FOR-US: MyBlog CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows all ...) NOT-FOR-US: XAMPP CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...) NOT-FOR-US: XAMPP CVE-2007-2078 NOT-FOR-US: Maian Weblog CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...) NOT-FOR-US: Maian Search CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...) NOT-FOR-US: Maian Gallery CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on m ...) NOT-FOR-US: ScramDisk CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execu ...) NOT-FOR-US: ScramDisk CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery S ...) NOT-FOR-US: Ivan Gallery Script CVE-2007-2072 NOT-FOR-US: Ivan Gallery Script CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2. ...) NOT-FOR-US: Open-gorotto CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...) NOT-FOR-US: SunShop Shopping Cart CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.1 ...) NOT-FOR-US: openMairie CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront m ...) NOT-FOR-US: StoreFront extension for Gallery CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Is ...) NOT-FOR-US: WebSlider CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: UseBB CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Lad ...) NOT-FOR-US: ActionPoll CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaett ...) NOT-FOR-US: ActionPoll CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writab ...) NOT-FOR-US: IBM zOS CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user- ...) NOT-FOR-US: VCDGear CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLo ...) NOT-FOR-US: MailBee WebMail Pro CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...) NOT-FOR-US: Wizz RSS Reader CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in eIQnet ...) NOT-FOR-US: eIQnetworks Enterprise Security Analyzer CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-a ...) NOT-FOR-US: Acubix PicoZip CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remo ...) {DSA-1280-1 DTSA-35-1} - aircrack-ng 1:0.7-3 (medium) NOTE: http://trac.aircrack-ng.org/changeset/288 CVE-2007-2056 REJECTED CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary command ...) NOT-FOR-US: AFFLIB CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow re ...) NOT-FOR-US: AFFLIB CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow rem ...) NOT-FOR-US: AFFLIB CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in Modules/_localemo ...) {DSA-1620-1 DSA-1551-1} - python2.4 2.4.4-3 (bug #416931; low) - python2.5 2.5.1-1 (bug #416934; low) - python2.3 (low) CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has unkno ...) NOT-FOR-US: bftpd CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBo ...) NOT-FOR-US: RicarGBooK CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Mod ...) NOT-FOR-US: Calendar Module for Mambo CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Consol ...) NOT-FOR-US: webMethods Glue CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (ak ...) NOT-FOR-US: Openads CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...) NOT-FOR-US: Openads CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 an ...) NOT-FOR-US: Sun Solaris CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Anto ...) NOT-FOR-US: Weather module for Mambo and Joomla CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: MOSMedia Lite CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: MOSMedia Lite CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN AC ...) NOT-FOR-US: Cisco CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points be ...) NOT-FOR-US: Cisco CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x befor ...) NOT-FOR-US: Cisco CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) bef ...) NOT-FOR-US: Cisco CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive i ...) NOT-FOR-US: Cisco CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...) NOT-FOR-US: Cisco CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...) NOT-FOR-US: Cisco CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded F ...) NOT-FOR-US: Cisco CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, an ...) - 3proxy (bug #718219) CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might a ...) - lha 1.14i-10.2 (bug #437621; low) [sarge] - lha (Non-free not supported) [etch] - lha (Non-free not supported) CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) all ...) {DSA-1281-1 DTSA-37-1} - clamav 0.90.2-1 (low; bug #418849) NOTE: closed report: https://bugzilla.clamav.net/show_bug.cgi?id=459 NOTE: Commit r3021 looks as if it's just a null pointer dereference. CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...) - freeradius 1.1.6-1 (low) [sarge] - freeradius (Minor issue) [etch] - freeradius (Minor issue) CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string func ...) - elinks 0.11.1-1.4 (bug #417789; low) [sarge] - elinks (Hardly exploitable) [etch] - elinks (Hardly exploitable) NOTE: Unrealistic attack vector, no evidence code injection is possible CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...) - file 4.20-6 (low) [etch] - file 4.17-5etch3 [sarge] - file (version too old) CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...) {DSA-1371-1} - phpwiki 1.3.12p3-6.1 (bug #441390) CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...) {DSA-1371-1} - phpwiki 1.3.12p3-6.1 (bug #441390) CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...) NOT-FOR-US: Secustick USB flash drive CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.2 ...) - flashplugin-nonfree 9.0.48.0.1 [sarge] - flashplugin-nonfree (Non-free not supported) [etch] - flashplugin-nonfree (Non-free not supported) NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months NOTE: Some browser vendors produce updates, which fix this issue on the browser side, NOTE: but that it not of concern for Debian CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple Techno ...) NOT-FOR-US: Pineapple Technologies Lore CVE-2007-2020 NOT-FOR-US: xodagallery CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in phpGall ...) NOT-FOR-US: phpGalleryScript CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share Enter ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not c ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMy ...) - phpmyadmin 4:2.6.2-3 (unimportant) CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It 1.0 ...) NOT-FOR-US: Request It CVE-2007-2014 (PHP remote file inclusion vulnerability in include/blocks/week_events. ...) NOT-FOR-US: MyNews CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Ein ...) NOT-FOR-US: Passworschutz CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4. ...) NOT-FOR-US: CompreXX CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...) NOT-FOR-US: DeskPro CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote authentica ...) NOT-FOR-US: bftpd CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...) NOT-FOR-US: SimpCMS Light CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allo ...) NOT-FOR-US: pL-PHP CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authent ...) NOT-FOR-US: pL-PHP CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...) NOT-FOR-US: pL-PHP CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1 ...) NOT-FOR-US: Taskhopper component for Mambo and Joomla CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...) NOT-FOR-US: InoutMailingListManager CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect head ...) NOT-FOR-US: InoutMailingListManager CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to acc ...) NOT-FOR-US: InoutMailingListManager CVE-2007-2001 (Multiple direct static code injection vulnerabilities in admin/configu ...) NOT-FOR-US: Crea-Book CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...) NOT-FOR-US: Crea-Book CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages 1.7 ...) NOT-FOR-US: Weatimages CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) 4. ...) NOT-FOR-US: HIOX Guest Book CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract fu ...) {DSA-1281-1 DTSA-37-1} - clamav 0.90.2-1 (high) CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...) NOT-FOR-US: CodeBreak CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...) {DSA-1293-1} - quagga 0.99.6-5 (low; bug #418323) NOTE: The attributes are non-transitive, which means that they NOTE: are not propagated via BGP and therefore must originate NOTE: from a peer (which is explicitly configured). CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX ARPA transport CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...) NOT-FOR-US: HP-UX Portable File System CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...) NOT-FOR-US: com_zoom CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailSe ...) NOT-FOR-US: CmailServer WebMail CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...) NOT-FOR-US: MyBlog CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...) NOT-FOR-US: DotClear CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...) NOT-FOR-US: PHPEcho CMS CVE-2007-1987 NOT-FOR-US: PHPEcho CMS CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUN ...) NOT-FOR-US: AROUNDMe CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in phpexplorator.ph ...) NOT-FOR-US: phpexplorator CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...) NOT-FOR-US: lite-cms CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...) NOT-FOR-US: Cyboards PHP Lite CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple PH ...) NOT-FOR-US: Really Simple PHP and Ajax CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Wi ...) NOT-FOR-US: Metamod-P CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module fo ...) NOT-FOR-US: Topliste module for PHP-Fusion CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ea ...) NOT-FOR-US: PopnupBlog module for Xoops CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...) NOT-FOR-US: Arcade module for PHP-Fusion CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1 ...) NOT-FOR-US: holaCMS CVE-2007-1976 NOT-FOR-US: Virii Info module for Xoops CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allo ...) NOT-FOR-US: SLAED CMS CVE-2007-1974 (SQL injection vulnerability in the getArticle function in class/wfsart ...) NOT-FOR-US: Xoops modules CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...) NOT-FOR-US: Microsoft Windows CVE-2007-1972 NOT-FOR-US: BMC Patrol PerformAgent CVE-2007-XXXX [mydms SQL injection] - mydms 1.4.4+1-5 CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 20 ...) NOT-FOR-US: fotokategori.asp CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) - iceweasel (unimportant; bug #556267) [etch] - iceweasel (Etch Packages no longer covered by security support) [lenny] - iceweasel (Minor issue) CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Cr ...) NOT-FOR-US: MyBlog CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...) NOT-FOR-US: MyBlog CVE-2007-1967 NOT-FOR-US: stat12 CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...) NOT-FOR-US: eXV2 CMS CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4. ...) NOT-FOR-US: eXV2 CMS CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is available ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-1963 (SQL injection vulnerability in the create_session function in class_se ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and e ...) NOT-FOR-US: WF-Snippets module for Xoops CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...) NOT-FOR-US: Mutant portal for phpBB CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...) NOT-FOR-US: Rha7 Downloads CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in command.cp ...) - tinymux (unimportant) CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a deni ...) - tinymux 2.4.3.31-1 CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...) NOT-FOR-US: Portail Web Php CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6 ...) NOT-FOR-US: Groupee UBB.threads CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX Active ...) NOT-FOR-US: SKCrypAX ActiveX control CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 buil ...) NOT-FOR-US: ArchiveXpert CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...) NOT-FOR-US: onelook courts on-line CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote a ...) NOT-FOR-US: onelook onebyone CMS CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attac ...) NOT-FOR-US: onelook obo Shop CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizza ...) NOT-FOR-US: WebBlizzard CMS CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attack ...) NOT-FOR-US: WebBlizzard CMS CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers t ...) NOT-FOR-US: IrfanView CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...) NOT-FOR-US: Firebug extension for Firefox CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...) NOT-FOR-US: WIndows Explorer CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM W ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server (WA ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...) NOT-FOR-US: ACDSee Photo Manager CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependen ...) NOT-FOR-US: FastStone Image Viewer CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) NOT-FOR-US: Domino Web Access CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 lo ...) NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...) NOT-FOR-US: LanguageTool CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows remo ...) NOT-FOR-US: Ichitaro CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1 ...) NOT-FOR-US: Scorp Book CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAd ...) NOT-FOR-US: ScarAdControl CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ( ...) NOT-FOR-US: ScarAdControl CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 mo ...) NOT-FOR-US: eBoard module for PHP-Nuke CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Boo ...) NOT-FOR-US: PcP-Guestbook CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2. ...) NOT-FOR-US: ScarNews CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in Smod ...) NOT-FOR-US: SmodCMS CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, a ...) NOT-FOR-US: cattaDoc CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...) NOT-FOR-US: Beryo CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...) NOT-FOR-US: witshare CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...) NOT-FOR-US: CmailServer WebMail CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...) NOT-FOR-US: JBMC Software DirectAdmin CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone Nuk ...) NOT-FOR-US: Tru-Zone Nuke ET CVE-2007-1924 NOT-FOR-US: phpContact CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...) - sql-ledger (unimportant; bug #409703) CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.D ...) NOT-FOR-US: Winamp CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...) NOT-FOR-US: Winamp CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...) NOT-FOR-US: aktualnosci module in SmodBIP CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...) NOT-FOR-US: Arizona Dream Livre d'or CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 a ...) NOT-FOR-US: SAP RFC Library CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...) NOT-FOR-US: SAP RFC Library CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6 ...) NOT-FOR-US: SAP RFC Library CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Libra ...) NOT-FOR-US: SAP RFC Library CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 be ...) NOT-FOR-US: SAP RFC Library CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7 ...) NOT-FOR-US: SAP RFC Library CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted r ...) NOT-FOR-US: Microsoft Windows CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remo ...) NOT-FOR-US: Microsoft Word CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote atta ...) NOT-FOR-US: Microsoft Word CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.n ...) NOT-FOR-US: Battle.net Clan Script CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant Mes ...) NOT-FOR-US: PHP121 Instant Messenger CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...) NOT-FOR-US: Pathos CMS CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...) NOT-FOR-US: eCardMAX HotEditor CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Tech ...) NOT-FOR-US: QuizShock CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 a ...) NOT-FOR-US: AOL Instant Messenger CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...) NOT-FOR-US: SonicBB CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote att ...) NOT-FOR-US: SonicBB CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: SonicBB CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ex ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (low) CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 al ...) NOT-FOR-US: myWebland myBloggie CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitra ...) NOT-FOR-US: Jetbox CMS CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...) NOT-FOR-US: Sky GUNNING MySpeach CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MyS ...) NOT-FOR-US: Sky GUNNING MySpeach CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager Ac ...) NOT-FOR-US: Akamai CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...) NOT-FOR-US: Akamai CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...) - php4 (unimportant) - php5 (unimportant) NOTE: local code execution only, possibly only on FreeBSD CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zen ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c i ...) - sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328) NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself. NOTE: SQLite 3 no longer contains the affected function. CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sq ...) {DSA-1283-1 DTSA-39-1} - php4 (SQLite not enabled in PHP 4 packages) - php5 5.2.0-11 (medium) - php4-sqlite (medium; bug #420456) NOTE: php5 is vulnerable due to improper use of the system sqlite libs CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2. ...) NOTE: Duplicate of CVE-2007-1885 CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...) NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in PH ...) NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-depende ...) - php4 (unimportant) - php5 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Qualit ...) NOT-FOR-US: HP Mercury Quality Center CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in Kaspers ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo ...) NOT-FOR-US: KL.SysInfo ActiveX control CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...) NOT-FOR-US: Firebug extension for Firefox CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...) NOT-FOR-US: VMware CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest o ...) NOT-FOR-US: VMware CVE-2007-1875 RESERVED CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...) NOT-FOR-US: Adobe ColdFusion MX CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remo ...) NOT-FOR-US: mephisto CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows rem ...) NOT-FOR-US: toendaCMS CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows rem ...) NOT-FOR-US: chcounter CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ( ...) {DSA-1303-1} - lighttpd 1.4.15-1 (low; bug #422254) CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial o ...) {DSA-1303-1} - lighttpd 1.4.15-1 (medium; bug #422254) CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deplo ...) NOT-FOR-US: IBM Tivoli Provisioning Manager CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute a ...) NOT-FOR-US: IrfanView CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...) NOT-FOR-US: dproxy-nexgen CVE-2007-1865 NOT-FOR-US: not a bug CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...) {DSA-1331-1 DSA-1330-1} - php4 - php5 5.2.2-1 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), wh ...) - apache2 2.2.4-1 (low) - apache (unimportant) [sarge] - apache2 2.0.54-5sarge2 [etch] - apache2 2.2.3-4+etch2 NOTE: Apache 1.3 is non-threaded, therefore unimportant CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...) - apache2 (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed) CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...) {DSA-1289-1} - linux-2.6 2.6.21-1 CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 de ...) {DSA-1312-1} - libapache-mod-jk 1:1.2.23-1 (bug #425836) CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for credentia ...) - xscreensaver 5.03-1 (low; bug #433964) [etch] - xscreensaver (Minor issue, requires attacker with high level of control, see #433964) [sarge] - xscreensaver (Minor issue, requires attacker with high level of control, see #433964) CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4 ...) NOTE: insecure ciphers should not be (and usually are not) enabled in browsers [sarge] - tomcat4 (low) [etch] - tomcat5 (low; bug #423435) - tomcat5 (low; bug #423435) - tomcat5.5 5.5.17-1 (low) - tomcat4 (low) CVE-2007-1857 RESERVED CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure p ...) - cron (Debian uses proper permission scheme) CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_cl ...) NOT-FOR-US: Shop-Script CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container 07 ...) NOT-FOR-US: Hitachi Cosminexus Component Container CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Glob ...) NOT-FOR-US: Hitachi DeviceManager CVE-2007-1852 NOT-FOR-US: 2BGal CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...) NOT-FOR-US: Really Simple PHP and Ajax CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php i ...) NOT-FOR-US: Drake CMS CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows remot ...) NOT-FOR-US: Drake CMS CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php i ...) NOT-FOR-US: Drake CMS CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module fo ...) NOT-FOR-US: Repository module for Xoops CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and earli ...) NOT-FOR-US: MyAds CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...) NOT-FOR-US: Expanded Calendar module for PHP-Fusion CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsite ...) NOT-FOR-US: Aardvark Topsites CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in M ...) NOT-FOR-US: MapLab CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before 2.0.1 ...) NOT-FOR-US: JSBoard CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...) {DSA-1299-1 DTSA-42-1} - ipsec-tools 1:0.6.6-3.2 (medium; bug #423252) [sarge] - ipsec-tools (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge) CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable] - initramfs-tools 0.85g (low; bug #417995) CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not es ...) {DSA-1287-1} - ldap-account-manager 1.1.1-2 (medium; bug #415379) CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...) NOT-FOR-US: CodeBB CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ea ...) NOT-FOR-US: Friendfinder module for Xoops CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0. ...) NOT-FOR-US: MangoBery CMS CVE-2007-1836 (The command line administration interface in Data Domain OS before 4.0 ...) NOT-FOR-US: Data Domain OS CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...) - php4 (unimportant) - php5 (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unifi ...) NOT-FOR-US: Cisco CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unifie ...) NOT-FOR-US: Cisco CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) NOT-FOR-US: WebAPP CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) NOT-FOR-US: WebAPP CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...) NOT-FOR-US: WebAPP CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have unknow ...) NOT-FOR-US: WebAPP CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org Web ...) NOT-FOR-US: WebAPP CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in web-a ...) NOT-FOR-US: WebAPP CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unifi ...) NOT-FOR-US: Cisco CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2. ...) NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 befo ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or remo ...) NOT-FOR-US: T-Mobile CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote att ...) NOT-FOR-US: Alcatel-Lucent CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to retr ...) NOT-FOR-US: Sprint Nextel CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...) NOT-FOR-US: Nortel Networks CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (S ...) NOT-FOR-US: ActiveX control in TestDirector CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...) NOT-FOR-US: Forum picture and META tags module for phpBB CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews (lykos_r ...) NOT-FOR-US: Lykos Reviews module for Xoops CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...) NOT-FOR-US: Tutorials module for Xoops CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for X ...) NOT-FOR-US: Library module for Xoops CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for Xoop ...) NOT-FOR-US: Core module for Xoops CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and earlie ...) NOT-FOR-US: eCal module for Xoops CVE-2007-1812 (PHP remote file inclusion vulnerability in utilitaires/gestion_sondage ...) NOT-FOR-US: BT-Sondage CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...) NOT-FOR-US: Tiny Event module for Xoops CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 a ...) NOT-FOR-US: Kshop module for Xoops CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company We ...) NOT-FOR-US: WebSite Builder CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and earl ...) NOT-FOR-US: Camportail module for Xoops CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the myAl ...) NOT-FOR-US: myAlbum-P module for Xoops CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmg ...) NOT-FOR-US: RM+Soft Gallery module for Xoops CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and earli ...) NOT-FOR-US: debaser module for Xoops CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...) {DTSA-44-1} - pulseaudio 0.9.6-1 (low) [etch] - pulseaudio (Minor issue) CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...) NOT-FOR-US: MailDwarf CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...) NOT-FOR-US: MailDwarf CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...) NOT-FOR-US: sBLOG CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust Agen ...) NOT-FOR-US: Cisco CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...) {DSA-1373-2 DSA-1373-1} - ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007) CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows loc ...) NOT-FOR-US: IBM AIX CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...) {DSA-1903-1 DSA-1858-1} - imagemagick 7:6.2.4.5.dfsg1-1 (medium) - graphicsmagick 1.1.7-15 (medium) CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...) NOT-FOR-US: URLshrink CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PH ...) NOT-FOR-US: URLshrink CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...) NOTE: Duplicate of CVE-2006-3805 CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9. ...) NOT-FOR-US: Symantec Norton Personal Firewall CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec ...) NOT-FOR-US: Symantec Mail Security CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ea ...) NOT-FOR-US: Picture-Engine CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction So ...) NOT-FOR-US: Kaqoo Auction Software CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...) - flyspray (Code was introduced in 0.9.9, not sensitive anyway) CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low val ...) - flyspray 0.9.8-10 (medium) [sarge] - flyspray (Vulnerable code not present) CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.cl ...) NOT-FOR-US: Time-Assistant CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online Communit ...) NOT-FOR-US: Hitachi Collaboration CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...) NOT-FOR-US: CA BrightStor ARCserve Backup CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...) NOT-FOR-US: JNILoader ActiveX control CVE-2007-1783 REJECTED CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen] - dtc-xen 0.2.8-1 (low; bug #414480) CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen] - dtc-xen 0.2.8-1 (low; bug #414482) CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp] - kdelibs 4:3.5.5a.dfsg.1-8 CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer] - ffmpeg 0.cvs20060823-8 (low; bug #379922) - xmovie (this is not an issue in the avformat ffmpeg code copy) CVE-2007-XXXX [various crashes and infinite loops in ffmpeg] - ffmpeg 0.cvs20060823-8 (low; bug #407003) - xmovie CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access t ...) NOT-FOR-US: CruiseWorks CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...) NOT-FOR-US: Minna De Office CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...) NOT-FOR-US: Overlay Weaver CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in Advanc ...) NOT-FOR-US: Advanced Website Creator CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuk ...) NOT-FOR-US: Eve-Nuke CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php4 6:4.4.6-1 (medium) - php5 5.2.0-11 (medium) CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com D4 ...) NOT-FOR-US: D4J eZine CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...) NOT-FOR-US: JBrowser CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allo ...) NOT-FOR-US: aBitWhizzy CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow remot ...) NOT-FOR-US: aBitWhizzy CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...) NOT-FOR-US: HP JetDirect CVE-2007-1771 (PHP remote file inclusion vulnerability in manage/javascript/formjavas ...) NOT-FOR-US: Ay System Solutions Web Content System CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental System ...) NOT-FOR-US: ArcSDE CVE-2007-1769 REJECTED CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in app/helpers/application_he ...) NOT-FOR-US: Mephisto CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AO ...) NOT-FOR-US: AOL CVE-2007-1766 (PHP remote file inclusion vulnerability in login/engine/db/profiledit. ...) NOT-FOR-US: Advanced Login CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...) NOT-FOR-US: Microsoft CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user- ...) NOT-FOR-US: FastStone Image Viewer CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...) NOT-FOR-US: Microsoft CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs bef ...) - iceweasel 3.0.1-1 (unimportant; bug #445515) NOTE: I don't believe this has relevant security impact, such a black list NOTE: will register URLs found in the wild and the used adresses will be NOTE: volatile anyway CVE-2007-1761 REJECTED CVE-2007-1760 REJECTED CVE-2007-1759 REJECTED CVE-2007-1758 REJECTED CVE-2007-1757 REJECTED CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...) NOT-FOR-US: Microsoft Excel CVE-2007-1755 REJECTED CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...) NOT-FOR-US: Microsoft Office CVE-2007-1753 REJECTED CVE-2007-1752 REJECTED CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...) NOT-FOR-US: Microsoft CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...) NOT-FOR-US: Vector Markup Language CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name Sy ...) NOT-FOR-US: Microsoft Windows CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 200 ...) NOT-FOR-US: Microsoft Office CVE-2007-1746 RESERVED CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam An ...) {DSA-1281-1 DTSA-37-1} - clamav 0.90.2-1 (high) CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for VM ...) NOT-FOR-US: VMware CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...) - apache2 (unimportant) CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison f ...) - apache2 2.2.8-5 (unimportant) CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...) - apache2 2.2.8-5 (unimportant) CVE-2007-1740 REJECTED CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino befo ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...) NOT-FOR-US: TrueCrypt CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HT ...) NOT-FOR-US: Opera CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...) - iceweasel (unimportant) NOTE: I don't believe this has relevant security impact, such a black list NOTE: will register URLs found in the wild and the used adresses will be NOTE: volatile anyway CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565 ...) NOT-FOR-US: Corel WordPerfect CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in net/dccp/proto. ...) - linux-2.6 2.6.20-1 (medium; bug #420875) [etch] - linux-2.6 (Vulnerable code not present) CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remot ...) NOT-FOR-US: NaviCOPA HTTP Server CVE-2007-1732 - wordpress 2.1.3-1 (unimportant) NOTE: Administrators can post full HTML, that is a feature. Rightly disputed. CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous FT ...) NOT-FOR-US: hpaftpd CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...) - linux-2.6 2.6.21-1 (medium) [etch] - linux-2.6 (Vulnerable code not present) CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 1000 ...) NOT-FOR-US: Flexbb CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstati ...) NOT-FOR-US: Sony Playstation 3 CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 a ...) NOT-FOR-US: IceBB CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remot ...) NOT-FOR-US: IceBB CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and atta ...) NOT-FOR-US: ReactOS CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: IronMail CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea SK ...) NOT-FOR-US: SKCommAX ActiveX control CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 a ...) NOT-FOR-US: C-Arbre CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the Addressboo ...) NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...) NOT-FOR-US: mcweject CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php4 (medium) [sarge] - php4 (Vulnerable code not present) - php5 5.2.0-11 (medium) CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 t ...) - php4 6:4.4.6-2 (unimportant) - php5 5.2.2-1 (unimportant) NOTE: This is a regular bug, not a security problem CVE-2007-1716 (pam_console does not properly restore ownership for certain console de ...) NOT-FOR-US: pam_console CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...) NOT-FOR-US: Free Image Hosting CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...) NOT-FOR-US: CcCounter CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...) NOT-FOR-US: BASP21 CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...) NOT-FOR-US: Active Auction Pro CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 a ...) {DSA-1283-1 DSA-1282-1} - php4 6:4.4.6-2 - php5 5.2.0-9 NOTE: register_globals not supported CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-de ...) - php4 (unimportant) - php5 (unimportant) NOTE: Safe mode violations not supported, insufficient measure CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...) NOT-FOR-US: PECL phpDOC CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...) NOT-FOR-US: ttCMS CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side Conte ...) NOT-FOR-US: Net-Side.net CMS CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remot ...) NOT-FOR-US: eWebQuiz CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows re ...) NOT-FOR-US: Active Trade CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager (com_resma ...) NOT-FOR-US: Joomla module Car Manager CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...) NOT-FOR-US: Joomla module RWCards CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the Fla ...) NOT-FOR-US: Flatmenu CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is e ...) - php5 5.2.0-9 (unimportant) - php4 6:4.4.4-9 (unimportant) NOTE: register_globals not supported NOTE: Dupe of CVE-2007-0910 CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, c ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-9 - php4 6:4.4.4-9 [etch] - php5 5.2.0-8+etch1 [etch] - php4 6:4.4.4-8+etch1 [sarge] - php4 4:4.3.10-21 NOTE: This was fixed as a side-effect of previous security fixes, noting the NOTE: status as of DSA-1286 as fixed version. likewise the oldstable NOTE: version was fixed. CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_ ...) NOT-FOR-US: Mambo module SWmenu CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to re ...) NOT-FOR-US: Philex CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex 0. ...) NOT-FOR-US: Philex CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...) NOT-FOR-US: Active Newsletter CVE-2007-1695 - phpbb2 (requires register_globals to exploit) NOTE: Vulnerability is disputed, but is a non-issue anyway. CVE-2007-1694 RESERVED CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before 1 ...) - yate 1.2.0-1.dfsg-1 (low; bug #421994) [etch] - yate (Minor issue, fringe application) CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy Auto ...) NOT-FOR-US: Microsoft CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...) NOT-FOR-US: Second Sight Software CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ActiveG ...) NOT-FOR-US: Second Sight Software CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...) NOT-FOR-US: Norton CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Calli ...) NOT-FOR-US: PhPInfo ActiveX control CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX Im ...) NOT-FOR-US: iPIX Image Well ActiveX control CVE-2007-1686 RESERVED CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, ...) NOT-FOR-US: BlueCoat CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in sldimd ...) NOT-FOR-US: sldimdownload ActiveX control CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the Inc ...) NOT-FOR-US: IncrediMail CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX contr ...) NOT-FOR-US: FileManager ActiveX CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java W ...) NOT-FOR-US: Sun Solaris CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...) NOT-FOR-US: AudioConf ActiveX control CVE-2007-1679 NOTE: Allegedly a duplicate of CVE-2006-4255. NOTE: The other issue needs a CSRF attack to exploit. CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension f ...) NOT-FOR-US: Fizzle 0.5 extension for Firefox CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the N ...) NOT-FOR-US: NetBSD CVE-2007-1676 RESERVED CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP s ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LAN ...) NOT-FOR-US: LANDesk Management Suite CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and earli ...) [sarge] - zoo (Minor issue) [etch] - zoo (Minor issue) - zoo 2.10-19 (bug #424686) - unzoo 4.4-7 (bug #424690) [sarge] - unzoo (Minor issue) [etch] - unzoo (Minor issue) CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a den ...) NOT-FOR-US: avast CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers t ...) NOT-FOR-US: Avira CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ca ...) NOT-FOR-US: Panda CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1 ...) NOT-FOR-US: Barracuda CVE-2007-1668 RESERVED CVE-2007-1666 (The processor_request function in the debugger server for DataRescue I ...) NOT-FOR-US: IDA Pro CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1et ...) {DSA-1318-1} - ekg 1:1.7~rc2-2 (low) [sarge] - ekg (Vulnerable code not present) CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote att ...) {DSA-1318-1} - ekg 1:1.7~rc2-2 (low) [sarge] - ekg (Vulnerable code not present) CVE-2007-1663 (Memory leak in the image message functionality in ekg before 1:1.7~rc2 ...) {DSA-1318-1} - ekg 1:1.7~rc2-2 (low) [sarge] - ekg (Vulnerable code not present) CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads pas ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 backtrack ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - pcre3 7.3-1 - kazehakase 0.5.2-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows co ...) {DSA-1570-1 DSA-1399-1 DTSA-77-1} - kazehakase 0.5.2-1 - pcre3 7.3-1 - glib2.0 2.14.3-1 (unimportant) NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remo ...) NOT-FOR-US: Microsoft CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...) - python2.5 (does not build minigzip.c) CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Au ...) NOT-FOR-US: Plyt Audio CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX bef ...) {DSA-1317-1} - tinymux 2.4.3.31-1.1 (bug #417539) CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sf ...) NOT-FOR-US: ne7ssh CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial o ...) NOT-FOR-US: GlowWorm FW CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID e ...) NOT-FOR-US: MyOpenID.com CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows remot ...) NOT-FOR-US: MyOpenID.com CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...) NOT-FOR-US: pcapsipdump CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...) - php5 5.2.2-1 [etch] - php5 (Only affects PHP 5.2.1) CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...) NOT-FOR-US: 0irc CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ro ...) - moodle 1.5.3-1 (low) CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 al ...) NOT-FOR-US: SubHub CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 20 ...) NOT-FOR-US: FutureSoft TFTP Server CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on Microsof ...) NOT-FOR-US: Microsoft DNS Server CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management S ...) NOT-FOR-US: LAN Management System CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows rem ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows remo ...) NOT-FOR-US: PortailPHP CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 an ...) NOT-FOR-US: ClassWeb CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_ ...) NOT-FOR-US: PHProjekt CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the chec ...) NOT-FOR-US: PHProjekt CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI ...) NOT-FOR-US: IMAILAPILib ActiveX control CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 a ...) NOT-FOR-US: RoseOnlineCMS CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net Porta ...) NOT-FOR-US: Net Portal Dynamic System CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal Dy ...) NOT-FOR-US: Net Portal Dynamic System CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio Cir ...) NOT-FOR-US: Splatt Forum CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has u ...) NOT-FOR-US: webCMS CVE-2007-1631 NOT-FOR-US: CLBOX CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...) NOT-FOR-US: Active Link Engine CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...) NOT-FOR-US: Active Photo Gallery CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner (S ...) NOT-FOR-US: Study planner CVE-2007-1627 REJECTED CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame Mo ...) NOT-FOR-US: iFrame Module for PHP-NUKE CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in realGues ...) NOT-FOR-US: realGuestbook CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow rem ...) NOT-FOR-US: realGuestbook CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5 ...) NOT-FOR-US: realGuestbook CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ...) {DSA-1285-1} - wordpress 2.1.3-1 (medium) CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in Activ ...) NOT-FOR-US: Active PHP Bookmark Notes CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...) NOT-FOR-US: PHP DB Designer CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo R ...) NOT-FOR-US: ScriptMagix CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2. ...) NOT-FOR-US: ScriptMagix CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 an ...) NOT-FOR-US: ScriptMagix CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...) NOT-FOR-US: ScriptMagix CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...) NOT-FOR-US: ScriptMagix CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in zzi ...) {DTSA-56-1} - zziplib 0.13.49-0 (bug #436701; low) [etch] - zziplib (Minor issue) NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 NOTE: If an attacker can supply arbitrary file names, we likely suffer from NOTE: an information disclosure issue anyway. CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows r ...) NOT-FOR-US: MPM Chat CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...) NOT-FOR-US: Plyt Audio CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a certai ...) NOT-FOR-US: IKANARI JIJYOU CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Sof ...) NOT-FOR-US: NewsGlue CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Mon ...) NOT-FOR-US: Oracle Application Server CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain po ...) NOT-FOR-US: Web-Agora CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Ag ...) NOT-FOR-US: Web-Agora CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web-Agora CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agor ...) NOT-FOR-US: Web-Agora CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attack ...) NOT-FOR-US: Weekly Drawing Contest CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing Contes ...) NOT-FOR-US: Weekly Drawing Contest CVE-2007-1601 NOT-FOR-US: Weekly Drawing Contest CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye G ...) NOT-FOR-US: Digital Eye Gallery CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect authenti ...) {DSA-1601-1} - wordpress 2.2.2-1 (bug #437085; low) CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 a ...) NOT-FOR-US: FileCOPA FTP CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the we ...) NOT-FOR-US: Unclassified NewsBoard CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...) NOT-FOR-US: NFN Address Book CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk doe ...) - asterisk 1:1.4.0~dfsg-1 (low) [etch] - asterisk (Only affects 1.4.x) [sarge] - asterisk (Only affects 1.4.x) CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...) NOT-FOR-US: Symantec CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertent ...) {DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 (medium) CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.104 ...) NOT-FOR-US: Trend Micro CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and boot ...) NOT-FOR-US: Grandstream CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows loca ...) NOT-FOR-US: Truecrypt CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling Proc ...) NOT-FOR-US: MyServer CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remo ...) NOT-FOR-US: StatsDawg CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...) NOT-FOR-US: Zyxel CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.0 ...) NOT-FOR-US: Cisco CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows context-de ...) NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php5 5.2.0-11 (medium) - php4 (medium) CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) - php5 (unimportant) - php4 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...) - php5 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service (dae ...) NOT-FOR-US: FTPDMIN CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attac ...) NOT-FOR-US: MERCUR IMAPD CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in Atriu ...) NOT-FOR-US: MERCUR IMAPD CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows re ...) NOT-FOR-US: GeBlog CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0 ...) NOT-FOR-US: PHProjekt CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_ ...) NOT-FOR-US: PHProjekt CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain co ...) NOT-FOR-US: CARE2X CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...) NOT-FOR-US: vBulletin CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earl ...) NOT-FOR-US: JGBBS CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in Radica ...) NOT-FOR-US: Activist Mobilization Platform CVE-2007-1570 REJECTED CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attacker ...) NOT-FOR-US: NewsBin Pro CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 all ...) NOT-FOR-US: NewsReactor CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earli ...) NOT-FOR-US: WarFTPd CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...) NOT-FOR-US: NetVIOS Portal CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ( ...) - kdelibs (unimportant) CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote serve ...) - kdelibs 4:3.5.5a.dfsg.1-7 CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...) NOT-FOR-US: Opera CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...) - iceweasel 2.0.0.3-1 (low) CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...) - squid 2.6.5-6 (low) [sarge] - squid (Vulnerable code not present) CVE-2007-1559 (Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxi ...) NOT-FOR-US: Roxio CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 charact ...) {DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1} NOTE: Affects various clients, but no practical security implications NOTE: MFSA2007-15 - icedove 2.0.0.4-1 - iceape 1.1.2-1 - fetchmail 6.3.8-1 (unimportant) [etch] - fetchmail 6.3.6-1etch3 - mailfilter 0.8.2-1 (unimportant) - mutt 1.5.18-6 (unimportant) NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846) - balsa 2.3.17-1 (unimportant) - claws-mail 2.9.1-1 (unimportant) CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security 6.0 ...) NOT-FOR-US: F-Secure CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 al ...) NOT-FOR-US: Creative Files CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 bui ...) NOT-FOR-US: Minerva module of phpBB CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...) NOT-FOR-US: Guestbara CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote att ...) NOT-FOR-US: Guestbara CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum 0.51 ...) NOT-FOR-US: MetaForum CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 all ...) NOT-FOR-US: phpx CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote att ...) NOT-FOR-US: phpx CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 a ...) NOT-FOR-US: phpx CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...) NOT-FOR-US: Web Wiz Forums CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 al ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio Sys ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in server/dia/audi ...) {DSA-1273-1} - nas 1.8-4 (low; bug #416038) CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in server ...) {DSA-1273-1} - nas 1.8-4 (medium; bug #416038) CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...) NOT-FOR-US: Cisco CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only c ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 an ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX Land ...) NOT-FOR-US: pragmaMX Landkarten CVE-2007-1538 NOT-FOR-US: McAfee CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 S ...) NOT-FOR-US: Microsoft CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program be ...) {DSA-1274-1} - file 4.20-1 (bug #415362; high) NOTE: Has got lots of reverse dependencies. NOTE: Some of them process remotely supplied untrusted input. CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user acti ...) NOT-FOR-US: Microsoft CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains a ...) NOT-FOR-US: Microsoft CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same non ...) NOT-FOR-US: Microsoft CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista allow ...) NOT-FOR-US: Microsoft CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included i ...) NOT-FOR-US: Microsoft CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather re ...) NOT-FOR-US: Microsoft CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...) NOT-FOR-US: Microsoft CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...) NOT-FOR-US: Microsoft CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote authentic ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox B ...) NOT-FOR-US: Dayfox Blog CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...) NOT-FOR-US: ZomPlog CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versio ...) NOT-FOR-US: NetBSD CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and 5. ...) {DSA-1283-1} - php5 5.2.2-1 (medium) CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php5 5.2.0-11 (medium) - php4 6:4.4.6-2 (medium) CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and e ...) NOT-FOR-US: PHP-Nuke CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8. ...) NOT-FOR-US: PHP-Nuke CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...) NOT-FOR-US: WSN Guest CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 al ...) {DSA-1358-1} - asterisk 1:1.4.2~dfsg-5 (bug #415466; medium) NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 a ...) NOTE: Duplicate of CVE-2007-2297 CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in Cic ...) NOT-FOR-US: CcMail CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4. ...) - imp4 4.1.3-4 (medium; bug #415117) CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb Porta ...) NOT-FOR-US: ViperWeb Portal CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX Compan ...) NOT-FOR-US: WebSite Builder CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the M ...) NOT-FOR-US: Microsoft Windows CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and earl ...) NOT-FOR-US: FrontBase Relational Database Server CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 thro ...) NOT-FOR-US: Particle Blogger CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder k ...) NOT-FOR-US: krypt CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...) NOT-FOR-US: DirectAdmin CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x befo ...) {DSA-1271-1} - openafs 1.4.2-6 (medium) CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_war ...) NOT-FOR-US: Oracle Portal CVE-2007-1505 (Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V1 ...) NOT-FOR-US: Fujistu FENCE-Pro CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in Fuj ...) NOT-FOR-US: Fujitsu Interstage Application Server CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...) - rhapsody (medium) CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...) - rhapsody (medium) CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remo ...) NOT-FOR-US: Avant Browse CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to overwrit ...) NOT-FOR-US: Linux Security Auditing Tool CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...) NOT-FOR-US: Internet Explorer CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 Act ...) NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...) {DSA-1289-1} - linux-2.6 2.6.20-1 (medium) CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...) {DSA-1289-1} - linux-2.6 2.6.21-1 (medium) CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) NOT-FOR-US: Symantec Norton Personal Firewall CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...) NOT-FOR-US: NukeSentinel CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...) NOT-FOR-US: NukeSentinel CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote attacker ...) NOT-FOR-US: Microsoft Windows XP CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Av ...) NOT-FOR-US: Avaya S87XX CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 bef ...) NOT-FOR-US: Avaya S87XX CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal (We ...) NOT-FOR-US: WebAPP CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 be ...) NOT-FOR-US: Sun Java System Web Server CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder (ak ...) NOT-FOR-US: CyberTeddy WebLog CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in Carbo ...) NOT-FOR-US: Carbonize Lazarus Guestbook CVE-2007-1485 NOT-FOR-US: LIBFtp CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...) - php4 (unimportant) - php5 5.2.2-1 (unimportant) NOTE: local malicious scripts only CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9. ...) - webcalendar 1.0.5-1 (high) [sarge] - webcalendar 0.9.45-4sarge7 NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current NOTE: Sarge version as fixed version CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...) NOT-FOR-US: WBBlog CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote attac ...) NOT-FOR-US: WBBlog CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an administrativ ...) NOT-FOR-US: Creative Guestbook CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...) NOT-FOR-US: Creative Guestbook CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read arbitra ...) NOT-FOR-US: McGallery CVE-2007-1477 NOT-FOR-US: Point Of Sale for osCommerce CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Fire ...) NOT-FOR-US: Symantec Norton Personal Firewall CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconn ...) - php4 (unimportant) NOTE: Can only be triggered by malicious script CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde P ...) {DSA-1406-1} - horde3 3.1.3-4 (medium) CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in H ...) {DSA-1406-1} - horde3 3.1.4-1 (low; bug #434045) CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...) NOT-FOR-US: Groupit CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...) NOT-FOR-US: Orion-Blog CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote att ...) NOT-FOR-US: LIBFtp CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2 ...) NOT-FOR-US: Absolute Image Gallery CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (C ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.h ...) NOT-FOR-US: Cisco CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function i ...) - libwpd 0.8.9-1 (medium) [etch] - libwpd 0.8.7-6 CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 all ...) NOT-FOR-US: dproxy CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in Inksc ...) - inkscape 0.45.1-1 (medium) [etch] - inkscape (Versions prior to 0.45 used loudmouth, which isn't affected) CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows user-assi ...) - inkscape 0.45.1-1 (low) [etch] - inkscape (Minor issue) [sarge] - inkscape (Minor issue) NOTE: shell code would be prominently inside the file names CVE-2007-1462 (The luci server component in conga preserves the password between page ...) NOT-FOR-US: conga CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...) - php5 5.2.2-1 (unimportant) NOTE: Safemode and open_basedir bypasses not supported CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP befor ...) - php5 5.2.2-1 (unimportant) NOTE: Safemode and open_basedir bypasses not supported CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6 ...) NOT-FOR-US: WebCreator CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...) NOT-FOR-US: CARE2X CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer Uniq ...) NOT-FOR-US: UniquE RAR File Library CVE-2007-1456 NOT-FOR-US: PHP Photo Album CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as use ...) NOT-FOR-US: Fantastico CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (medium) CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...) - php5 (cpdf extension not enabled in binary build) CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a dire ...) NOT-FOR-US: GuppY CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlie ...) NOT-FOR-US: PHP-Nuke CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...) NOT-FOR-US: PHP-Nuke CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...) NOT-FOR-US: BrightStor ARCserve Backup CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...) NOT-FOR-US: BrightStor ARCserve Backup CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...) NOT-FOR-US: Open Education System CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for default.as ...) NOT-FOR-US: BP Blog CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary f ...) - netperf 2.4.3-8 (bug #413658; medium) [sarge] - netperf (Non-free not supported) [etch] - netperf (Non-free not supported) CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the SetSe ...) NOT-FOR-US: Oracle Database CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (P ...) NOT-FOR-US: BlackBerry 8100 CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows r ...) NOT-FOR-US: JGBBS CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bi ...) NOT-FOR-US: MySQL Commander CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 all ...) NOT-FOR-US: X-Ice News System CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger bef ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...) - sql-ledger 2.8.14-1 (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to c ...) NOT-FOR-US: D-Link TFTP Server CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earl ...) NOT-FOR-US: Grayscale Blog CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...) NOT-FOR-US: Grayscale Blog CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote att ...) NOT-FOR-US: Grayscale Blog CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...) - pennmush 1.8.2p7-1 (low; bug #436249) [sarge] - pennmush (Minor issue) [etch] - pennmush (Minor issue) CVE-2007-1430 (PHP remote file inclusion vulnerability in include/adodb-connection.in ...) NOT-FOR-US: ClipShare CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 all ...) - moodle NOTE: Security problem with the Windows version NOTE: Debian Maintainer and Upstream state that debian is not affected NOTE: and the problem is not reproducible there CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 a ...) NOT-FOR-US: JobSitePro CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...) NOT-FOR-US: AssetMan CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attack ...) NOT-FOR-US: AstroCam CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2 ...) NOT-FOR-US: SonicMailer Pro CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media G ...) NOT-FOR-US: DataLife Engine CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system e-co ...) NOT-FOR-US: WORK system e-commerce CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti all ...) NOT-FOR-US: Duyuru Scripti CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...) NOT-FOR-US: SubDog CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of servic ...) - mysql-dfsg-5.0 5.0.32-8 (bug #414790) [etch] - mysql-dfsg-5.0 5.0.32-7etch1 CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ove ...) NOT-FOR-US: JMX RMI-IIOP CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.ph ...) NOT-FOR-US: DekiWiki CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...) NOT-FOR-US: NEWSSYSTEM CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (ak ...) NOT-FOR-US: URLshrink CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0 ...) NOT-FOR-US: PMB Services CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP 5 ...) - php4 (unimportant) - php5 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 al ...) - php4 (cpdf extension not enabled in binary build) - php5 (cpdf extension not enabled in binary build) CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versio ...) - php4 (no mssql extension in Debian) - php5 (no mssql extension in Debian) CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...) NOT-FOR-US: GaziYapBoz Game Portal CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...) - wordpress (Path disclosure) CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outpos ...) NOT-FOR-US: Vallheru CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has un ...) NOT-FOR-US: Quick.Cart CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header s ...) [etch] - trac 0.10.3-1etch1 - trac 0.10.4-1 (bug #414134; bug #420219) NOTE: Browser bug, only exploitable on IE, still fixed in a point release CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...) [etch] - trac 0.10.3-1etch1 - trac 0.10.4-1 (bug #414134; bug #420219) NOTE: Browser bug, only exploitable on IE, still fixed in a point release CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attac ...) NOT-FOR-US: ProSysInfo TFTP Server CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in SwDir.d ...) NOT-FOR-US: ActiveX control CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows rem ...) NOT-FOR-US: Rediff Toolbar ActiveX control CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...) NOT-FOR-US: php doesn't ship with cracklib activated in debian. CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...) NOT-FOR-US: Plash CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8. ...) {DSA-1330-1} - php5 5.2.2-1 (medium) CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...) - snort (Vulnerable code not present) CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...) NOT-FOR-US: FiSH IRC Encryption CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...) - php5 5.2.2-1 (unimportant) NOTE: Non-issue CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 th ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.0.2-1 (medium) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2007-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6215e201eb98226837954059f6c99c9aa1c55a9a CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...) NOT-FOR-US: Flat Chat CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2 ...) NOT-FOR-US: Magic CMS CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...) NOT-FOR-US: netForo! CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.ph ...) NOT-FOR-US: WEBO CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 a ...) NOT-FOR-US: dynalias CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...) NOT-FOR-US: dynalias CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux k ...) - linux-2.6 2.6.18.dfsg.1-12 CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0r ...) {DSA-1536-1} - mplayer 1.0~rc1-13 (bug #414075; low) - xine-lib 1.1.2+dfsg-3 (bug #414072; low) [etch] - mplayer 1.0~rc1-12etch [sarge] - xine-lib (Only affects external, proprietary w32codecs addons) CVE-2007-1386 RESERVED CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to c ...) - ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium) CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...) - ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium) CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 all ...) - php4 (unimportant) NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected" CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow context-depend ...) NOT-FOR-US: Windows PHP COM extensions CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ...) - php5 (Affected only a php5 CVS version, not a release) CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP b ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.6-1 (low) - php5 5.2.0-11 (low) CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before 4.4 ...) - php4 (Ovrimus support not included in Debian's PHP packages) CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP befo ...) - php4 (Ovrimus support not included in Debian's PHP packages) CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, N ...) NOT-FOR-US: Adobe Reader CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ...) {DSA-1283-1 DTSA-39-1} - php4 - php5 5.2.0-11 NOTE: Only triggerable by malicious script CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and earli ...) {DSA-1283-1 DTSA-39-1} - php5 5.2.0-11 (low) NOTE: Should be fixed, could be used as a stepstone for further attacks CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz F ...) NOT-FOR-US: Snitz Forums CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...) NOT-FOR-US: Mercury Mail Transport System CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...) NOT-FOR-US: PostGuestbook CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...) - conquest 8.2b-1 (low) [sarge] - conquest (Minor issue) [etch] - conquest (Minor issue) CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...) NOT-FOR-US: Zend Platform CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...) NOT-FOR-US: Zend Platform CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4 ...) NOT-FOR-US: Drupal module Project CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya Co ...) NOT-FOR-US: Avaya Communications Manager CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the divis ...) {DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows rem ...) NOT-FOR-US: OpenBSD Kernel CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain privi ...) NOT-FOR-US: DropAFew CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...) NOT-FOR-US: DropAFew CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-14 - iceape 1.1.2-1 (low) - iceweasel 2.0.0.4-1 (low) - xulrunner 1.8.1.4-1 (low) CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in V ...) NOT-FOR-US: VirtueMart CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x befo ...) NOT-FOR-US: Drupal module Nodefamily CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlie ...) - libapache-mod-security 2.1.2-1 CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...) - tomcat4 (low) [sarge] - tomcat4 (Contrib not supported) CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...) {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 CVE-2007-1356 REJECTED CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the appdev/samp ...) - tomcat4 (unimportant) - tomcat5 (unimportant) - tomcat5.5 5.5.25-1 (unimportant) NOTE: Just an example application for documentation purposes CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX Co ...) NOT-FOR-US: JBoss Application Server CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1} - linux-2.6 2.6.22-1 (low) CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont b ...) {DSA-1294-1} - libxfont 1:1.2.2-2 (medium) CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...) {DSA-1454-1 DSA-1294-1} - libxfont 1:1.2.2-2 (medium) - freetype 2.3.5-1 (medium; bug #426771) CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 al ...) NOT-FOR-US: Novell NetMail CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mo ...) - apache (low) - libapache2-mod-perl2 2.0.2-5 (low; bug #433549) [etch] - libapache2-mod-perl2 (Minor issue) [etch] - apache 1.3.34-4.1+etch1 CVE-2007-1348 REJECTED CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and p ...) NOT-FOR-US: Microsoft Windows Explorer CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...) NOT-FOR-US: Sun Fire Server CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA (Co ...) NOT-FOR-US: CA eTrust Admin CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 a ...) NOT-FOR-US: Ezstream CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...) {DSA-1267-1} - webcalendar 1.0.5-1 (high) CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelso ...) NOT-FOR-US: vBulletin CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not us ...) NOT-FOR-US: Simple Invoices CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz N ...) NOT-FOR-US: News-Letterman CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management Applicati ...) NOT-FOR-US: Links Management Application CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort Extr ...) NOT-FOR-US: Apple AirPort Extreme CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 d ...) NOT-FOR-US: VMware CVE-2007-1336 RESERVED CVE-2007-1335 RESERVED CVE-2007-1334 RESERVED CVE-2007-1333 RESERVED CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Bank ...) NOT-FOR-US: TKS Banking Solutions ePortfolio CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Sol ...) NOT-FOR-US: TKS Banking Solutions ePortfolio CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.1 ...) NOT-FOR-US: Comodo Firewall Pro CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...) - sql-ledger (unimportant; bug #409703) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...) NOT-FOR-US: JOLY BJ Webring CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-serv ...) NOT-FOR-US: silc daemon CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows r ...) - serendipity (unimportant) NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in php ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.0.2-1 [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2007-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b81f9a364c2a2204e6acbdff5b71e6cc6daead1e CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u ...) NOT-FOR-US: SnapGear CVE-2007-1323 REJECTED CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing t ...) {DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...) {DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region f ...) {DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1} - qemu 0.9.0-2 (bug #424070) - kvm 66+dfsg-1.1 - xen-3 3.1.0-2 (bug #444007; medium) - xen-3.0 CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in t ...) NOT-FOR-US: DeviceXPlorer OLE CVE-2007-1318 RESERVED CVE-2007-1317 RESERVED CVE-2007-1316 RESERVED CVE-2007-1315 RESERVED CVE-2007-1314 RESERVED CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly va ...) NOT-FOR-US: NETxAutomation NETxEIB OPC Server CVE-2007-1312 RESERVED CVE-2007-1311 RESERVED CVE-2007-1310 RESERVED CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated u ...) NOT-FOR-US: Novell Access Management CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...) - kdelibs (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...) NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attacker ...) {DSA-1358-1} - asterisk 1:1.2.16~dfsg-1 (medium) CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sav ...) NOT-FOR-US: Sava's Guestbook CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...) NOT-FOR-US: Sava's Guestbook CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earli ...) NOT-FOR-US: RRDBrowse CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...) NOT-FOR-US: LI-Guestbook CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable Enterpri ...) NOT-FOR-US: MailEnable Enterprise CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier v ...) NOT-FOR-US: ISPUtil CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats Rea ...) NOT-FOR-US: Mani Stats Reader CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows rem ...) NOT-FOR-US: AJ Auction CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...) NOT-FOR-US: AJ Dating CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds 1. ...) NOT-FOR-US: AJ Classifieds CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...) NOT-FOR-US: AJ Forum CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in D ...) NOT-FOR-US: DivXBrowserPlugin ActiveX control CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ma ...) NOT-FOR-US: Rigter Portal System CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin befo ...) NOT-FOR-US: vBulletin CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Track ...) NOT-FOR-US: TygerBT CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking Sy ...) NOT-FOR-US: TygerBT CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking Syst ...) NOT-FOR-US: TygerBT CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...) NOT-FOR-US: WB News CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info] - lintian 1.23.28 (low) [sarge] - lintian (Vulnerable code not present) CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...) - php4 (unimportant) [sarge] - php4 (Regression introduced in 4.4.3) NOTE: Non-issue, explicit debug feature CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...) {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1} - php4 6:4.4.6-1 (low) - php5 5.2.0-11 (low) CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...) - php5 5.2.2-1 (unimportant) - php4 (unimportant) NOTE: Needs to be sanisited within apps, only crashes the current instance anyway CVE-2007-1284 RESERVED CVE-2007-1283 RESERVED CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...) {DSA-1336-1} - icedove 1.5.0.10.dfsg1-1 (medium) CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...) NOT-FOR-US: Kaspersky AntiVirus Engine CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...) NOT-FOR-US: Adobe CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 upda ...) NOT-FOR-US: Adobe CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updat ...) NOT-FOR-US: Adobe JRun and Coldfusion CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites d ...) - wordpress (orig.tar.gz not compromised) CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...) - webmin CVE-2007-1275 RESERVED CVE-2007-1274 RESERVED CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3] - git-core 1:1.5.0.3-1 (bug #413629; low) [etch] - git-core 1:1.4.4.4-2 (bug #413629; low) CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before 2006 ...) NOT-FOR-US: NetBSD Kernel CVE-2007-1272 RESERVED CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attac ...) NOT-FOR-US: VMware ESX Server CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...) NOT-FOR-US: VMware ESX Server CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ...) - gnumail (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...) - mutt (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ...) - sylpheed (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd argu ...) - evolution (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...) - kdepim (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd argu ...) - enigmail 2:0.95.0+1-1 (unimportant; bug #415225) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the comm ...) {DSA-1266-1} - gnupg 1.4.6-2 (bug #413922; low) - gpgme1.0 1.1.2-3 (bug #414170; low) - gnupg2 2.0.3-1 [sarge] - gnupg2 (Minor issue) [etch] - gnupg2 (Minor issue) CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...) {DSA-1290-1} - squirrelmail 2:1.4.10a-1 CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before 0 ...) NOT-FOR-US: OpenBiblio CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in server.cp ...) NOT-FOR-US: WebMod CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unk ...) NOT-FOR-US: WebAPP CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...) NOT-FOR-US: Cisco CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...) NOT-FOR-US: Cisco CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address b ...) - iceweasel (unimportant) NOTE: Not exploitable CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connecti ...) NOT-FOR-US: Connectix Boards CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Board ...) NOT-FOR-US: Connectix Boards CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script f ...) - blender 2.42a-6 (medium) [sarge] - blender (bug was introduced in version 2.42) NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 17 ...) NOT-FOR-US: Symantec Mail Security CVE-2007-1251 (Format string vulnerability in the new_warning function in ntserv/warn ...) NOT-FOR-US: Netrek Vanilla Server CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning M ...) NOT-FOR-US: Learning Management Suite CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 do ...) NOT-FOR-US: Contelligent CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News M ...) NOT-FOR-US: News Manager Blog CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNe ...) NOT-FOR-US: aWebNews CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...) {DSA-1536-1} - mplayer 1.0~rc1-13 (bug #414075; medium) - xine-lib 1.1.2+dfsg-3 (bug #414072; medium) [etch] - mplayer 1.0~rc1-12etch [sarge] - xine-lib (Only affects external, proprietary w32codecs addons) NOTE: vlc checked, and is not affected. CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service (a ...) NOT-FOR-US: IrfanView CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ...) - wordpress 2.1.2-1 (medium) [etch] - wordpress 2.0.10 CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication an ...) NOT-FOR-US: Audins Audiens CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...) NOT-FOR-US: Audins Audiens CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins Audien ...) NOT-FOR-US: Audins Audiens CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0. ...) NOT-FOR-US: Docebo CMS CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...) NOT-FOR-US: Microsoft Office CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...) NOT-FOR-US: Microsoft Office CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive informat ...) NOT-FOR-US: sitex CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a re ...) NOT-FOR-US: sitex CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote attacker ...) NOT-FOR-US: sitex CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow rem ...) NOT-FOR-US: sitex CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in STWC ...) NOT-FOR-US: STWC-Counter CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...) NOT-FOR-US: SQLiteManager CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1 ...) NOT-FOR-US: SQLiteManager CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ...) - wordpress 2.1.2-1 (medium) [etch] - wordpress 2.0.10 CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServ ...) NOT-FOR-US: Nullsoft ShoutcastServer CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...) NOT-FOR-US: IBM DB2 CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 al ...) NOT-FOR-US: McAfee VirusScan CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissio ...) NOT-FOR-US: McAfee VirusScan CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy 4 ...) NOT-FOR-US: Grok Developments NetProxy CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...) NOT-FOR-US: Grok Developments NetProxy CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...) NOT-FOR-US: Hitachi OSAS/FT/W CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...) NOT-FOR-US: Parallels Desktop CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attac ...) NOT-FOR-US: Microsoft Xbox 360 CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not pro ...) NOT-FOR-US: Microsoft Xbox 360 CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin Ph ...) NOT-FOR-US: Phorum CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...) - isdnutils 1:3.9.20060704-3 (bug #408530; low) [sarge] - isdnutils (Not exploitable over ISDN network) - asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant) - linux-2.6 2.6.21-1 (bug #411294; unimportant) NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server CVE-2007-1216 (Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5un ...) {DSA-1276-1} - krb5 1.4.4-8 (high) CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...) NOT-FOR-US: Microsoft GDI CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 fo ...) NOT-FOR-US: Microsoft Excel CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows loc ...) NOT-FOR-US: Microsoft Windows CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...) NOT-FOR-US: Microsoft GDI CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2007-1210 REJECTED CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ( ...) NOT-FOR-US: Windows Vista CVE-2007-1208 REJECTED CVE-2007-1207 REJECTED CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windo ...) NOT-FOR-US: Microsoft Windows CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...) NOT-FOR-US: Microsoft Windows CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...) NOT-FOR-US: Microsoft Windows CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...) NOT-FOR-US: Microsoft Excel CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) NOT-FOR-US: Microsoft Word CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...) NOT-FOR-US: Microsoft Office CVE-2007-1200 RESERVED CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read arbitrar ...) NOT-FOR-US: Acrobat Reader CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 al ...) NOT-FOR-US: TaskFreak! CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unkn ...) NOT-FOR-US: Epiware CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for Win ...) NOT-FOR-US: Citrix CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow r ...) NOT-FOR-US: XM Easy Personal FTP Server CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt De ...) NOT-FOR-US: SandBox Analyzer CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM be ...) NOT-FOR-US: OrangeHRM CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive informati ...) NOT-FOR-US: HyperBook Guestbook CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes us ...) NOT-FOR-US: Quicksilver plugin Social Bookmarks CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX contro ...) NOT-FOR-US: EmbeddedWB ActiveX control CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell L ...) NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9 CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form in ...) NOT-FOR-US: WebAPP CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...) NOT-FOR-US: WebAPP CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, w ...) NOT-FOR-US: WebAPP CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...) NOT-FOR-US: WebAPP CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setti ...) NOT-FOR-US: WebAPP CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof anoth ...) NOT-FOR-US: WebAPP CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profil ...) NOT-FOR-US: WebAPP CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the usern ...) NOT-FOR-US: WebAPP CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...) NOT-FOR-US: WebAPP CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in cer ...) NOT-FOR-US: WebAPP CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts relate ...) NOT-FOR-US: WebAPP CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in c ...) NOT-FOR-US: WebAPP CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0 ...) NOT-FOR-US: WebAPP CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...) NOT-FOR-US: WebAPP CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 2 ...) NOT-FOR-US: WebAPP CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service (X ...) NOT-FOR-US: CentennialIPTransferServer CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05 ...) NOT-FOR-US: WebAPP CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2 ...) NOT-FOR-US: NukeSentinel CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0. ...) NOT-FOR-US: SimBin Racing CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 2 ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ear ...) NOT-FOR-US: Clanportal CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows remot ...) NOT-FOR-US: Nabopoll CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...) NOT-FOR-US: DBGuestbook CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1 ...) NOT-FOR-US: DBImageGallery CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and e ...) NOT-FOR-US: webSPELL CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ( ...) NOT-FOR-US: Common Controls ActiveX control CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call Cen ...) NOT-FOR-US: Call Center Software CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the 802.1 ...) {DSA-1272-1} - tcpdump 3.9.5-2 (bug #413430; low) CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...) NOT-FOR-US: webSPELL CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in Pyropho ...) NOT-FOR-US: Pyrophobia CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...) NOT-FOR-US: Pagesetter CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAda ...) NOT-FOR-US: JBoss CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access c ...) NOT-FOR-US: JBrowser CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote authe ...) NOT-FOR-US: webSPELL CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to exe ...) NOT-FOR-US: webSPELL CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...) NOT-FOR-US: CuteNews CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 all ...) NOT-FOR-US: Pyrophobia CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...) NOT-FOR-US: LoveCMS CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote au ...) NOT-FOR-US: LoveCMS CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remo ...) NOT-FOR-US: LoveCMS CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCM ...) NOT-FOR-US: LoveCMS CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remo ...) NOT-FOR-US: hbm CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost al ...) NOT-FOR-US: arabhost CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...) NOT-FOR-US: Kayako SupportSuite CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Nav ...) NOT-FOR-US: J-Web Pics Navigator CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigat ...) NOT-FOR-US: J-Web Pics Navigator CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allo ...) NOT-FOR-US: Magic News Plus CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News P ...) NOT-FOR-US: Magic News Plus CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote a ...) NOT-FOR-US: pheap CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla P ...) NOT-FOR-US: Simple Plantilla PHP CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromos ...) NOT-FOR-US: Simple Plantilla PHP CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...) NOT-FOR-US: Putmail CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...) NOT-FOR-US: WebMplayer CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alph ...) NOT-FOR-US: WebMplayer CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown i ...) NOT-FOR-US: Watchtower CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 al ...) NOT-FOR-US: FCRing CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us ...) NOT-FOR-US: MTCMS CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis Foru ...) NOT-FOR-US: Sinapis Forum CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gaste ...) NOT-FOR-US: Sinapis Gastebuch CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow r ...) NOT-FOR-US: MTCMS CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: shopkitplus CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus a ...) NOT-FOR-US: shopkitplus CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows re ...) NOT-FOR-US: xtcommerce CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Sim ...) NOT-FOR-US: XeroXer Simple CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple one ...) NOT-FOR-US: XeroXer Simple CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...) NOT-FOR-US: ZPanel CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...) NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...) NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...) NOT-FOR-US: TeeChart Pro ActiveX control CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management Supp ...) NOT-FOR-US: Novell ZENworks CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 a ...) NOT-FOR-US: eFiction CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 a ...) NOT-FOR-US: Microsoft Office CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...) {DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1} - iceweasel 2.0.0.4-1 (low) - iceape 1.1.2-1 (low) - xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low) NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/, NOTE: older mozillas are not vulnerable CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset fr ...) NOT-FOR-US: Opera CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...) NOT-FOR-US: Microsoft IE CVE-2007-1113 RESERVED CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe meth ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...) NOT-FOR-US: ActiveCalendar CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ActiveCalend ...) NOT-FOR-US: ActiveCalendar CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1 ...) NOT-FOR-US: Phpwebgallery CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schn ...) NOT-FOR-US: CS-Gallery CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo Gall ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1106 (PHP remote file inclusion vulnerability in includes/functions_nomoketo ...) NOT-FOR-US: NoMoKeTos Rules CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ph ...) NOT-FOR-US: phpBB Extreme CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module Imple ...) NOT-FOR-US: PHP Module Implementation CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, whic ...) - tor (unimportant) NOTE: Minor issue, just puts more noise on the node CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Photostand CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2. ...) NOT-FOR-US: Photostand CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan Pickl ...) NOT-FOR-US: Pickle CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...) - dropbear 0.49-1 (unimportant; bug #412899) [etch] - dropbear 0.48.1-2 (unimportant) NOTE: That's a lack of a security feature (strict hostkey checking in openssh NOTE: termininoloy) and an awkward interface, but not a vulnerability per se NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unk ...) NOT-FOR-US: ScryMUD CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function i ...) NOT-FOR-US: Wiclear CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...) NOT-FOR-US: VirtueMart CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (low; bug #445514) - xulrunner 1.8.1.9-1 - iceape 1.1.5 NOTE: MFSA2007-30 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft IE CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ( ...) NOT-FOR-US: Network Node Manager CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...) - iceweasel 2.0.0.2+dfsg-1 (low) CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...) NOT-FOR-US: Microsoft IE CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote user-a ...) NOT-FOR-US: Microsoft Windows CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local u ...) NOT-FOR-US: IBM DB2 CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9. ...) NOT-FOR-US: IBM DB2 CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not pr ...) NOT-FOR-US: IBM DB2 CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 befor ...) NOT-FOR-US: IBM DB2 CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows remo ...) NOT-FOR-US: Google Desktop CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...) - iceweasel (unimportant; bug #556268) - iceape (unimportant) - epiphany-browser (unimportant; bug #556272) NOTE: only epiphany-gecko backend affected - galeon 2.0.7-2 (unimportant; bug #556270) - kazehakase 0.5.8-2 (bug #556271) [lenny] - kazehakase 0.5.4-2lenny1 - conkeror (doesn't support bookmarks) - webkit (doesn't support javascript embedded in bookmarks) CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX contr ...) NOT-FOR-US: ConfigChk ActiveX control CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allo ...) NOT-FOR-US: FTP Explorer CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...) - typo3-src 4.0.5+debian-1 [etch] - typo3-src 4.0.2+debian-3 CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...) NOT-FOR-US: TurboFTP CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0 ...) NOT-FOR-US: FTP Voyager CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScrip ...) NOT-FOR-US: FlashGameScript CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2. ...) NOT-FOR-US: UserPages2 CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...) NOT-FOR-US: phpTrafficA CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ser ...) NOT-FOR-US: TurboFTP CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allo ...) NOT-FOR-US: NewsBin Pro CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows r ...) NOT-FOR-US: mcRefer CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911 ...) NOT-FOR-US: Cisco CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple Ma ...) NOT-FOR-US: Apple ImageIO CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attack ...) NOT-FOR-US: VMware CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ( ...) NOT-FOR-US: Cisco CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...) NOT-FOR-US: Cisco CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7 ...) NOT-FOR-US: Cisco CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...) NOT-FOR-US: Cisco CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8 ...) NOT-FOR-US: PHP-Nuke CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendS ...) NOT-FOR-US: SendStudio CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fu ...) NOT-FOR-US: Ultimate Fun Book CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Build ...) NOT-FOR-US: Online Web Building CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application Swi ...) NOT-FOR-US: Nortel Application Switch CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user restric ...) NOT-FOR-US: VMware CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...) - mediawiki 1.7.1-9 (bug #406238; medium) CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...) - mediawiki 1.7.1-9 (bug #406238; medium) CVE-2007-1053 NOT-FOR-US: phpXmms CVE-2007-1052 NOT-FOR-US: PBLang CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...) NOT-FOR-US: Comodo Firewall Pro CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ab ...) NOT-FOR-US: MyCalendar CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...) NOT-FOR-US: phpbb_wordsearch CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...) - dcc (medium; bug #439718) CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a direc ...) NOT-FOR-US: Dem_trac CVE-2007-1045 (mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrat ...) NOT-FOR-US: mAlbum CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list th ...) NOT-FOR-US: PowerSchool CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass auth ...) NOT-FOR-US: Ezboo CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News (X-New ...) NOT-FOR-US: Xpression News CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News ...) NOT-FOR-US: News Rover CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News (X ...) NOT-FOR-US: Xpression News CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 an ...) NOT-FOR-US: Peanut Knowledge Base CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...) NOT-FOR-US: Grabit CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier a ...) NOT-FOR-US: News File Grabber CVE-2007-XXXX [vserver patch allows renice of processes in different context] - linux-2.6 2.6.18.dfsg.1-12 (bug #412143) CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures] - apg 2.2.3.dfsg.1-2 (low; bug #412618) [etch] - apg (Minor issue) [sarge] - apg (Minor issue) CVE-2007-XXXX [mt-daapd remote access & default password] - mt-daapd 0.9~r1586-1 (unimportant; bug #404640) NOTE: User-unfriendly packaging flaw, but not a vulnerability per se CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config] - amavisd-new 1:2.5.2-1 (unimportant; bug #410588) NOTE: Doesn't affect a standard Debian installation, only users, which install NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce funct ...) {DTSA-34-1} - wordpress 2.1.1-1 (low) CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...) NOT-FOR-US: JBoss CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 1 ...) NOT-FOR-US: Mediafield and Audio modules for Drupal NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3 CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...) NOT-FOR-US: Emporium for PHP-Nuke CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x ...) NOT-FOR-US: Secure site for Drupal CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register ...) NOT-FOR-US: phpMyFAQ CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...) NOT-FOR-US: Vivvo Article Management CMS CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...) - libevent (vulnerable version 1.2 was never uploaded) CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 compone ...) NOT-FOR-US: Quiksoft EasyMail Objects CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pag ...) NOT-FOR-US: Image Pager CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux a ...) NOT-FOR-US: IBM DB2 CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier al ...) NOT-FOR-US: XLAtunes CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in VS ...) NOT-FOR-US: VS-Link-Partner CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...) NOT-FOR-US: Meganoide's news CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3. ...) NOT-FOR-US: Snitz Forums 2000 CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allo ...) NOT-FOR-US: Turuncu Portal CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...) NOT-FOR-US: CodeAvalanche News CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...) NOT-FOR-US: CedStat CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when regi ...) NOT-FOR-US: webSPELL CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in VirtualSy ...) NOT-FOR-US: VS-News-System CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in Virtua ...) NOT-FOR-US: VS-News-System CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remo ...) NOT-FOR-US: Aktueldownload Haber CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...) NOT-FOR-US: Aktueldownload Haber CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote attack ...) NOT-FOR-US: VicFTPS CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in VirtualSyst ...) NOT-FOR-US: VirtualSystem Htaccess Password Generator CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 a ...) NOT-FOR-US: DeskPRO CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in VS-Gas ...) NOT-FOR-US: VS-Gastebuch CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...) NOT-FOR-US: ZebraFeeds CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallSc ...) NOT-FOR-US: InstallAnywhere CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a de ...) NOT-FOR-US: Apple iTunes CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows r ...) {DSA-1262-1} - gnomemeeting (high) CVE-2007-1006 (Multiple format string vulnerabilities in the gm_main_window_flash_mes ...) - ekiga 2.0.3-2.1 (bug #411944; high) CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...) NOT-FOR-US: eTrust Intrusion Detection CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and p ...) - iceweasel 2.0.0.4-1 (low) - iceape 1.0.9-1 (low) - xulrunner 1.8.0.4-1 (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555 CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList functio ...) {DSA-1294-1} - xorg-server 2:1.1.1-21 (medium) CVE-2007-1002 (Format string vulnerability in the write_html function in calendar/gui ...) {DSA-1325-1} - evolution 2.10.2-1 [sarge] - evolution (Vulnerable code not present) CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp func ...) - libgd2 2.0.33-1 (medium) NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2. CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...) - linux-2.6 2.6.18.dfsg.1-12 (medium) CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other version ...) - ekiga 2.0.3-5 (bug #414069; high) CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly oth ...) - xen-3.0 (bug #436250; medium) [etch] - xen-3.0 NOTE: Fedora disabled the VNC access to the Qemu monitor NOTE: An adjusted patch has been sent to the debian bugreport CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel 2. ...) - linux-2.6 2.6.18-1 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0 ...) {DSA-1336-1} NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (low) - xulrunner 1.8.0.10-1 (low) CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...) {DSA-1336-1} NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x befor ...) {DSA-1336-1} - iceweasel 2.0.0.2+dfsg-2 (medium) CVE-2007-0993 REJECTED CVE-2007-0992 REJECTED CVE-2007-0991 REJECTED CVE-2007-0990 REJECTED CVE-2007-0989 REJECTED CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4 ...) {DSA-1264-1} [etch] - php4 6:4.4.4-8+etch1 [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 - php5 5.2.0-9 CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 al ...) NOT-FOR-US: Jupiter CMS CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1. ...) NOT-FOR-US: Jupiter CMS CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earl ...) NOT-FOR-US: phpCC CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...) NOT-FOR-US: PollMentor CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Conten ...) NOT-FOR-US: AT Contenator CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0. ...) NOT-FOR-US: TaskFreak! CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x befo ...) {DSA-1336-1} NOTE: MFSA-2007-07 - iceweasel 2.0.0.1+dfsg-3 (bug #411192; high) - xulrunner 1.8.0.10-1 (high) - iceape 1.0.8-1 (high) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for S ...) NOT-FOR-US: HP Serviceguard CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2 ...) NOT-FOR-US: LifeType CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain pr ...) NOT-FOR-US: IBM AIX CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx ...) NOT-FOR-US: ActSoft DVD-Tools ActiveX control CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...) NOT-FOR-US: Apache Stats CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0. ...) NOT-FOR-US: DropBox CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ju ...) NOT-FOR-US: Jupiter CMS CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in Jup ...) NOT-FOR-US: Jupiter CMS CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remo ...) NOT-FOR-US: Jupiter CMS CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and e ...) NOT-FOR-US: WebTester CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.2 ...) NOT-FOR-US: WebTester CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) bef ...) NOT-FOR-US: Cisco CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remot ...) NOT-FOR-US: Cisco CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the H ...) NOT-FOR-US: Cisco CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to u ...) NOT-FOR-US: Cisco CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...) NOT-FOR-US: Cisco CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...) NOT-FOR-US: Cisco CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4 ...) NOT-FOR-US: Cisco CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5 ...) NOT-FOR-US: Cisco CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Securit ...) NOT-FOR-US: Cisco CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when conf ...) NOT-FOR-US: Cisco CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...) {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ka ...) {DSA-1276-1} - krb5 1.4.4-8 (high) CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote att ...) {DSA-1276-1} - krb5 1.4.4-8 (high) CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professiona ...) NOT-FOR-US: Mail Enable Professional CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...) NOT-FOR-US: MOHA Chat CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 an ...) NOT-FOR-US: @Mail CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net V ...) NOT-FOR-US: Virtual Calendar CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...) NOT-FOR-US: Fullaspsite ASP Hosting Site CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsit ...) NOT-FOR-US: Fullaspsite ASP Hosting Site CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.0 ...) NOT-FOR-US: iTinySoft CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...) NOT-FOR-US: Microsoft Virtual PC CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Wind ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Win ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0941 REJECTED CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object Mo ...) NOT-FOR-US: Microsoft CAPICOM CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content Manageme ...) NOT-FOR-US: Microsoft Content Management Server CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...) NOT-FOR-US: Microsoft Content Management Server CVE-2007-0937 REJECTED CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow rem ...) NOT-FOR-US: Microsoft CVE-2007-0935 REJECTED CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote user-a ...) NOT-FOR-US: Microsoft CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ( ...) NOT-FOR-US: D-Link CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Al ...) NOT-FOR-US: Aruba Mobility Controller CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba M ...) NOT-FOR-US: Aruba Mobility Controller CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...) NOT-FOR-US: Apache Stats CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 allo ...) NOT-FOR-US: prb (php rrd browser) CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...) NOT-FOR-US: Virtual Calendar CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...) NOT-FOR-US: uTorrent CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows r ...) NOT-FOR-US: KvGuestbook CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...) NOT-FOR-US: Community Server CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentic ...) NOT-FOR-US: phpPolls CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obta ...) NOT-FOR-US: Portal Search CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in P ...) NOT-FOR-US: Portal Search CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrar ...) NOT-FOR-US: Portal Search CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 a ...) NOT-FOR-US: Philboard CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ser ...) NOT-FOR-US: MiniWebsvr CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System (IP ...) NOT-FOR-US: Cisco CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...) NOT-FOR-US: Cisco CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...) NOT-FOR-US: HP-UX CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote attac ...) NOT-FOR-US: Sun Solaris CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote user-a ...) NOT-FOR-US: Microsoft CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...) NOT-FOR-US: JPortal CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...) - php5 5.2.2-1 (bug #410561; bug #410995; medium) [etch] - php5 (A regression only affecting 5.2.1) CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...) {DSA-1264-1} - php5 5.2.0-9 (bug #410561; bug #410995; medium) [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 [etch] - php4 6:4.4.4-8+etch1 CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...) {DSA-1264-1} - php5 5.2.0-9 (bug #410561; bug #410995; medium) [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 [etch] - php4 6:4.4.4-8+etch1 CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...) {DSA-1264-1} - php5 5.2.0-9 [etch] - php5 5.2.0-8+etch1 - php4 6:4.4.4-9 NOTE: this extension is not enabled by default in the php packages CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a denia ...) {DSA-1264-1} - php5 5.2.0-9 (bug #410561; bug #410995; medium) [etch] - php5 5.2.0-8+etch1 CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...) {DSA-1264-1} NOTE: (4) is a non-issue, as we don't use the bundled sqlite - php5 5.2.0-9 (bug #410561; bug #410995; medium) - php4 6:4.4.4-9 [etch] - php4 6:4.4.4-8+etch1 [etch] - php5 5.2.0-8+etch1 CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...) - php5 5.2.0-9 (bug #410561; bug #410995; unimportant) NOTE: we normally don't spend much time on safe_mode and open_basedir NOTE: issues, but the because the attack vectors are "unspecified", it NOTE: might be harder for us to try and sort out the fixes for this NOTE: from the session fixes in CVE-2007-0906 (see there for more info) CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...) NOT-FOR-US: LightRO CMS CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd be ...) - ejabberd 1.1.2-5 CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature ...) - moin (unimportant) NOTE: this is a version information disclosure. CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in M ...) - moin 1.5 (bug #411084; medium) NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...) NOT-FOR-US: TagIt! Tagboard CVE-2007-0899 (There is a possible heap overflow in libclamav/fsg.c before 0.100.0. ...) {DSA-1263-1} - clamav 0.90-1 [etch] - clamav 0.88.7-2 CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV be ...) {DSA-1263-1} - clamav 0.90-1 (bug #411117) [etch] - clamav 0.88.7-2 CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors ...) {DSA-1263-1} - clamav 0.90-1 (bug #411118) [etch] - clamav 0.88.7-2 CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10 ...) - firefox-sage 1.3.10-1 [etch] - firefox-sage (HTML mode not enabled in Etch) NOTE: http://secunia.com/advisories/24086/ NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a de ...) - spamassassin 3.1.7-2 (bug #410843) NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318 CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...) NOT-FOR-US: Sun Solaris CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ...) - mediawiki (unimportant) NOTE: Only path disclosure CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows re ...) NOT-FOR-US: phpMyVisites CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...) NOT-FOR-US: phpMyVisites CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...) NOT-FOR-US: phpMyVisites CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPa ...) NOT-FOR-US: cPanel CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible enco ...) NOT-FOR-US: Kiwi CatTools CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...) NOT-FOR-US: Kiwi CatTools CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials ...) NOT-FOR-US: Axigen CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows rem ...) NOT-FOR-US: Axigen CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject. ...) NOT-FOR-US: Rainbow.Zen CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows rem ...) - mimedefang (Only versions 2.59 and 2.60 vulnerable) CVE-2007-0883 (Directory traversal vulnerability in portalgroups/portalgroups/getfile ...) NOT-FOR-US: IP3 NetAccess CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...) NOT-FOR-US: Sun Solaris CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...) NOT-FOR-US: OPENi-CMS CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...) NOT-FOR-US: Capital Request Forms CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows u ...) NOT-FOR-US: PEBrowse CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows Mo ...) NOT-FOR-US: Microsoft CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...) NOT-FOR-US: March Networks DVR CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image Galler ...) NOT-FOR-US: Quick Digital Image Gallery CVE-2007-0875 NOT-FOR-US: mcRefer CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Allons_voter CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ac ...) NOT-FOR-US: nabopoll CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) add ...) NOT-FOR-US: Plain Old Webserver CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File Host ...) NOT-FOR-US: eXtreme File Hosting CVE-2007-XXXX [dokuwiki conf directory accessible by web users] - dokuwiki 0.0.20061106-3 (bug #410557) CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attacke ...) NOT-FOR-US: Microsoft CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager (ad ...) NOT-FOR-US: vBulletin CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! Mes ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in Site-As ...) NOT-FOR-US: Site-Assistant CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on HP- ...) NOT-FOR-US: HP OpenView CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and earl ...) NOT-FOR-US: LushiWarPlaner CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allo ...) NOT-FOR-US: LushiWarPlaner CVE-2007-0863 NOT-FOR-US: Trevorchan CVE-2007-0862 NOT-FOR-US: gnopaste CVE-2007-0861 NOT-FOR-US: phpCOIN CVE-2007-0860 NOT-FOR-US: local Calendar System CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the sys ...) NOT-FOR-US: Palm OS Treo CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki] - ikiwiki 1.42 (low) [etch] - ikiwiki 1.33.1 CVE-2007-0858 RESERVED CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...) - moin 1.5.3-1.2 (bug #410338; medium; bug #410552) CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (R ...) NOT-FOR-US: Trend Micro Anti-Rootkit Common Module CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR an ...) - rar 1:3.7b1-1 (high; bug #410582) [sarge] - rar (Non-free) [etch] - rar (Non-free) - unrar-nonfree 1:3.7.3-1 (high; bug #410580) [sarge] - unrar-nonfree 1:3.5.2-0.2 [etch] - unrar-nonfree 1:3.5.4-1.1 NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-", NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration NOTE: unrar-free and clamav (which embeds unrar-free code) not affected CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel Web ...) NOT-FOR-US: cPanel WebHost Manager CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...) NOT-FOR-US: DevTrack CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...) NOT-FOR-US: DevTrack CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...) NOT-FOR-US: Trend Micro Scan Engine CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and execut ...) NOT-FOR-US: SysCP CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly q ...) NOT-FOR-US: SysCP CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...) NOT-FOR-US: Maian Recipe CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server C ...) NOT-FOR-US: Open Tibia Server CMS CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Se ...) NOT-FOR-US: Open Tibia Server CMS CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...) NOT-FOR-US: Advanced Poll CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...) NOT-FOR-US: Microsoft Windows CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVC ...) NOT-FOR-US: Microsoft CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have u ...) NOT-FOR-US: vbDrupal CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...) NOT-FOR-US: HLstats CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in index/index_albu ...) NOT-FOR-US: WebMatic CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a den ...) NOT-FOR-US: FreeProxy CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...) NOT-FOR-US: AgerMenu CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows rem ...) NOT-FOR-US: FlashChat CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...) NOT-FOR-US: VMware CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the availab ...) NOT-FOR-US: VMware CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in A ...) NOT-FOR-US: Atsphp CVE-2007-0830 NOT-FOR-US: vBulletin CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a c ...) NOT-FOR-US: avast! CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in MyS ...) NOT-FOR-US: MySQLNewsEngine CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...) NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows r ...) NOT-FOR-US: Kisisel Site CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of s ...) NOT-FOR-US: FlashFXP CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1 ...) NOT-FOR-US: LightRO CMS CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been display ...) - xterm (Not a security problem) CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux 1 ...) - util-linux (Not a security problem) CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailP ...) NOT-FOR-US: PortailPhp CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE Po ...) NOT-FOR-US: PortailPhp CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assi ...) NOT-FOR-US: HP Network Node Manager CVE-2007-0818 REJECTED CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web serve ...) NOT-FOR-US: Adobe ColdFusion web server CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associat ...) NOT-FOR-US: (CA) BrightStor CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapp ...) NOT-FOR-US: Uphotogallery CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...) NOT-FOR-US: ASP Chat CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production MySearchEn ...) NOT-FOR-US: MySearchEngine CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Wi ...) NOT-FOR-US: Microsoft CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in Gee ...) NOT-FOR-US: GeekLog CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...) NOT-FOR-US: Categories Hierarchy CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows re ...) NOT-FOR-US: Mina Ajans Script CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7. ...) NOT-FOR-US: flashChat CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...) NOT-FOR-US: Les News CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local us ...) NOT-FOR-US: HP Tru64 UNIX CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...) NOT-FOR-US: GGCMS CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote attacke ...) - stlport5 5.0.3-1 (bug #410864; low) [etch] - stlport5 5.0.2-12 [sarge] - stlport5 (Vulnerable code not compiled in) CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...) - iceweasel 2.0.0.16-1 (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ...) - iceweasel 2.0.0.2+dfsg-1 (low) - firefox 45.0-1 (low) - firefox-esr 45.0esr-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...) NOTE: MFSA-2007-05 - iceweasel 2.0.0.2+dfsg-1 (medium) - iceape 1.0.8-1 (medium) - xulrunner 1.8.0.10-1 (medium) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allow ...) NOT-FOR-US: Ublog Reload CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1. ...) NOT-FOR-US: Ublog Reload CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in bluev ...) NOT-FOR-US: SMA-DB CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, all ...) NOT-FOR-US: WinProxy CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal Serve ...) NOT-FOR-US: Wap Portal Server CVE-2007-0794 NOT-FOR-US: GlobalMegaCorp dvddb CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in GlobalMeg ...) NOT-FOR-US: GlobalMegaCorp dvddb CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...) - bugzilla (Only development version 2.23.3 is affected) CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.2 ...) - bugzilla 2.22.1-2.1 (bug #409824; low) [etch] - bugzilla (Minor issue, far-fetched attack, minor impact) [sarge] - bugzilla (Vulnerable code not present) CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP serv ...) NOT-FOR-US: SmartFTP CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote attack ...) - mambo 4.6.1-1 (medium) NOTE: only the 4.5.x tree was vulnerable CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9 ...) - mediawiki (Only in 1.9 branch, fixed in 1.9.2) CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple In ...) NOT-FOR-US: Simple Invoices CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...) NOT-FOR-US: Noname Media Photo Galerie Standard CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in Flipsou ...) NOT-FOR-US: Flipsource Flip CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...) NOT-FOR-US: RBL ASP tPassword CVE-2007-0783 RESERVED CVE-2007-0782 RESERVED CVE-2007-0781 RESERVED CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0 ...) NOTE: MFSA-2007-05 - iceweasel 2.0.0.2+dfsg-1 (medium) - iceape 1.0.8-1 (medium) - xulrunner 1.8.0.10-1 (medium) [sarge] - mozilla-firefox (Vulnerable code not present) [sarge] - mozilla (Vulnerable code not present) CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...) NOTE: MFSA-2007-04 - iceweasel 2.0.0.2+dfsg-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (introduced in firefox 1.5) CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x befo ...) {DSA-1336-1} NOTE: MFSA-2007-03 - iceweasel 2.0.0.2+dfsg-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x befor ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - iceape 1.0.8-1 (high) - icedove 1.5.0.10.dfsg1-1 (low) - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - iceape 1.0.8-1 (high) - icedove 1.5.0.10.dfsg1-1 (low) - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox (Only affected Firefox 2.0 et al) [sarge] - mozilla-thunderbird (Only affected Firefox 2.0 et al) [sarge] - mozilla (Only affected Firefox 2.0 et al) CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...) {DSA-1336-1} NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - iceape 1.0.8-1 (high) - icedove 1.5.0.10.dfsg1-1 (low) - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla-thunderbird (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) NOTE: Only one of the crashes can be triggered in Sarge, 326864 CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function (native/ ...) - libapache-mod-jk 1:1.2.21-1 (medium) [sarge] - libapache-mod-jk [etch] - libapache-mod-jk NOTE: affects only 1.2.19 and 1.2.20 CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...) - linux-2.6 2.6.12-1 CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remo ...) - linux-2.6 2.6.18.dfsg.1-11 CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...) - linux-2.6 (RHEL-specific backport, only present in -mm tree) CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...) {DSA-1260} - graphicsmagick 1.1.7-12 - imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435) CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c i ...) {DSA-1903-1 DSA-1858-1 DSA-1294-1} - xfree86 (bug #414046; medium) - libx11 2:1.0.3-7 (bug #414045; medium) - graphicsmagick 1.1.7-14 (bug #417862; medium) - imagemagick 7:6.2.4.5.dfsg1-1 (medium) NOTE: Discovered through CVE-2007-0770. NOTE: With certain mail user agents, this issue is likely exploitable NOTE: without much user interaction. CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when th ...) - libpam-ssh 1.91.0-9.2 (bug #410236; low) [etch] - libpam-ssh (Minor issue) [sarge] - libpam-ssh (Minor issue) CVE-2007-0769 NOT-FOR-US: Phorum CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact Det ...) NOT-FOR-US: Yahoo! Messenger CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...) NOT-FOR-US: Phorum CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows u ...) NOT-FOR-US: .NET Explorer CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...) NOT-FOR-US: Curium CMS CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier allow ...) NOT-FOR-US: F3Site CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment functiona ...) NOT-FOR-US: F3Site CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in p ...) NOT-FOR-US: phpBB++ CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...) NOT-FOR-US: phpBB ezBoard converter CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by verif ...) NOT-FOR-US: EQdkp CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remot ...) NOT-FOR-US: EasyMoblog CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...) NOT-FOR-US: PHPProbid CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes C ...) NOT-FOR-US: CoD2 DreamStats CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denia ...) NOT-FOR-US: Chicken of the VNC CVE-2007-0755 RESERVED CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...) NOT-FOR-US: Apple QuickTime CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...) NOT-FOR-US: Apple CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...) NOT-FOR-US: Apple CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...) NOT-FOR-US: Apple CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 a ...) NOT-FOR-US: Apple CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in pr ...) NOT-FOR-US: Apple Darwin Streaming Server CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...) NOT-FOR-US: Apple Darwin Streaming Server CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple M ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration fil ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean th ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username a ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allow ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 throu ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display fil ...) NOT-FOR-US: Apple CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the so ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not displa ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not prop ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3. ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 throu ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...) NOT-FOR-US: AirPort Extreme Base Station CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...) NOT-FOR-US: Apple Mac ImageIO CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB Fi ...) NOT-FOR-US: Apple Mac CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac Server Manager CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10 ...) NOT-FOR-US: Apple Mac CVE-2007-0727 REJECTED CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Apple OpenSSH CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4 ...) NOT-FOR-US: Apple Mac CVE-2007-0723 (Unspecified vulnerability in the authentication feature for DirectoryS ...) NOT-FOR-US: Mac OS X CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allo ...) NOT-FOR-US: Apple Mac CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3. ...) NOT-FOR-US: Apple Mac CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to caus ...) - cups 1.2.7-1 (bug #434734; low) - cupsys 1.2.7-1 (bug #434734; low) [sarge] - cupsys (Minor, conceptual design problem) [etch] - cupsys (Minor, conceptual design problem) CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...) NOT-FOR-US: Apple QuickTime CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows rem ...) NOT-FOR-US: Apple QuickTime CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...) NOT-FOR-US: Apple QuickTime CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Wi ...) NOT-FOR-US: Apple QuickTime CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows rem ...) NOT-FOR-US: Apple iChat CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) NOT-FOR-US: Comodo Firewall Pro CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) NOT-FOR-US: Comodo Firewall Pro CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assi ...) NOT-FOR-US: GOM Player CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Exp ...) NOT-FOR-US: Darksky RSS CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and P ...) NOT-FOR-US: Sleipnir CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...) NOT-FOR-US: Somery CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...) NOT-FOR-US: WebBuilder CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0. ...) NOT-FOR-US: phpEventMan CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epist ...) NOT-FOR-US: Epistemon CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain Por ...) NOT-FOR-US: Portail Web CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in Gu ...) NOT-FOR-US: Portail Web CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier all ...) NOT-FOR-US: ACGVannu CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to chan ...) NOT-FOR-US: ACGVannu CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...) NOT-FOR-US: Free LAN Intranet Portal CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Port ...) NOT-FOR-US: Free LAN Intranet Portal CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 a ...) NOT-FOR-US: DGNews CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...) NOT-FOR-US: DGNews CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: DGNews CVE-2007-0691 REJECTED CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: myEvent CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-XXXX [remctl ACL bypass vulnerability] - remctl 2.2-2 [sarge] - remctl (Vulnerable code not present) CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allo ...) NOT-FOR-US: Hunkaray Duyuru Scripti CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...) NOT-FOR-US: L2J Dropcalc CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...) NOT-FOR-US: Intel 2200BG Cards drive. CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 20 ...) NOT-FOR-US: Internet Explorer CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Port ...) NOT-FOR-US: Cerulean Portal System CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in O ...) NOT-FOR-US: Omegaboard CVE-2007-0682 (PHP remote file inclusion vulnerability in theme/include_mode/template ...) NOT-FOR-US: JV2 Folder Gallery CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ch ...) NOT-FOR-US: ExtCalendar CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in P ...) NOT-FOR-US: Phpbb Tweaked it is a module to phpbb CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nico ...) NOT-FOR-US: PHPMyRing CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...) NOT-FOR-US: Fullaspsite Asp Hosting Sites CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Brows ...) NOT-FOR-US: Cadre PHP Framework CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...) NOT-FOR-US: ExoPHPDesk CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech C ...) NOT-FOR-US: Windows Vista CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...) NOT-FOR-US: Windows Mobile CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops ...) NOT-FOR-US: (CA) BrightStor CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers t ...) NOT-FOR-US: (CA) BrightStor CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...) NOT-FOR-US: Microsoft Excel CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local us ...) NOT-FOR-US: IBM AIX CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local us ...) - twiki 1:4.0.5-9 (bug #410256) CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) NOT-FOR-US: Sun Solaris. CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ...) - sql-ledger (bug #409703; unimportant) NOTE: It's documented behaviour that SQL-Ledger should only be run in an NOTE: authenticated HTTP zone and without untrusted users [etch] - sql-ledger (Should only be used with trusted users) NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger NOTE: is not secure with untrusted users. CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...) NOT-FOR-US: WS_FTP Server CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...) NOT-FOR-US: WS_FTP Server CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...) - thttpd (Gentoo-specific packaging flaw) NOTE: In accordance with Debian Policy is not possible start Webserver NOTE: in root directory (/). CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...) NOT-FOR-US: Eclectic Designs CascadianFAQ CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile ...) NOT-FOR-US: Hailboards CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...) NOT-FOR-US: Intel BMC CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before 0 ...) NOT-FOR-US: DotNetNuke CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for M ...) NOT-FOR-US: MODx MuddyDogPaws FileDownload CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module f ...) NOT-FOR-US: Drupal addon module "Textimage" CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to r ...) - nexuiz 2.2.3-1 (medium) [etch] - nexuiz (Vulnerable code not present, was introduced in 2.2.2) CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in p ...) NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2 CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies ...) NOT-FOR-US: MicroWorld CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-ass ...) {DSA-1277-1} - xmms 1:1.2.10+20070301-2 (bug #416423; low) CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ot ...) {DSA-1277-1} - xmms 1:1.2.10+20070301-2 (bug #416423; low) CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professi ...) NOT-FOR-US: MailEnable Professional CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Prof ...) NOT-FOR-US: MailEnable Professional CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...) - tetex-bin (Only vulnerable if compiled w/o kpathsea support, Debian does) CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2 ...) NOT-FOR-US: OpenEMR CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...) NOT-FOR-US: Cisco CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-as ...) NOT-FOR-US: AppleKit CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Ma ...) NOT-FOR-US: iMovie CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assiste ...) NOT-FOR-US: iPhoto CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remot ...) NOT-FOR-US: Apple Safari CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-a ...) NOT-FOR-US: Bloodshed Dev-C++ CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU scri ...) NOT-FOR-US: Raymond BERTHOU script collection CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...) NOT-FOR-US: Shaffer Solutions (SSC) CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack v ...) - zabbix 1:1.1.4-8 (bug #409257) CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY 4 ...) NOT-FOR-US: GuppY CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...) NOT-FOR-US: PHPFootball CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...) NOT-FOR-US: Galeria Zdjec CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact a ...) NOT-FOR-US: incron CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...) NOT-FOR-US: EncapsCMS CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows rem ...) NOT-FOR-US: Sun Solaris CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak] - kaya 0.2.0-6 (bug #409062) CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive] - libx11 2:1.0.3-5 (low) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279 CVE-2007-0633 (PHP remote file inclusion vulnerability in include/themes/themefunc.ph ...) NOT-FOR-US: MyNews CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...) NOT-FOR-US: ASP EDGE CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...) NOT-FOR-US: Eclectic Designs CascadianFAQ CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...) NOT-FOR-US: xNews CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not p ...) NOT-FOR-US: Plain Black WebGUI CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Access Manager CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password argumen ...) NOT-FOR-US: gtalkbot CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal befo ...) - drupal 4.7.6-1 CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validat ...) NOT-FOR-US: NoMachine NX Server CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...) NOT-FOR-US: MAXdev MDPro CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...) NOT-FOR-US: MAXdev MDPro CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulleti ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-0621 REJECTED CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...) NOT-FOR-US: FD Script CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ar ...) - chmlib 2:0.39-1 (bug #408603; medium) CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...) NOT-FOR-US: IBM AIX CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...) NOT-FOR-US: Earthlink TotalAccess CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zen ...) NOT-FOR-US: zenphoto CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Manage ...) NOT-FOR-US: Hitachi CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...) NOT-FOR-US: Apple CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...) NOT-FOR-US: Apple CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vis ...) NOT-FOR-US: Microsoft ActiveX CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra ...) NOT-FOR-US: Free LAN Intranet Portal CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CM ...) NOT-FOR-US: CMSimple CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows r ...) NOT-FOR-US: Advanced Guestbook CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: Advanced Guestbook CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores gl ...) NOT-FOR-US: Web-Agora CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web-Agora CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced Gu ...) NOT-FOR-US: Advanced Guestbook CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3 ...) NOT-FOR-US: Movable Type CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...) NOT-FOR-US: PGP Desktop CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro Vir ...) NOT-FOR-US: Trend Micro AntiVirus CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...) NOT-FOR-US: Aztek Forum CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newspo ...) NOT-FOR-US: makit news CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4 ...) NOT-FOR-US: Aztek Forum CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allo ...) NOT-FOR-US: Aztek Forum CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Aztek Forum CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek For ...) NOT-FOR-US: Aztek Forum CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Si ...) NOT-FOR-US: high5 Review CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with in ...) NOT-FOR-US: Siteman CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with in ...) NOT-FOR-US: Siteman CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows re ...) NOT-FOR-US: EzDatabase CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An V ...) NOT-FOR-US: VirtualPath CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...) NOT-FOR-US: Forum Livre CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...) NOT-FOR-US: Forum Livre CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quickti ...) NOT-FOR-US: Apple CVE-2007-0587 RESERVED CVE-2007-0586 RESERVED CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...) NOT-FOR-US: Webfwlog CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php i ...) NOT-FOR-US: PhP Generic CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...) NOT-FOR-US: HTTP Commander CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows re ...) NOT-FOR-US: ChernobiLe CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...) NOT-FOR-US: EclipseBB CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...) NOT-FOR-US: Foro Domus CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...) NOT-FOR-US: Horde Groupware CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows remot ...) - mpg123 0.61-5 (bug #409296; unimportant) NOTE: Not much of a security problem; user will abort mpg123 and never listen to NOTE: the faulty stream again CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ACGVcli ...) NOT-FOR-US: ACGVclick CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...) NOT-FOR-US: Xt-Stats CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login pag ...) NOT-FOR-US: ASPCode.net AdMentor CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...) NOT-FOR-US: SpoonLabs Vivvo Article Management CMS CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...) NOT-FOR-US: nsGalPHP CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in D ...) NOT-FOR-US: Drunken:Golem Gaming Portal CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...) NOT-FOR-US: phpMyReports CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes G ...) NOT-FOR-US: Ad Fundum Integratable News Script CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote at ...) NOT-FOR-US: xNews CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in M ...) NOT-FOR-US: MyPHPCommander CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in Interactive-S ...) NOT-FOR-US: Interactive-Scripts.Com CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earli ...) NOT-FOR-US: ASP NEWS CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...) NOT-FOR-US: CGI RESCUE CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) befor ...) NOT-FOR-US: Symantec CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Se ...) NOT-FOR-US: Symantec CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...) NOT-FOR-US: Windows Explorer CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...) NOT-FOR-US: Xero Portal CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier a ...) NOT-FOR-US: ASP EDGE CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 all ...) NOT-FOR-US: RPW CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in In ...) NOT-FOR-US: vHostAdmin CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ori ...) NOT-FOR-US: rPath CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8 ...) - postgresql-8.2 8.2.2-1 - postgresql-8.1 8.1.7-1 - postgresql-7.4 (only PostgreSQL 8.x) - postgresql (only PostgreSQL 8.x) CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8. ...) {DSA-1261-1} - postgresql-8.2 8.2.2-1 - postgresql-8.1 8.1.7-1 - postgresql-7.4 1:7.4.16-1 - postgresql (only transitional package) CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...) NOT-FOR-US: Guos Posting System CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php i ...) NOT-FOR-US: PHProxy CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in install/default/error404.h ...) NOT-FOR-US: Onnac CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...) NOT-FOR-US: CMSimple CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...) NOT-FOR-US: 212cafe Guestbook CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...) NOT-FOR-US: 212cafe Guestbook CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a de ...) NOT-FOR-US: KarjaSoft CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...) NOT-FOR-US: CGI RESCUE CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root wi ...) NOT-FOR-US: Toxiclab Shoutbox CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...) NOT-FOR-US: Maxtricity Tagger CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka M ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web r ...) NOT-FOR-US: ZixForum CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestb ...) NOT-FOR-US: 212cafe Guestbook CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitr ...) {DTSA-33-1} - wordpress 2.1.0-1 (low) CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwi ...) {DSA-1564-1} - wordpress 2.1.0-1 (low) CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote att ...) {DTSA-33-1} - wordpress 2.1.0-1 (low) CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...) NOT-FOR-US: Telligent CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not p ...) - kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium) CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop supplementa ...) NOT-FOR-US: rPath CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...) NOT-FOR-US: Vote! Pro CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...) NOT-FOR-US: Drupal module "Project" CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and K ...) NOT-FOR-US: Borland Delphi CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive informat ...) NOT-FOR-US: Uploader CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeW ...) NOT-FOR-US: FreeWebShop CVE-2007-0530 NOT-FOR-US: Advanced Guestbook CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the admini ...) NOT-FOR-US: PHP Link Directory CVE-2007-0528 (The admin web console implemented by the Centrality Communications (ak ...) NOT-FOR-US: Centrality Communications CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.log ...) NOT-FOR-US: Website Baker CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...) NOT-FOR-US: Bitweaver CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (Min ...) NOT-FOR-US: Mini Web server CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...) NOT-FOR-US: LG CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Nokia CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a deni ...) NOT-FOR-US: Motorola CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cau ...) NOT-FOR-US: Sony Ericsson CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allo ...) NOT-FOR-US: Unique Ads CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Insta ...) NOT-FOR-US: XMB Host CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive inform ...) NOT-FOR-US: Scriptsez CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...) NOT-FOR-US: Scriptsez CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with pe ...) NOT-FOR-US: Yana CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remot ...) NOT-FOR-US: Microsoft CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitach ...) NOT-FOR-US: Hitachi CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64) ...) NOT-FOR-US: Hitachi CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 0 ...) NOT-FOR-US: Hitachi CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD ...) NOT-FOR-US: phpXD CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ...) - awffull (unimportant) NOTE: This appears to be a bug without a vulnerability vector. CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unk ...) NOT-FOR-US: MaklerPlus CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4 ...) NOT-FOR-US: Drupal module "Acidfree" CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...) NOT-FOR-US: Drupal module "Project" CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4 ...) NOT-FOR-US: Drupal module "Project" CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and p ...) NOT-FOR-US: Vote! Pro CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 bef ...) NOT-FOR-US: Sun CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...) NOT-FOR-US: webSPELL CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum Too ...) NOT-FOR-US: Advanced Random Generators CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in Bra ...) NOT-FOR-US: Bradabra CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim p ...) NOT-FOR-US: phpIndexPage CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...) NOT-FOR-US: MySpeach CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in Upload-Se ...) NOT-FOR-US: Upload-Service CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...) NOT-FOR-US: Neon Lab CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in P ...) NOT-FOR-US: PhpSherpa CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01 ...) NOT-FOR-US: webSPELL CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpe ...) NOT-FOR-US: MySpeach CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensi ...) NOT-FOR-US: Open-Realty CVE-2007-0489 (PHP remote file inclusion vulnerability in includes/functions.visohotl ...) NOT-FOR-US: VisoHotlink CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Q ...) NOT-FOR-US: Huawei CVE-2007-0487 NOT-FOR-US: FreeForum CVE-2007-0486 NOT-FOR-US: Openads CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...) NOT-FOR-US: Webdev CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...) NOT-FOR-US: ReviewPost CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...) NOT-FOR-US: ReviewPost CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 al ...) NOT-FOR-US: Sun CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...) NOT-FOR-US: Cisco CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...) NOT-FOR-US: Cisco CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...) NOT-FOR-US: Cisco CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does ...) NOT-FOR-US: Apple Safari CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.1 ...) NOT-FOR-US: Openads CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2 ...) - openldap2 (Gentoo packaging bug) CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4 ...) - smb4k 0.8.1-1 (low) [etch] - smb4k (Minor issue) NOTE: not all problems fixed in 0.8.0 CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoer ...) - smb4k 0.8.1-1 (low) [etch] - smb4k (Minor issue) NOTE: not fixed in 0.8.0, see NOTE: https://web.archive.org/web/20070712072042/http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769 CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 d ...) - smb4k 0.8.0-1 (low) [etch] - smb4k (Minor issue) CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to (1 ...) - smb4k 0.8.0-1 (low) [etch] - smb4k (Minor issue) CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClo ...) - bbclone 0.4.6-8 (bug #408839; medium) CVE-2007-XXXX [hinfo code injection] - hinfo 1.02-3.1 (bug #402316; low) [sarge] - hinfo (Package completely broken, hardly usable for an attack) CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...) {DSA-1254-1} - bind9 1:9.3.4-2 (medium; bug #408432) - bind CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...) - bind9 1:9.3.4-2 (medium; bug #408432) [sarge] - bind9 (Vulnerable code not present) - bind CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions] - gstreamer0.10-ffmpeg 0.10.1-6 - gst-ffmpeg 0.8.7-10 [etch] - ffmpeg 0.cvs20060823-5 - ffmpeg 0.cvs20060823-6 - xmovie (this is not an issue in the avformat ffmpeg code copy) - mplayer 1.0~rc1-12 CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...) NOT-FOR-US: Check Point CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 1 ...) NOT-FOR-US: Sun Solaris CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 do ...) - libgems-ruby 0.9.3-1 (low; bug #408299) [etch] - libgems-ruby (Minor issue, needs implicit trust on installed data) CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (M ...) NOT-FOR-US: Visual C++ CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin gro ...) NOT-FOR-US: Apple CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 al ...) NOT-FOR-US: Telestream CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4. ...) NOT-FOR-US: Apple CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 o ...) NOT-FOR-US: CFNetwork on Apple Mac OS CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...) NOT-FOR-US: Apple CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktim ...) NOT-FOR-US: Apple CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before 2. ...) - dazuko-source (bug #408300) [sarge] - dazuko-source (Vulnerable code not present) CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...) - ulogd 1.23-6 (medium) CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.9 ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal (Vulnerable code not present) CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal (Vulnerable code not present) CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (f ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal (Vulnerable code not present) CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...) - wireshark 0.99.4-5 (low) [sarge] - ethereal (Vulnerable code not present) CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Grap ...) {DSA-1936-1} - libgd2 2.0.35.dfsg-1 (bug #408982; low) [sarge] - libgd2 (Minor issue, hardly exploitable) [etch] - libgd2 (Minor issue, hardly exploitable) CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...) {DSA-1257} - samba 3.0.23d-5 (medium) CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 throug ...) - samba (Solaris-specific vulnerability) CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...) {DSA-1257} - samba 3.0.23d-5 (low) CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...) - tomcat5 (unimportant) - tomcat5.5 5.5.23-1 (unimportant) NOTE: This only adds an additional control settings for path delimiters, the NOTE: necessary proxies still need to be secured or fixed individually (e.g. NOTE: as done for mod_jk in a DSA CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Ba ...) NOT-FOR-US: CA BrightStor CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI h ...) - php5 (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Sym ...) NOT-FOR-US: Symantec CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Merc ...) NOT-FOR-US: HP Mercury CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand Scann ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...) NOT-FOR-US: Citrix CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in Gracen ...) NOT-FOR-US: GraceNote ActiveX Control CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impa ...) NOT-FOR-US: IBM OS/400 CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: OpenView Network Node Manager CVE-2007-0440 RESERVED CVE-2007-0439 RESERVED CVE-2007-0438 RESERVED CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample Cach ...) NOT-FOR-US: InterSystems Cache CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS14 ...) NOT-FOR-US: X-Kryptor CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...) NOT-FOR-US: T-Com Speedport CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...) NOT-FOR-US: BEA CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 thr ...) NOT-FOR-US: BEA CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject m ...) NOT-FOR-US: BEA CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote a ...) NOT-FOR-US: AVM CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ea ...) NOT-FOR-US: Apple Mac OS CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed w ...) NOT-FOR-US: DivX Web Player CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for W ...) - wzdftpd 0.8.1-1 (medium) CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...) NOT-FOR-US: Microsoft CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered e ...) NOT-FOR-US: BEA CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 thro ...) NOT-FOR-US: BEA CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...) NOT-FOR-US: BEA CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...) NOT-FOR-US: BEA CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...) NOT-FOR-US: BEA CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allow ...) NOT-FOR-US: BEA CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...) NOT-FOR-US: BEA CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...) NOT-FOR-US: BEA CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...) NOT-FOR-US: BEA CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...) NOT-FOR-US: BEA CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...) NOT-FOR-US: BEA CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce acce ...) NOT-FOR-US: BEA CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 thro ...) NOT-FOR-US: BEA CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a bac ...) NOT-FOR-US: BEA CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...) NOT-FOR-US: BEA CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...) NOT-FOR-US: BEA CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...) NOT-FOR-US: BEA CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...) NOT-FOR-US: BEA CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate cli ...) NOT-FOR-US: BEA CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...) NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, an ...) - gxine 0.5.8-2 (medium; bug #405876) CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...) - python-django 0.95.1-1 (bug #407786) CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...) - python-django 0.95.1-1 (bug #407786) CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...) NOT-FOR-US: Easebay Resources CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in E ...) NOT-FOR-US: Easebay Resources CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...) NOT-FOR-US: Easebay Resources CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Ea ...) NOT-FOR-US: Easebay Resources CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Si ...) NOT-FOR-US: Simple Machines Forum CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in A ...) NOT-FOR-US: MisterSPa-forum CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7] - wordpress 2.0.7 (bug #407116; unimportant) NOTE: Non-issue, hash issue fixed since months in Sarge and Etch, NOTE: register_globals unsupported anyway CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) NOT-FOR-US: Cisco CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in c ...) NOT-FOR-US: HP-UX CVE-2007-0395 (PHP remote file inclusion vulnerability in libraries/grab_globals.lib. ...) NOT-FOR-US: ComVironment CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file descriptor ...) NOT-FOR-US: HP-UX CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...) NOT-FOR-US: Sun Solaris CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors be ...) NOT-FOR-US: IBM AIX CVE-2007-0391 (Format string vulnerability in the log creation functionality of BitDe ...) NOT-FOR-US: BitDefender CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...) NOT-FOR-US: sabros.us CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...) NOT-FOR-US: ArsDigita Community System CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board (wB ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks com ...) NOT-FOR-US: Joomla! CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...) NOT-FOR-US: PostNuke CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain se ...) NOT-FOR-US: PostNuke CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews sec ...) NOT-FOR-US: PostNuke CVE-2007-0383 NOT-FOR-US: WDaemon CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the L ...) NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla! CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...) NOT-FOR-US: ATutor CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: DocMan CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remo ...) NOT-FOR-US: DocMan CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attacke ...) NOT-FOR-US: DocMan CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote at ...) NOT-FOR-US: Xoops CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows re ...) NOT-FOR-US: Virtuemart CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Joomla! CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2 ...) - mambo 4.6.1-5 (bug #407995; low) CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow rem ...) NOT-FOR-US: Joomla! CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...) NOT-FOR-US: PHP-Nuke CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ( ...) NOT-FOR-US: Common Controls Replacement Project (CCRP) CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.20 ...) NOT-FOR-US: phpBP CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows re ...) NOT-FOR-US: phpBP CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...) NOT-FOR-US: mbse CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and dire ...) NOT-FOR-US: Maxum Rumpus CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows l ...) NOT-FOR-US: Maxum Rumpus CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...) NOT-FOR-US: All In One Control Panel CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com I ...) NOT-FOR-US: nicecoder.com INDEXU CVE-2007-XXXX [libjabber DoS] - centericq 4.21.0-18 (unimportant; bug #406982) NOTE: Affected function isn't used in the source CVE-2007-XXXX [python-django flup/FastCGI/debugging issue] - python-django 0.95.1-1 (bug #407607) CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids] - gstreamer0.10-ffmpeg 0.10.1-5 - gst-ffmpeg 0.8.7-9 - mplayer 1.0~rc1-12 [etch] - ffmpeg 0.cvs20060823-5 - ffmpeg 0.cvs20060823-6 - xmovie (this is not an issue in the avformat ffmpeg code copy) CVE-2007-XXXX [netpbm heap corruption] - netpbm-free 2:10.0-11 (bug #407605) CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Op ...) NOT-FOR-US: Openads CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) NOT-FOR-US: FreshReader CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphoru ...) NOT-FOR-US: PHPMyphorum CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2 ...) NOT-FOR-US: Oreon CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey C ...) NOT-FOR-US: Travelsized CMS CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP Jetdi ...) NOT-FOR-US: HP Jetdirect CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz ...) NOT-FOR-US: AVM CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Ac ...) NOT-FOR-US: Common Controls Replacement Project (CCRP) CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Ma ...) NOT-FOR-US: Apple CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0 ...) NOT-FOR-US: MGB OpenSource Guestbook CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) logi ...) NOT-FOR-US: myBloggie CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...) NOT-FOR-US: Microsoft CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle us ...) NOT-FOR-US: Microsoft CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...) NOT-FOR-US: FileMailer CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com INDE ...) NOT-FOR-US: INDEXU CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...) NOT-FOR-US: ActiveX control in InterActual Player CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not prope ...) - cvstrac 2.0.1-1 [etch] - cvstrac (Vulnerable code not present) [sarge] - cvstrac (Vulnerable code not present) NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things NOTE: are done like using %q instead of %s for user supplied data CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...) NOT-FOR-US: FileMailer CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain A ...) NOT-FOR-US: Apple CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...) - colloquy CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of s ...) NOT-FOR-US: OpenBSD CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...) NOT-FOR-US: Apple WebKit CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earli ...) - phpmyadmin 4:2.9.1.1-2 (medium) [sarge] - phpmyadmin (Vulnerable code not present) CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84 ...) NOT-FOR-US: ThWboard CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in Scrip ...) NOT-FOR-US: FileMailer CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...) NOT-FOR-US: BolinTech Dream FTP Server CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...) NOT-FOR-US: KGB CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows loca ...) NOT-FOR-US: Rixstep CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book 1.0. ...) NOT-FOR-US: Jax Petition Book CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and SIP ...) NOT-FOR-US: Outpost Firewall Pro CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access r ...) NOT-FOR-US: Outpost Firewall Pro CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...) NOT-FOR-US: liens_dynamiques CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynami ...) NOT-FOR-US: liens_dynamiques CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...) NOT-FOR-US: Ipswitch WS_FTP CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote attac ...) NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in Macrov ...) NOT-FOR-US: Macrovision CVE-2007-0327 RESERVED CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...) NOT-FOR-US: PNI Digital Media Photo Upload CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in befor ...) NOT-FOR-US: LizardTech DjVu Browser Plug-in CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion (RIM ...) NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online ...) NOT-FOR-US: Intuit QuickBooks CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in isusweb ...) NOT-FOR-US: FLEXnet Connect CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...) NOT-FOR-US: InstallFromTheWeb CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ActiveEmailTest.Em ...) NOT-FOR-US: Motive ActiveEmailTest CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-depende ...) NOT-FOR-US: Apple Mac OS CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla be ...) - filezilla 3.0.0~beta2-3 (medium; bug #407683) CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote att ...) - filezilla (fixed before the first Debian upload) CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System 1 ...) NOT-FOR-US: Article System CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) befo ...) - gosa 2.5.8-1 (medium) [etch] - gosa 2.5.6-2.1 CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ins ...) NOT-FOR-US: wcSimple CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier al ...) NOT-FOR-US: Texas Imperial Software WFTPD Pro Server CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates differen ...) NOT-FOR-US: BMC Software CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in Franci ...) NOT-FOR-US: PHP-Nuke CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in Popla ...) NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...) NOT-FOR-US: Digiappz CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon S ...) NOT-FOR-US: Okul Merkezi Portal CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 al ...) NOT-FOR-US: MiNT Haber Sistemi CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have u ...) NOT-FOR-US: Zina CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1. ...) NOT-FOR-US: InstantASP CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in Fd ...) NOT-FOR-US: FdWeB CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1. ...) NOT-FOR-US: TLM CMS CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byt ...) NOT-FOR-US: Apple Mac OS CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...) NOT-FOR-US: LunarPoll CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...) NOT-FOR-US: Oracle CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...) NOT-FOR-US: Oracle CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...) NOT-FOR-US: Oracle CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has un ...) NOT-FOR-US: Oracle CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...) NOT-FOR-US: Oracle CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...) NOT-FOR-US: Oracle CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Oracle CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...) NOT-FOR-US: Oracle CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has un ...) NOT-FOR-US: Oracle CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...) NOT-FOR-US: Oracle CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...) NOT-FOR-US: Oracle CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...) NOT-FOR-US: Oracle CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...) NOT-FOR-US: Oracle CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Col ...) NOT-FOR-US: Oracle CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...) NOT-FOR-US: Oracle CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9. ...) NOT-FOR-US: Oracle CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...) NOT-FOR-US: Oracle CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...) NOT-FOR-US: Oracle CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...) NOT-FOR-US: Oracle CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...) NOT-FOR-US: Oracle CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9. ...) NOT-FOR-US: Oracle CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartrid ...) NOT-FOR-US: Oracle CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10 ...) NOT-FOR-US: Oracle CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0. ...) NOT-FOR-US: Oracle CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0. ...) NOT-FOR-US: Oracle CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has u ...) NOT-FOR-US: Oracle CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0. ...) NOT-FOR-US: Oracle CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10 ...) NOT-FOR-US: Oracle CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0 ...) NOT-FOR-US: Oracle CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...) NOT-FOR-US: UFS filesystem on MacOS/FreeBSD CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...) NOT-FOR-US: Ezboxx Portal CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal S ...) NOT-FOR-US: Ezboxx Portal CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ca ...) NOT-FOR-US: Winzip CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows user- ...) NOT-FOR-US: Total Commander CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify t ...) {DTSA-33-1} - wordpress 2.0.8-1 (bug #407289) CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when auth ...) NOT-FOR-US: sNews CVE-2007-0260 NOT-FOR-US: Naig CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...) NOT-FOR-US: Ezboxx Portal CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2 ...) NOT-FOR-US: Fastilo CVE-2007-0257 - kernel-patch-grsecurity2 2.1.10-1 (bug #407350) NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of servi ...) - vlc 0.8.6.c-1 (unimportant; bug #407290) CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...) NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere NOTE: This appears to be a generic crash CVE-2007-0254 (Format string vulnerability in the errors_create_window function in er ...) - xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369) NOTE: If've verified the Etch version to contain the necessary format strings CVE-2007-0253 - kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350) NOTE: See CVE-2007-0257 CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote at ...) NOT-FOR-US: easy-content CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort 2 ...) - snort (DecodeGRE function not in unstable version) NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2 NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian. CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain poten ...) NOT-FOR-US: NWOM Topsites 3.0 CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...) NOT-FOR-US: NWOM Topsites 3.0 CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...) - squid 2.6.5-4 (low) [sarge] - squid (Vulnerable code not present) CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 befor ...) {DSA-1297-1} - gforge-plugin-scmcvs 4.5.14-6 CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier a ...) {DSA-1307-1} - openoffice.org 2.2.1~rc1-1 [lenny] - openoffice.org 2.0.4.dfsg.2-7etch1 CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3 ...) {DSA-1288-2 DSA-1288-1} - pptpd 1.3.4-1 CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Upda ...) - sun-java5 1.5.0-10-1 CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does n ...) {DSA-1292-1} - qt4-x11 4.2.2-2 - qt-x11-free 3:3.3.7-4 CVE-2007-0241 RESERVED - linux-2.6 2.6.18.dfsg.1-12 CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier al ...) {DSA-1275-1} - zope2.9 2.9.7-1 [etch] - zope2.9 2.9.6-4etch1 CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote attacker ...) {DSA-1270-1} - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCa ...) {DSA-1270-1} - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ov ...) {DSA-1269-1} - lookup-el 1.4-5 (low) CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...) NOT-FOR-US: Mac OS X CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...) {DSA-1255-1} - libgtop2 2.14.4-3 (medium; bug #407020) NOTE: libgtop does not contain the affected code. CVE-2007-0234 REJECTED CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly unse ...) - wordpress 2.1.0-1 (unimportant) NOTE: This is argubly a php bug, CVE-2006-3017 CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.ph ...) NOT-FOR-US: Jshop Server CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, wh ...) NOT-FOR-US: Movable Type CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...) NOT-FOR-US: CS-Cart CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and Fr ...) NOT-FOR-US: MacOS X CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer al ...) NOT-FOR-US: EIQ Networks Network Security Analyzer CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify nam ...) - slocate 3.1-1.1 (bug #411937; low) [sarge] - slocate (Performs correct access checks) [etch] - slocate (Minor issue) NOTE: slocate will allow users to find files in directories with the NOTE: executable bit set but without the readable bit set. This is NOTE: an information leak. CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...) NOT-FOR-US: uniForum CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-AS ...) NOT-FOR-US: Shopping Cart CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shoppin ...) NOT-FOR-US: Shopping Cart CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...) NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side compo ...) NOT-FOR-US: Oracle Application Server CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Ser ...) NOT-FOR-US: Microsoft CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...) NOT-FOR-US: Microsoft CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...) NOT-FOR-US: Microsoft CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to exec ...) NOT-FOR-US: Microsoft CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 an ...) NOT-FOR-US: Microsoft CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 20 ...) NOT-FOR-US: Microsoft Office CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...) NOT-FOR-US: Microsoft Excel CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 S ...) NOT-FOR-US: Microsoft CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does no ...) NOT-FOR-US: Microsoft CVE-2007-0212 REJECTED CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...) NOT-FOR-US: Microsoft CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...) NOT-FOR-US: Microsoft CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...) NOT-FOR-US: Microsoft CVE-2007-0207 REJECTED CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: OpenView Network Node Manager CVE-2007-XXXX [udev wrong permissions on raid devices] - udev 0.105-2 (bug #404927) [sarge] - udev (Doesn't affect Sarge) CVE-2007-XXXX [yacas insecure rpath] - yacas 1.0.57-3 (bug #399226; bug #399227; low) CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows remot ...) - squid 2.6.5-4 (low; bug #407202) [sarge] - squid (Vulnerable code not present) NOTE: reference - http://secunia.com/advisories/23767/ CVE-2007-XXXX [bcfg2 password disclosure] - bcfg2 0.8.7.3-1 (low; bug #406285) [etch] - bcfg2 0.8.6.1-1.1etch1 CVE-2007-XXXX [mysql 5.0 several DoS vulns] - mysql-dfsg-5.0 5.0.32-1 CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex Guestboo ...) NOT-FOR-US: @alex CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) - phpmyadmin 4:2.9.1.1-2 (bug #406486; low) [sarge] - phpmyadmin (vulnerable code not present) CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ha ...) - phpmyadmin 4:2.9.1.1-2 (bug #406486; low) [sarge] - phpmyadmin (vulnerable code not present) NOTE: duplicate of CVE-2006-6374? CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and e ...) NOT-FOR-US: @lex CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Fire ...) NOT-FOR-US: TIS CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Go ...) NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...) NOT-FOR-US: Cisco CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...) NOT-FOR-US: Cisco CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote att ...) NOT-FOR-US: Apple Mac OS CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...) NOT-FOR-US: Motionborg Web Real Estate CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays d ...) NOT-FOR-US: F5 CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensi ...) NOT-FOR-US: MKPortal CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by unau ...) NOT-FOR-US: FON La Fonera CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main opera ...) NOT-FOR-US: MKPortal CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allo ...) NOT-FOR-US: MKPortal CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...) NOT-FOR-US: edit-x ecommerce CVE-2007-0189 NOT-FOR-US: GeoBB CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access re ...) NOT-FOR-US: F5 CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to acces ...) NOT-FOR-US: F5 CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) NOT-FOR-US: F5 CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ca ...) NOT-FOR-US: Getahead CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ob ...) NOT-FOR-US: Getahead CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Ser ...) NOT-FOR-US: iPlanet Web CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo stor ...) NOT-FOR-US: Magic photo storage website CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...) NOT-FOR-US: Magic Photo Storage website CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...) NOT-FOR-US: EF Commander CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows r ...) NOT-FOR-US: PHPKIT CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...) NOT-FOR-US: Easy Banner Pro CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWi ...) - mediawiki 1.7.1-6 (bug #406238; medium) NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721 CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...) {DSA-1475-1} - gforge 4.6.99+svn6347-1 (low; bug #406244) [sarge] - gforge (Vulnerable code not present) CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolu ...) {DSA-1568-1} - b2evolution 0.9.2-4 (bug #410568; low) CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...) NOT-FOR-US: Sina UC2006 CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...) NOT-FOR-US: L2J Statistik Script CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3. ...) NOT-FOR-US: AllMyGuest CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5 ...) NOT-FOR-US: AllMyLinks CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...) NOT-FOR-US: AllmyVisitors CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...) NOT-FOR-US: Computer Associates (CA) CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserv ...) NOT-FOR-US: Computer Associates (CA) CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...) NOT-FOR-US: PPC Search CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathname ...) - kfreebsd-5 CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remo ...) NOT-FOR-US: Solaris CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, whic ...) NOT-FOR-US: Camouflage CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in t ...) NOT-FOR-US: Steganography CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permi ...) NOT-FOR-US: Mac OS X CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as u ...) NOT-FOR-US: HP all-in-one drivers CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.c ...) - centericq 4.21.0-17 (low) [sarge] - centericq (Not exploitable with official LiveJournal server) NOTE: The bug really exist but, is not exploitable because the LiveJournal server NOTE: has a length restriction on both the username (15 characters) and the real name NOTE: (50 characters). In my opnion is only exploitable if the user try connect in NOTE: fake LiveJournal server. All version of Debian centericq packages have a NOTE: compromised code. CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - geoip 1.3.17-1.1 (bug #406628; low) [sarge] - geoip (Minor issue) CVE-2007-0158 (thttpd 2007 has buffer underflow. ...) - thttpd CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...) - neon26 0.26.2-3.1 (medium; bug #404723) NOTE: neon25 doesn't have the uri_lookup macro CVE-2007-0156 (M-Core stores the database under the web document root, which allows r ...) NOT-FOR-US: M-Core CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...) NOT-FOR-US: HarikaOnline CVE-2007-0154 (Webulas stores sensitive information under the web root with insuffici ...) NOT-FOR-US: Webulas CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with insuf ...) NOT-FOR-US: AJLogin CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficie ...) NOT-FOR-US: OhhASP CVE-2007-0151 (MitiSoft stores sensitive information under the web root with insuffic ...) NOT-FOR-US: MitiSoft CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in Day ...) NOT-FOR-US: Dayfox CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with i ...) NOT-FOR-US: EMembersPro CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote a ...) NOT-FOR-US: OminiGroup CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an incorre ...) NOT-FOR-US: Cuyahoga CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips C ...) NOT-FOR-US: Fix and Chips CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP N ...) NOT-FOR-US: BinGoPHP CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Q ...) NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...) NOT-FOR-US: NUNE News CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce S ...) NOT-FOR-US: ShopStoreNow CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Li ...) NOT-FOR-US: YALD CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download (Yenion ...) NOT-FOR-US: Kolayindir CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/O ...) NOT-FOR-US: DECnet-Plus CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...) NOT-FOR-US: Formbankserver CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...) NOT-FOR-US: Serene Bach CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...) - drupal 4.7.5-1 NOTE: vendor advisory: http://drupal.org/node/104233 - DRUPAL-SA-2007-001 CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...) NOT-FOR-US: Aratix CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...) NOT-FOR-US: IG Shop CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in iGener ...) NOT-FOR-US: IG Shop CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...) NOT-FOR-US: IG Shop CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...) NOT-FOR-US: JAMWiki CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 al ...) NOT-FOR-US: iG Calendar CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...) NOT-FOR-US: LocazoList CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlie ...) NOT-FOR-US: Digirez CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly vali ...) NOT-FOR-US: Opera CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ex ...) NOT-FOR-US: Opera CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux b ...) NOT-FOR-US: Kaspersky Labs CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...) - drupal 4.7.5-1 (low) CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows rem ...) NOT-FOR-US: Uber Uploader CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4 ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...) NOT-FOR-US: RI Blog CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlie ...) NOT-FOR-US: Acunetix Web Vulnerability Scanner CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 all ...) NOT-FOR-US: EditTag CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...) NOT-FOR-US: EditTag CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 1 ...) NOT-FOR-US: Mac OS CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive informati ...) NOT-FOR-US: Digger Solutions Intranet Open Source (IOS) CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...) NOT-FOR-US: Sun Java System Content Delivery Server CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...) NOT-FOR-US: PacketWise CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...) NOT-FOR-US: createauction CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as u ...) NOT-FOR-US: PocketPC CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Ac ...) NOT-FOR-US: Novell Access Manager CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error m ...) - wordpress 2.0.6-1 (low) NOTE: http://trac.wordpress.org/changeset/4665 CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...) NOT-FOR-US: Novell Client CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure Acc ...) NOT-FOR-US: Cisco CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patc ...) - kdegraphics 4:3.5.5-3 (unimportant) - koffice (unimportant) - poppler 0.4.5-5.1 (unimportant) - xpdf 3.02 (bug #406852; unimportant) - swftools (first version that entered the archive is based on xpdf 3.02) NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering NOTE: such an endless loop the user will simply abort kpdf and never look at NOTE: that file again, this is only denial of service by a _very_ far stretch NOTE: of imagination. I suppose KDE Security only issued an update for it NOTE: because the shared underlying code was part of the Month of Apple Bugs NOTE: and they wanted to debunk claims of code injection. CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat befor ...) NOT-FOR-US: Acrobat Reader CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Prev ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...) NOT-FOR-US: SPINE CVE-2007-0100 (The Perforce client does not restrict the set of files that it overwri ...) NOT-FOR-US: Perforce CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services 3.0 ...) NOT-FOR-US: Microsoft CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 an ...) NOT-FOR-US: VerliAdmin CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) Read ...) NOT-FOR-US: ConeXware PowerArchive CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...) NOT-FOR-US: Carbon Communities CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive informa ...) - phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant) NOTE: Only path disclosure CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...) NOT-FOR-US: Sven Moderow GuestBook CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content Manageme ...) NOT-FOR-US: Simple Web Content Management System CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 al ...) NOT-FOR-US: E-SMARTCART CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with insuf ...) NOT-FOR-US: newsCMSlite CVE-2007-0090 (WineGlass stores sensitive information under the web root with insuffi ...) NOT-FOR-US: WineGlass CVE-2007-0089 (jgbbs stores sensitive information under the web root with insufficien ...) NOT-FOR-US: jgbbs CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...) NOT-FOR-US: openmedia CVE-2007-0087 NOT-FOR-US: Microsoft IIS CVE-2007-0086 - apache (unimportant) - apache2 (unimportant) CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...) NOT-FOR-US: OpenBSD VGA wscons driver CVE-2007-0084 NOT-FOR-US: Windows NT CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...) NOT-FOR-US: Nuked Klan CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ha ...) NOT-FOR-US: IMGallery CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possib ...) NOT-FOR-US: Sunbelt Kerio Personal Firewall CVE-2007-0080 - freeradius (unimportant) NOTE: Data triggering the buffer overflow can only be controlled by root CVE-2007-0079 (rblog stores sensitive information under the web root with insufficien ...) NOT-FOR-US: rblog CVE-2007-0078 (BattleBlog stores sensitive information under the web root with insuff ...) NOT-FOR-US: BattleBlog CVE-2007-0077 (lblog stores sensitive information under the web root with insufficien ...) NOT-FOR-US: lblog CVE-2007-0076 (Openforum stores sensitive information under the web root with insuffi ...) NOT-FOR-US: Openforum CVE-2007-0075 (AspBB stores sensitive information under the web root with insufficien ...) NOT-FOR-US: AspBB CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0. ...) - flashplugin-nonfree 1:1.4 NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change CVE-2007-0070 RESERVED CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, S ...) NOT-FOR-US: Microsoft Windows CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x be ...) NOT-FOR-US: Lotus Domino Server CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, whe ...) NOT-FOR-US: Microsoft Windows CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) Autom ...) NOT-FOR-US: Microsoft Windows CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5 ...) NOT-FOR-US: Windows CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...) - vmware-package 0.16 CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before ...) - vmware-package 0.16 CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...) - vmware-package 0.16 CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...) NOT-FOR-US: CA CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allow ...) NOT-FOR-US: Apple Quicktime CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...) NOT-FOR-US: Cisco CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3 ...) NOT-FOR-US: Cisco CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4. ...) NOT-FOR-US: AShop Deluxe CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Fo ...) NOT-FOR-US: Formbankserver CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Fo ...) NOT-FOR-US: Belchior Foundry vCard PRO CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2 ...) NOT-FOR-US: ASP SiteWare autoDealer CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows r ...) NOT-FOR-US: Vizayn Haber CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ver ...) NOT-FOR-US: Apple iPhoto CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_022007.141.html CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_012007.140.html CVE-2007-0050 NOT-FOR-US: OpenPinboard CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to a ...) NOT-FOR-US: TaskTracker CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin dist ...) NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0 ...) NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before 8. ...) NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat R ...) {DSA-1336-1} NOT-FOR-US: Adobe Acrobat Reader Plugin NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02) NOTE: and icape 1.0.8-1 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Exp ...) NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1. ...) NOT-FOR-US: Microsoft .NET CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1. ...) NOT-FOR-US: Microsoft .NET CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 fo ...) NOT-FOR-US: Microsoft .NET CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Micro ...) NOT-FOR-US: Microsoft CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft W ...) NOT-FOR-US: Microsoft CVE-2007-0037 REJECTED CVE-2007-0036 REJECTED CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) NOT-FOR-US: Microsoft Word CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microso ...) NOT-FOR-US: Microsoft Outlook CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers ...) NOT-FOR-US: Microsoft Outlook CVE-2007-0032 REJECTED CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...) NOT-FOR-US: Microsoft Excel CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...) NOT-FOR-US: Microsoft Excel CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...) NOT-FOR-US: Microsoft Excel CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, an ...) NOT-FOR-US: Microsoft Excel CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...) NOT-FOR-US: Microsoft Excel CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 20 ...) NOT-FOR-US: Microsoft CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...) NOT-FOR-US: Microsoft CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation (v ...) NOT-FOR-US: Microsoft IE CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.a ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X 1 ...) NOT-FOR-US: Apple Mac OS X CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote attacke ...) NOT-FOR-US: Apple iChat CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic Tran ...) NOT-FOR-US: Panic Transmit CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earl ...) NOT-FOR-US: Maxum Rumpus CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX con ...) NOT-FOR-US: NCTAudioFile2 ActiveX control CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler fun ...) {DSA-1252-1} - vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium) CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...) NOT-FOR-US: MoviePlay CVE-2007-XXXX [webcam-server unspecified vulnerability] - webcam-server 0.50-2 CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ex ...) NOT-FOR-US: Apple Quicktime CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...) NOT-FOR-US: ChainKey Java Code Protection CVE-2007-0013 RESERVED CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...) - sun-java5 (unimportant) - sun-java6 (unimportant) - openjdk-6 (unimportant) NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...) NOT-FOR-US: Citrix Access Gateway CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) be ...) {DSA-1256-1} - gtk+2.0 2.8.20-5 CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Se ...) {DSA-1336-1} NOTE: MFSA-2007-06 - iceweasel 2.0.0.2+dfsg-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) - icedove 1.5.0.10.dfsg1-1 [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Ser ...) {DSA-1336-1} NOTE: MFSA-2007-06 - iceweasel 2.0.0.2+dfsg-1 (low) - iceape 1.0.8-1 (low) - xulrunner 1.8.0.10-1 (low) - icedove 1.5.0.10.dfsg1-1 [sarge] - mozilla-firefox (Mozilla products from Sarge no longer supported) [sarge] - mozilla (Mozilla products from Sarge no longer supported) CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary fi ...) - gnucash 2.0.5-1 (bug #411942; medium) CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...) - linux-2.6 2.6.18.dfsg.1-12 CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in th ...) {DSA-1286-1} - linux-2.6 2.6.20-1 CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise Linu ...) NOTE: if security relevant at all, it's 2.4.* only - linux-2.6 (2.4 only) CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers t ...) - pam (Only pam 0.99.7 affected) CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document importer/ ...) {DSA-1270-1 DSA-1268-1} - libwpd 0.8.9-1 NOTE: openoffice.org changelog indicates libwpd is included but not used - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 [etch] - libwpd 0.8.7-6 CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...) - linux-2.6 (Red Hat specific vulnerability)